From sle-container-updates at lists.suse.com Fri May 1 07:07:17 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:07:17 +0200 (CEST) Subject: SUSE-IU-2026:2741-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20260501070717.62AC0FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2741-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.172 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.172 Severity : important Type : security References : 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2026-1965 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 695 Released: Thu Apr 30 17:04:03 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - SL-Micro-release-6.0-25.93 updated - libcurl-mini4-8.14.1-6.1 updated - container:SL-Micro-base-container-2.1.3-7.139 updated From sle-container-updates at lists.suse.com Fri May 1 07:09:25 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:09:25 +0200 (CEST) Subject: SUSE-IU-2026:2742-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20260501070925.A353EFB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2742-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.139 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.139 Severity : important Type : security References : 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2026-1965 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 695 Released: Thu Apr 30 17:04:03 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - SL-Micro-release-6.0-25.93 updated - libcurl-mini4-8.14.1-6.1 updated - curl-8.14.1-6.1 updated - container:suse-toolbox-image-1.0.0-9.105 updated From sle-container-updates at lists.suse.com Fri May 1 07:11:34 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:11:34 +0200 (CEST) Subject: SUSE-IU-2026:2743-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20260501071134.80BB2FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2743-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.155 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.155 Severity : important Type : security References : 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2026-1965 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 695 Released: Thu Apr 30 17:04:03 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - SL-Micro-release-6.0-25.93 updated - libcurl-mini4-8.14.1-6.1 updated - container:SL-Micro-base-container-2.1.3-7.139 updated From sle-container-updates at lists.suse.com Fri May 1 07:13:54 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:13:54 +0200 (CEST) Subject: SUSE-IU-2026:2744-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20260501071354.4FC73FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2744-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.168 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.168 Severity : important Type : security References : 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2026-1965 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 695 Released: Thu Apr 30 17:04:03 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - SL-Micro-release-6.0-25.93 updated - libcurl-mini4-8.14.1-6.1 updated - container:SL-Micro-container-2.1.3-6.172 updated From sle-container-updates at lists.suse.com Fri May 1 07:21:03 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:21:03 +0200 (CEST) Subject: SUSE-CU-2026:4633-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20260501072103.76395F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4633-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.105 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.105 Severity : important Type : security References : 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2026-1965 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 695 Released: Thu Apr 30 17:04:03 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - SL-Micro-release-6.0-25.93 updated - curl-8.14.1-6.1 updated - libcurl-mini4-8.14.1-6.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.92 updated From sle-container-updates at lists.suse.com Fri May 1 07:22:51 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:22:51 +0200 (CEST) Subject: SUSE-IU-2026:2746-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20260501072251.A3276F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2746-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.102 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.102 Severity : important Type : security References : 1253126 1253132 1256780 1257238 1258051 1258183 1258784 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2024-25621 CVE-2025-64329 CVE-2025-71120 CVE-2026-1965 CVE-2026-22999 CVE-2026-23074 CVE-2026-23111 CVE-2026-23209 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 517 Released: Thu Apr 30 16:47:08 2026 Summary: Security update for curl Type: security Severity: important References: 1253126,1253132,1256780,1257238,1258051,1258183,1258784,1259362,1262631,1262632,1262635,1262636,1262638,CVE-2024-25621,CVE-2025-64329,CVE-2025-71120,CVE-2026-1965,CVE-2026-22999,CVE-2026-23074,CVE-2026-23111,CVE-2026-23209,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.12.36 updated - libcurl4-8.14.1-slfo.1.1_7.1 updated - container:SL-Micro-base-container-2.2.1-5.126 updated From sle-container-updates at lists.suse.com Fri May 1 07:24:47 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:24:47 +0200 (CEST) Subject: SUSE-IU-2026:2747-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20260501072447.DBB60F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2747-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.125 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.125 Severity : moderate Type : recommended References : 1239718 1246504 1252025 1253193 1258319 1259706 1259842 1260078 1260082 CVE-2026-4437 CVE-2026-4438 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 516 Released: Thu Apr 30 10:41:59 2026 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1239718,1246504,1252025,1253193,1258319,1259706,1259842,1260078,1260082,CVE-2026-4437,CVE-2026-4438 This update for libzypp, zypper fixes the following issues: Changes in libzypp: - Update to version 17.38.7: * Fix purge-kernel -rc kernel handling (bsc#1239718) * Explicitly_set_pool_DISTTYPE_RPM - Update to version 17.38.6: * Check for trusted key updates when updating the general keyring (bsc#1259706) * Support multiple MirroredOrigin authorities (bsc#1253193) * Workaround a doxygen bug * libzypp.spec: Add missing graphviz-gd BuildRequires (bsc#1259842) Changes in zypper: - Update to version 1.14.96: - Autorefresh ris-services the way as plugin-services (bsc#1246504) It's actually wrong to treat service refreshes different depending on the service type. For the purpose of a service it makes no difference how the data about the repos to use are acquired. The following package changes have been done: - libzypp-17.38.7-slfo.1.1_1.1 updated - zypper-1.14.96-slfo.1.1_1.1 updated - container:suse-toolbox-image-1.0.0-5.49 updated From sle-container-updates at lists.suse.com Fri May 1 07:24:49 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:24:49 +0200 (CEST) Subject: SUSE-IU-2026:2748-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20260501072449.25999FCCC@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2748-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.126 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.126 Severity : important Type : security References : 1253126 1253132 1256780 1257238 1258051 1258183 1258784 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2024-25621 CVE-2025-64329 CVE-2025-71120 CVE-2026-1965 CVE-2026-22999 CVE-2026-23074 CVE-2026-23111 CVE-2026-23209 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 517 Released: Thu Apr 30 16:47:08 2026 Summary: Security update for curl Type: security Severity: important References: 1253126,1253132,1256780,1257238,1258051,1258183,1258784,1259362,1262631,1262632,1262635,1262636,1262638,CVE-2024-25621,CVE-2025-64329,CVE-2025-71120,CVE-2026-1965,CVE-2026-22999,CVE-2026-23074,CVE-2026-23111,CVE-2026-23209,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.12.36 updated - libcurl4-8.14.1-slfo.1.1_7.1 updated - curl-8.14.1-slfo.1.1_7.1 updated - container:suse-toolbox-image-1.0.0-5.50 updated From sle-container-updates at lists.suse.com Fri May 1 07:26:55 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:26:55 +0200 (CEST) Subject: SUSE-IU-2026:2750-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20260501072655.0D905F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2750-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.127 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.127 Severity : important Type : security References : 1253126 1253132 1256780 1257238 1258051 1258183 1258784 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2024-25621 CVE-2025-64329 CVE-2025-71120 CVE-2026-1965 CVE-2026-22999 CVE-2026-23074 CVE-2026-23111 CVE-2026-23209 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 517 Released: Thu Apr 30 16:47:08 2026 Summary: Security update for curl Type: security Severity: important References: 1253126,1253132,1256780,1257238,1258051,1258183,1258784,1259362,1262631,1262632,1262635,1262636,1262638,CVE-2024-25621,CVE-2025-64329,CVE-2025-71120,CVE-2026-1965,CVE-2026-22999,CVE-2026-23074,CVE-2026-23111,CVE-2026-23209,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.12.36 updated - libcurl4-8.14.1-slfo.1.1_7.1 updated - container:SL-Micro-base-container-2.2.1-5.126 updated From sle-container-updates at lists.suse.com Fri May 1 07:29:04 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:29:04 +0200 (CEST) Subject: SUSE-IU-2026:2752-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20260501072904.3D865F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2752-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.116 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.116 Severity : important Type : security References : 1253126 1253132 1256780 1257238 1258051 1258183 1258784 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2024-25621 CVE-2025-64329 CVE-2025-71120 CVE-2026-1965 CVE-2026-22999 CVE-2026-23074 CVE-2026-23111 CVE-2026-23209 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 517 Released: Thu Apr 30 16:47:08 2026 Summary: Security update for curl Type: security Severity: important References: 1253126,1253132,1256780,1257238,1258051,1258183,1258784,1259362,1262631,1262632,1262635,1262636,1262638,CVE-2024-25621,CVE-2025-64329,CVE-2025-71120,CVE-2026-1965,CVE-2026-22999,CVE-2026-23074,CVE-2026-23111,CVE-2026-23209,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.12.36 updated - libcurl4-8.14.1-slfo.1.1_7.1 updated - container:SL-Micro-container-2.2.1-7.102 updated From sle-container-updates at lists.suse.com Fri May 1 07:58:20 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 May 2026 09:58:20 +0200 (CEST) Subject: SUSE-CU-2026:4650-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20260501075820.F1358F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4650-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.279 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.279 Severity : moderate Type : security References : 1262144 CVE-2026-5958 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1659-1 Released: Wed Apr 29 13:09:06 2026 Summary: Security update for sed Type: security Severity: moderate References: 1262144,CVE-2026-5958 This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). The following package changes have been done: - sed-4.4-150300.13.6.1 updated From sle-container-updates at lists.suse.com Sat May 2 07:09:11 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 May 2026 09:09:11 +0200 (CEST) Subject: SUSE-IU-2026:2757-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20260502070911.1FE4AFB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2757-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.140 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.140 Severity : important Type : security References : 1262573 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-368 Released: Sat May 2 01:16:53 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). The following package changes have been done: - kernel-default-6.4.0-42.1 updated From sle-container-updates at lists.suse.com Sat May 2 07:11:18 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 May 2026 09:11:18 +0200 (CEST) Subject: SUSE-IU-2026:2758-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20260502071118.4C53DFB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2758-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.156 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.156 Severity : important Type : security References : 1262573 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-368 Released: Sat May 2 01:16:53 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). The following package changes have been done: - kernel-default-base-6.4.0-42.1.21.19 updated - container:SL-Micro-base-container-2.1.3-7.140 updated From sle-container-updates at lists.suse.com Sat May 2 07:23:27 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 May 2026 09:23:27 +0200 (CEST) Subject: SUSE-IU-2026:2761-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20260502072327.51168F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2761-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.127 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.127 Severity : important Type : security References : 1262573 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-368 Released: Sat May 2 01:16:53 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). The following package changes have been done: - kernel-default-6.4.0-42.1 updated From sle-container-updates at lists.suse.com Sat May 2 07:25:33 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 May 2026 09:25:33 +0200 (CEST) Subject: SUSE-IU-2026:2762-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20260502072533.34F17F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2762-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.128 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.128 Severity : important Type : security References : 1262573 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-368 Released: Sat May 2 01:16:53 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). The following package changes have been done: - kernel-default-base-6.4.0-42.1.21.19 updated - container:SL-Micro-base-container-2.2.1-5.127 updated From sle-container-updates at lists.suse.com Tue May 5 07:06:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 May 2026 09:06:38 +0200 (CEST) Subject: SUSE-IU-2026:2764-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260505070638.AC4D2FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2764-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.270 , suse/sle-micro/base-5.5:latest Image Release : 5.8.270 Severity : important Type : security References : 1262573 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1670-1 Released: Sat May 2 07:53:26 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). The following package changes have been done: - kernel-default-5.14.21-150500.55.149.1 updated From sle-container-updates at lists.suse.com Tue May 5 07:08:23 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 May 2026 09:08:23 +0200 (CEST) Subject: SUSE-IU-2026:2765-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260505070824.03DA9FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2765-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.520 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.520 Severity : important Type : security References : 1262573 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1670-1 Released: Sat May 2 07:53:26 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). The following package changes have been done: - kernel-default-base-5.14.21-150500.55.149.1.150500.6.73.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.270 updated From sle-container-updates at lists.suse.com Tue May 5 07:10:47 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 May 2026 09:10:47 +0200 (CEST) Subject: SUSE-IU-2026:2766-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20260505071047.21130FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2766-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.580 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.580 Severity : important Type : security References : 1262573 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1676-1 Released: Sat May 2 09:19:33 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). The following package changes have been done: - kernel-rt-5.14.21-150500.13.130.1 updated From sle-container-updates at lists.suse.com Tue May 5 07:14:56 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 May 2026 09:14:56 +0200 (CEST) Subject: SUSE-IU-2026:2767-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20260505071456.5E618F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2767-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.170 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.170 Severity : important Type : security References : 1262573 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-370 Released: Sat May 2 12:03:34 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Micro 6.0 and 6.1 RT kernel was updated to fix one security issue. The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) The following package changes have been done: - kernel-rt-6.4.0-42.1 updated From sle-container-updates at lists.suse.com Tue May 5 07:19:42 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 May 2026 09:19:42 +0200 (CEST) Subject: SUSE-IU-2026:2768-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20260505071942.7F489F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2768-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.118 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.118 Severity : important Type : security References : 1262573 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-370 Released: Sat May 2 12:03:34 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Micro 6.0 and 6.1 RT kernel was updated to fix one security issue. The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) The following package changes have been done: - kernel-rt-6.4.0-42.1 updated From sle-container-updates at lists.suse.com Tue May 5 07:29:18 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 May 2026 09:29:18 +0200 (CEST) Subject: SUSE-IU-2026:2775-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260505072918.D531DF79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2775-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.117 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.117 Severity : moderate Type : security References : 1260876 1262573 CVE-2026-31431 CVE-2026-34073 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 666 Released: Tue Apr 14 09:57:50 2026 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1260876,1262573,CVE-2026-31431,CVE-2026-34073 This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) The following package changes have been done: - kernel-default-base-6.12.0-160000.29.1.160000.2.9 updated From sle-container-updates at lists.suse.com Tue May 5 07:32:01 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 5 May 2026 09:32:01 +0200 (CEST) Subject: SUSE-IU-2026:2781-1: Security update of suse/sl-micro/6.2/rt-os-container Message-ID: <20260505073201.7787DF79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2781-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.156 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 6.156 Severity : moderate Type : security References : 1260876 1262573 CVE-2026-31431 CVE-2026-34073 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 666 Released: Tue Apr 14 09:57:50 2026 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1260876,1262573,CVE-2026-31431,CVE-2026-34073 This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) The following package changes have been done: - kernel-rt-6.12.0-160000.29.1 updated From sle-container-updates at lists.suse.com Thu May 7 07:07:22 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:07:22 +0200 (CEST) Subject: SUSE-IU-2026:2939-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260507070722.CA87EFB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2939-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.271 , suse/sle-micro/base-5.5:latest Image Release : 5.8.271 Severity : important Type : security References : 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2026-1965 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - libcurl4-8.14.1-150400.5.83.1 updated - curl-8.14.1-150400.5.83.1 updated From sle-container-updates at lists.suse.com Thu May 7 07:09:51 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:09:51 +0200 (CEST) Subject: SUSE-IU-2026:2940-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260507070951.9C847FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2940-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.522 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.522 Severity : important Type : security References : 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2026-1965 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - libcurl4-8.14.1-150400.5.83.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.271 updated From sle-container-updates at lists.suse.com Thu May 7 07:15:33 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:15:33 +0200 (CEST) Subject: SUSE-CU-2026:4691-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20260507071533.0C702F79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4691-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-baremetal , rancher/elemental-channel/sl-micro:6.0-baremetal-12.1 Container Release : 12.1 Severity : important Type : security References : 1192869 1217580 1217584 1217585 1241661 1246965 1253245 1256766 1256822 1257005 1258163 1258167 1258663 1259681 1259682 1259687 1260078 1260082 1261726 1261728 1261734 1262216 1262288 CVE-2021-42380 CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2025-15281 CVE-2025-46394 CVE-2025-60876 CVE-2025-8058 CVE-2026-0861 CVE-2026-0915 CVE-2026-21620 CVE-2026-23941 CVE-2026-23942 CVE-2026-23943 CVE-2026-26157 CVE-2026-26158 CVE-2026-28808 CVE-2026-28810 CVE-2026-32144 CVE-2026-40706 CVE-2026-4437 CVE-2026-4438 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 597 Released: Thu Feb 26 12:33:53 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 619 Released: Thu Mar 12 18:27:13 2026 Summary: Security update for busybox Type: security Severity: important References: 1192869,1217580,1217584,1217585,1241661,1253245,1258163,1258167,1258663,1259681,1259682,1259687,1261726,1261728,1261734,1262288,CVE-2021-42380,CVE-2023-42363,CVE-2023-42364,CVE-2023-42365,CVE-2025-46394,CVE-2025-60876,CVE-2026-21620,CVE-2026-23941,CVE-2026-23942,CVE-2026-23943,CVE-2026-26157,CVE-2026-26158,CVE-2026-28808,CVE-2026-28810,CVE-2026-32144 This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580). - CVE-2023-42364: use-after-free in the awk.c evaluate function (bsc#1217584). - CVE-2023-42365: use-after-free in the awk.c copyvar function (bsc#1217585). - CVE-2025-46394: files in a TAR archive can have their filenames hidden from a listing if terminal escape sequences are used when naming other files included in the archive (bsc#1241661). - CVE-2025-60876: request line incorrectly neutralized mat lead to header injection (bsc#1253245). - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization (bsc#1258163). - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries (bsc#1258167). - CVE-2021-42380: Additional fix for use-after-realloc in awk (bsc#1192869). ----------------------------------------------------------------- Advisory ID: 659 Released: Thu Apr 9 13:02:01 2026 Summary: Security update for glibc Type: security Severity: important References: 1260078,1260082,1262216,CVE-2026-40706,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). The following package changes have been done: - glibc-2.38-12.1 updated - busybox-1.36.1-3.1 updated - container:suse-toolbox-image-1.0.0-9.105 updated From sle-container-updates at lists.suse.com Thu May 7 07:15:41 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:15:41 +0200 (CEST) Subject: SUSE-CU-2026:4692-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20260507071541.5507DF79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4692-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-base , rancher/elemental-channel/sl-micro:6.0-base-12.1 Container Release : 12.1 Severity : important Type : security References : 1192869 1217580 1217584 1217585 1241661 1246965 1253245 1256766 1256822 1257005 1258163 1258167 1258663 1259681 1259682 1259687 1260078 1260082 1261726 1261728 1261734 1262216 1262288 CVE-2021-42380 CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2025-15281 CVE-2025-46394 CVE-2025-60876 CVE-2025-8058 CVE-2026-0861 CVE-2026-0915 CVE-2026-21620 CVE-2026-23941 CVE-2026-23942 CVE-2026-23943 CVE-2026-26157 CVE-2026-26158 CVE-2026-28808 CVE-2026-28810 CVE-2026-32144 CVE-2026-40706 CVE-2026-4437 CVE-2026-4438 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 597 Released: Thu Feb 26 12:33:53 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 619 Released: Thu Mar 12 18:27:13 2026 Summary: Security update for busybox Type: security Severity: important References: 1192869,1217580,1217584,1217585,1241661,1253245,1258163,1258167,1258663,1259681,1259682,1259687,1261726,1261728,1261734,1262288,CVE-2021-42380,CVE-2023-42363,CVE-2023-42364,CVE-2023-42365,CVE-2025-46394,CVE-2025-60876,CVE-2026-21620,CVE-2026-23941,CVE-2026-23942,CVE-2026-23943,CVE-2026-26157,CVE-2026-26158,CVE-2026-28808,CVE-2026-28810,CVE-2026-32144 This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580). - CVE-2023-42364: use-after-free in the awk.c evaluate function (bsc#1217584). - CVE-2023-42365: use-after-free in the awk.c copyvar function (bsc#1217585). - CVE-2025-46394: files in a TAR archive can have their filenames hidden from a listing if terminal escape sequences are used when naming other files included in the archive (bsc#1241661). - CVE-2025-60876: request line incorrectly neutralized mat lead to header injection (bsc#1253245). - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization (bsc#1258163). - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries (bsc#1258167). - CVE-2021-42380: Additional fix for use-after-realloc in awk (bsc#1192869). ----------------------------------------------------------------- Advisory ID: 659 Released: Thu Apr 9 13:02:01 2026 Summary: Security update for glibc Type: security Severity: important References: 1260078,1260082,1262216,CVE-2026-40706,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). The following package changes have been done: - glibc-2.38-12.1 updated - busybox-1.36.1-3.1 updated - container:suse-toolbox-image-1.0.0-9.105 updated From sle-container-updates at lists.suse.com Thu May 7 07:15:49 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:15:49 +0200 (CEST) Subject: SUSE-CU-2026:4693-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20260507071549.685D1F79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4693-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-kvm , rancher/elemental-channel/sl-micro:6.0-kvm-12.1 Container Release : 12.1 Severity : important Type : security References : 1192869 1217580 1217584 1217585 1241661 1246965 1253245 1256766 1256822 1257005 1258163 1258167 1258663 1259681 1259682 1259687 1260078 1260082 1261726 1261728 1261734 1262216 1262288 CVE-2021-42380 CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2025-15281 CVE-2025-46394 CVE-2025-60876 CVE-2025-8058 CVE-2026-0861 CVE-2026-0915 CVE-2026-21620 CVE-2026-23941 CVE-2026-23942 CVE-2026-23943 CVE-2026-26157 CVE-2026-26158 CVE-2026-28808 CVE-2026-28810 CVE-2026-32144 CVE-2026-40706 CVE-2026-4437 CVE-2026-4438 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 597 Released: Thu Feb 26 12:33:53 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 619 Released: Thu Mar 12 18:27:13 2026 Summary: Security update for busybox Type: security Severity: important References: 1192869,1217580,1217584,1217585,1241661,1253245,1258163,1258167,1258663,1259681,1259682,1259687,1261726,1261728,1261734,1262288,CVE-2021-42380,CVE-2023-42363,CVE-2023-42364,CVE-2023-42365,CVE-2025-46394,CVE-2025-60876,CVE-2026-21620,CVE-2026-23941,CVE-2026-23942,CVE-2026-23943,CVE-2026-26157,CVE-2026-26158,CVE-2026-28808,CVE-2026-28810,CVE-2026-32144 This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580). - CVE-2023-42364: use-after-free in the awk.c evaluate function (bsc#1217584). - CVE-2023-42365: use-after-free in the awk.c copyvar function (bsc#1217585). - CVE-2025-46394: files in a TAR archive can have their filenames hidden from a listing if terminal escape sequences are used when naming other files included in the archive (bsc#1241661). - CVE-2025-60876: request line incorrectly neutralized mat lead to header injection (bsc#1253245). - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization (bsc#1258163). - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries (bsc#1258167). - CVE-2021-42380: Additional fix for use-after-realloc in awk (bsc#1192869). ----------------------------------------------------------------- Advisory ID: 659 Released: Thu Apr 9 13:02:01 2026 Summary: Security update for glibc Type: security Severity: important References: 1260078,1260082,1262216,CVE-2026-40706,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). The following package changes have been done: - glibc-2.38-12.1 updated - busybox-1.36.1-3.1 updated - container:suse-toolbox-image-1.0.0-9.105 updated From sle-container-updates at lists.suse.com Thu May 7 07:15:57 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:15:57 +0200 (CEST) Subject: SUSE-CU-2026:4694-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20260507071557.7ED99F79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4694-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-rt , rancher/elemental-channel/sl-micro:6.0-rt-12.1 Container Release : 12.1 Severity : important Type : security References : 1192869 1217580 1217584 1217585 1241661 1246965 1253245 1256766 1256822 1257005 1258163 1258167 1258663 1259681 1259682 1259687 1260078 1260082 1261726 1261728 1261734 1262216 1262288 CVE-2021-42380 CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2025-15281 CVE-2025-46394 CVE-2025-60876 CVE-2025-8058 CVE-2026-0861 CVE-2026-0915 CVE-2026-21620 CVE-2026-23941 CVE-2026-23942 CVE-2026-23943 CVE-2026-26157 CVE-2026-26158 CVE-2026-28808 CVE-2026-28810 CVE-2026-32144 CVE-2026-40706 CVE-2026-4437 CVE-2026-4438 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 597 Released: Thu Feb 26 12:33:53 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 619 Released: Thu Mar 12 18:27:13 2026 Summary: Security update for busybox Type: security Severity: important References: 1192869,1217580,1217584,1217585,1241661,1253245,1258163,1258167,1258663,1259681,1259682,1259687,1261726,1261728,1261734,1262288,CVE-2021-42380,CVE-2023-42363,CVE-2023-42364,CVE-2023-42365,CVE-2025-46394,CVE-2025-60876,CVE-2026-21620,CVE-2026-23941,CVE-2026-23942,CVE-2026-23943,CVE-2026-26157,CVE-2026-26158,CVE-2026-28808,CVE-2026-28810,CVE-2026-32144 This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580). - CVE-2023-42364: use-after-free in the awk.c evaluate function (bsc#1217584). - CVE-2023-42365: use-after-free in the awk.c copyvar function (bsc#1217585). - CVE-2025-46394: files in a TAR archive can have their filenames hidden from a listing if terminal escape sequences are used when naming other files included in the archive (bsc#1241661). - CVE-2025-60876: request line incorrectly neutralized mat lead to header injection (bsc#1253245). - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization (bsc#1258163). - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries (bsc#1258167). - CVE-2021-42380: Additional fix for use-after-realloc in awk (bsc#1192869). ----------------------------------------------------------------- Advisory ID: 659 Released: Thu Apr 9 13:02:01 2026 Summary: Security update for glibc Type: security Severity: important References: 1260078,1260082,1262216,CVE-2026-40706,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). The following package changes have been done: - glibc-2.38-12.1 updated - busybox-1.36.1-3.1 updated - container:suse-toolbox-image-1.0.0-9.105 updated From sle-container-updates at lists.suse.com Thu May 7 07:16:04 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:16:04 +0200 (CEST) Subject: SUSE-CU-2026:4695-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20260507071604.8A955F79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4695-1 Container Tags : rancher/elemental-channel/sl-micro:6.1-baremetal , rancher/elemental-channel/sl-micro:6.1-baremetal-12.1 Container Release : 12.1 Severity : important Type : security References : 1240385 1243581 1244933 1246602 1246965 1248410 1248687 1256766 1256822 1257005 1258229 1258637 1259051 1260078 1260082 142461 544339 CVE-2025-15281 CVE-2025-46836 CVE-2025-53906 CVE-2025-8058 CVE-2026-0861 CVE-2026-0915 CVE-2026-26269 CVE-2026-26996 CVE-2026-28417 CVE-2026-4437 CVE-2026-4438 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 417 Released: Mon Mar 2 15:52:11 2026 Summary: Security update for glibc Type: security Severity: important References: 1240385,1244933,1246602,1246965,1256766,1256822,1257005,1258229,1259051,CVE-2025-15281,CVE-2025-53906,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915,CVE-2026-26269,CVE-2026-28417 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 478 Released: Thu Apr 9 13:38:10 2026 Summary: Security update for glibc Type: security Severity: important References: 1243581,1248410,1248687,1258637,1260078,1260082,142461,544339,CVE-2025-46836,CVE-2026-26996,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). The following package changes have been done: - glibc-2.38-slfo.1.1_7.1 updated - container:suse-toolbox-image-1.0.0-5.50 updated From sle-container-updates at lists.suse.com Thu May 7 07:16:10 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:16:10 +0200 (CEST) Subject: SUSE-CU-2026:4696-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20260507071610.45232F79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4696-1 Container Tags : rancher/elemental-channel/sl-micro:6.1-base , rancher/elemental-channel/sl-micro:6.1-base-12.1 Container Release : 12.1 Severity : important Type : security References : 1240385 1243581 1244933 1246602 1246965 1248410 1248687 1256766 1256822 1257005 1258229 1258637 1259051 1260078 1260082 142461 544339 CVE-2025-15281 CVE-2025-46836 CVE-2025-53906 CVE-2025-8058 CVE-2026-0861 CVE-2026-0915 CVE-2026-26269 CVE-2026-26996 CVE-2026-28417 CVE-2026-4437 CVE-2026-4438 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 417 Released: Mon Mar 2 15:52:11 2026 Summary: Security update for glibc Type: security Severity: important References: 1240385,1244933,1246602,1246965,1256766,1256822,1257005,1258229,1259051,CVE-2025-15281,CVE-2025-53906,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915,CVE-2026-26269,CVE-2026-28417 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 478 Released: Thu Apr 9 13:38:10 2026 Summary: Security update for glibc Type: security Severity: important References: 1243581,1248410,1248687,1258637,1260078,1260082,142461,544339,CVE-2025-46836,CVE-2026-26996,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). The following package changes have been done: - glibc-2.38-slfo.1.1_7.1 updated - container:suse-toolbox-image-1.0.0-5.50 updated From sle-container-updates at lists.suse.com Thu May 7 07:16:16 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:16:16 +0200 (CEST) Subject: SUSE-CU-2026:4697-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20260507071616.21F8FF79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4697-1 Container Tags : rancher/elemental-channel/sl-micro:6.1-kvm , rancher/elemental-channel/sl-micro:6.1-kvm-12.1 Container Release : 12.1 Severity : important Type : security References : 1240385 1243581 1244933 1246602 1246965 1248410 1248687 1256766 1256822 1257005 1258229 1258637 1259051 1260078 1260082 142461 544339 CVE-2025-15281 CVE-2025-46836 CVE-2025-53906 CVE-2025-8058 CVE-2026-0861 CVE-2026-0915 CVE-2026-26269 CVE-2026-26996 CVE-2026-28417 CVE-2026-4437 CVE-2026-4438 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 417 Released: Mon Mar 2 15:52:11 2026 Summary: Security update for glibc Type: security Severity: important References: 1240385,1244933,1246602,1246965,1256766,1256822,1257005,1258229,1259051,CVE-2025-15281,CVE-2025-53906,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915,CVE-2026-26269,CVE-2026-28417 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 478 Released: Thu Apr 9 13:38:10 2026 Summary: Security update for glibc Type: security Severity: important References: 1243581,1248410,1248687,1258637,1260078,1260082,142461,544339,CVE-2025-46836,CVE-2026-26996,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). The following package changes have been done: - glibc-2.38-slfo.1.1_7.1 updated - container:suse-toolbox-image-1.0.0-5.50 updated From sle-container-updates at lists.suse.com Thu May 7 07:16:21 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:16:21 +0200 (CEST) Subject: SUSE-CU-2026:4698-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20260507071621.3F8F0F79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4698-1 Container Tags : rancher/elemental-channel/sl-micro:6.1-rt , rancher/elemental-channel/sl-micro:6.1-rt-12.1 Container Release : 12.1 Severity : important Type : security References : 1240385 1243581 1244933 1246602 1246965 1248410 1248687 1256766 1256822 1257005 1258229 1258637 1259051 1260078 1260082 142461 544339 CVE-2025-15281 CVE-2025-46836 CVE-2025-53906 CVE-2025-8058 CVE-2026-0861 CVE-2026-0915 CVE-2026-26269 CVE-2026-26996 CVE-2026-28417 CVE-2026-4437 CVE-2026-4438 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 417 Released: Mon Mar 2 15:52:11 2026 Summary: Security update for glibc Type: security Severity: important References: 1240385,1244933,1246602,1246965,1256766,1256822,1257005,1258229,1259051,CVE-2025-15281,CVE-2025-53906,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915,CVE-2026-26269,CVE-2026-28417 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 478 Released: Thu Apr 9 13:38:10 2026 Summary: Security update for glibc Type: security Severity: important References: 1243581,1248410,1248687,1258637,1260078,1260082,142461,544339,CVE-2025-46836,CVE-2026-26996,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). The following package changes have been done: - glibc-2.38-slfo.1.1_7.1 updated - container:suse-toolbox-image-1.0.0-5.50 updated From sle-container-updates at lists.suse.com Thu May 7 07:17:01 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:17:01 +0200 (CEST) Subject: SUSE-CU-2026:4704-1: Security update of rancher/elemental-operator Message-ID: <20260507071701.DA6B1F79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4704-1 Container Tags : rancher/elemental-operator:1.6.10 , rancher/elemental-operator:1.6.10-9.48 Container Release : 9.48 Severity : important Type : security References : 1238724 1246965 1249147 1250410 1251213 1256766 1256822 1256876 1256878 1256880 1257005 1257111 1258002 1259271 1259924 1260078 1260082 1261809 1262216 CVE-2025-11187 CVE-2025-15281 CVE-2025-15467 CVE-2025-15468 CVE-2025-69720 CVE-2025-8058 CVE-2025-9230 CVE-2026-0861 CVE-2026-0915 CVE-2026-40706 CVE-2026-4437 CVE-2026-4438 CVE-2026-4878 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 597 Released: Thu Feb 26 12:33:53 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 604 Released: Wed Mar 4 09:37:59 2026 Summary: Security update for ca-certificates-mozilla Type: security Severity: moderate References: 1238724,1249147,1251213,1257111,1258002 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.84 state of Mozilla SSL root CAs (bsc#1258002) - Removed: - Baltimore CyberTrust Root - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - DigiNotar Root CA - Added: - e-Szigno TLS Root CA 2023 - OISTE Client Root ECC G1 - OISTE Client Root RSA G1 - OISTE Server Root ECC G1 - OISTE Server Root RSA G1 - SwissSign RSA SMIME Root CA 2022 - 1 - SwissSign RSA TLS Root CA 2022 - 1 - TrustAsia SMIME ECC Root CA - TrustAsia SMIME RSA Root CA - TrustAsia TLS ECC Root CA - TrustAsia TLS RSA Root CA ----------------------------------------------------------------- Advisory ID: 659 Released: Thu Apr 9 13:02:01 2026 Summary: Security update for glibc Type: security Severity: important References: 1260078,1260082,1262216,CVE-2026-40706,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ----------------------------------------------------------------- Advisory ID: 675 Released: Mon Apr 20 14:43:53 2026 Summary: Security update for libcap Type: security Severity: important References: 1250410,1256876,1256878,1256880,1259271,1261809,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-9230,CVE-2026-4878 This update for libcap fixes the following issues: - CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in `cap_set_file()` (bsc#1261809). ----------------------------------------------------------------- Advisory ID: 681 Released: Tue Apr 21 10:57:05 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). The following package changes have been done: - compat-usrmerge-tools-84.87-3.1 added - elemental-operator-1.6.10-1.1 added - system-user-root-20190513-2.208 added - filesystem-84.87-5.2 added - glibc-2.38-12.1 added - libtasn1-6-4.19.0-5.1 added - libpcre2-8-0-10.42-2.179 added - libgmp10-6.3.0-1.119 added - libgcc_s1-13.3.0+git8781-2.1 added - libffi8-3.4.4-3.1 added - libcap2-2.69-3.1 added - libattr1-2.5.1-3.1 added - libacl1-2.3.1-3.1 added - libselinux1-3.5-3.1 added - libstdc++6-13.3.0+git8781-2.1 added - libp11-kit0-0.25.3-1.6 added - libncurses6-6.4.20240224-11.1 added - terminfo-base-6.4.20240224-11.1 added - p11-kit-0.25.3-1.6 added - p11-kit-tools-0.25.3-1.6 added - libreadline8-8.2-2.180 added - bash-5.2.15-3.1 added - bash-sh-5.2.15-3.1 added - coreutils-9.4-5.1 added - ca-certificates-2+git20230406.2dae8b7-3.1 added - ca-certificates-mozilla-2.84-1.1 added - container:suse-toolbox-image-1.0.0-9.105 added - container:bci-bci-base-16.0-6dac57506c189189476aff26919b9d9bd02d27b746266a8ef6fcadfa1d47a922-0 removed From sle-container-updates at lists.suse.com Thu May 7 07:17:03 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:17:03 +0200 (CEST) Subject: SUSE-CU-2026:4705-1: Security update of rancher/elemental-operator Message-ID: <20260507071703.E1A5CF79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4705-1 Container Tags : rancher/elemental-operator:1.7.4 , rancher/elemental-operator:1.7.4-4.52 Container Release : 4.52 Severity : important Type : security References : 1240385 1243581 1244933 1246602 1246965 1248410 1248687 1249584 1256459 1256766 1256822 1257005 1258002 1258229 1258637 1259051 1259924 1260078 1260082 1261809 142461 544339 CVE-2021-21411 CVE-2024-44906 CVE-2025-15281 CVE-2025-44779 CVE-2025-46836 CVE-2025-47907 CVE-2025-50738 CVE-2025-53534 CVE-2025-53906 CVE-2025-53942 CVE-2025-54386 CVE-2025-54388 CVE-2025-54410 CVE-2025-54424 CVE-2025-54576 CVE-2025-54799 CVE-2025-54801 CVE-2025-54996 CVE-2025-54997 CVE-2025-54998 CVE-2025-54999 CVE-2025-55000 CVE-2025-55001 CVE-2025-55003 CVE-2025-59375 CVE-2025-5999 CVE-2025-6000 CVE-2025-6004 CVE-2025-6011 CVE-2025-6013 CVE-2025-6014 CVE-2025-6015 CVE-2025-6037 CVE-2025-69720 CVE-2025-7195 CVE-2025-8058 CVE-2025-8341 CVE-2026-0861 CVE-2026-0915 CVE-2026-22693 CVE-2026-26269 CVE-2026-26996 CVE-2026-28417 CVE-2026-4437 CVE-2026-4438 CVE-2026-4878 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 417 Released: Mon Mar 2 15:52:11 2026 Summary: Security update for glibc Type: security Severity: important References: 1240385,1244933,1246602,1246965,1256766,1256822,1257005,1258229,1259051,CVE-2025-15281,CVE-2025-53906,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915,CVE-2026-26269,CVE-2026-28417 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 423 Released: Wed Mar 4 10:35:51 2026 Summary: Security update for ca-certificates-mozilla Type: security Severity: moderate References: 1256459,1258002,CVE-2021-21411,CVE-2024-44906,CVE-2025-44779,CVE-2025-47907,CVE-2025-50738,CVE-2025-53534,CVE-2025-53942,CVE-2025-54386,CVE-2025-54388,CVE-2025-54410,CVE-2025-54424,CVE-2025-54576,CVE-2025-54799,CVE-2025-54801,CVE-2025-54996,CVE-2025-54997,CVE-2025-54998,CVE-2025-54999,CVE-2025-55000,CVE-2025-55001,CVE-2025-55003,CVE-2025-5999,CVE-2025-6000,CVE-2025-6004,CVE-2025-6011,CVE-2025-6013,CVE-2025-6014,CVE-2025-6015,CVE-2025-6037,CVE-2025-7195,CVE-2025-8341,CVE-2026-22693 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.84 state of Mozilla SSL root CAs (bsc#1258002) - Removed: - Baltimore CyberTrust Root - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - DigiNotar Root CA - Added: - e-Szigno TLS Root CA 2023 - OISTE Client Root ECC G1 - OISTE Client Root RSA G1 - OISTE Server Root ECC G1 - OISTE Server Root RSA G1 - SwissSign RSA SMIME Root CA 2022 - 1 - SwissSign RSA TLS Root CA 2022 - 1 - TrustAsia SMIME ECC Root CA - TrustAsia SMIME RSA Root CA - TrustAsia TLS ECC Root CA - TrustAsia TLS RSA Root CA ----------------------------------------------------------------- Advisory ID: 478 Released: Thu Apr 9 13:38:10 2026 Summary: Security update for glibc Type: security Severity: important References: 1243581,1248410,1248687,1258637,1260078,1260082,142461,544339,CVE-2025-46836,CVE-2026-26996,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ----------------------------------------------------------------- Advisory ID: 494 Released: Mon Apr 20 19:04:13 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in `cap_set_file()` (bsc#1261809). ----------------------------------------------------------------- Advisory ID: 500 Released: Tue Apr 21 10:29:18 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1249584,1259924,CVE-2025-59375,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). The following package changes have been done: - compat-usrmerge-tools-84.87-slfo.1.1_1.5 updated - elemental-operator-1.7.4-slfo.1.1_1.1 updated - system-user-root-20190513-slfo.1.1_1.2 updated - filesystem-84.87-slfo.1.1_1.2 updated - glibc-2.38-slfo.1.1_7.1 updated - libtasn1-6-4.19.0-slfo.1.1_3.1 updated - libpcre2-8-0-10.42-slfo.1.1_1.4 updated - libgmp10-6.3.0-slfo.1.1_1.5 updated - libgcc_s1-14.3.0+git11799-slfo.1.1_1.1 updated - libffi8-3.4.6-slfo.1.1_1.4 updated - libcap2-2.69-slfo.1.1_2.1 updated - libattr1-2.5.1-slfo.1.1_1.3 updated - libacl1-2.3.1-slfo.1.1_1.3 updated - libselinux1-3.5-slfo.1.1_1.3 updated - libstdc++6-14.3.0+git11799-slfo.1.1_1.1 updated - libp11-kit0-0.25.3-slfo.1.1_1.2 updated - libncurses6-6.4.20240224-slfo.1.1_2.1 updated - terminfo-base-6.4.20240224-slfo.1.1_2.1 updated - p11-kit-0.25.3-slfo.1.1_1.2 updated - p11-kit-tools-0.25.3-slfo.1.1_1.2 updated - libreadline8-8.2-slfo.1.1_1.4 updated - bash-5.2.15-slfo.1.1_1.6 updated - bash-sh-5.2.15-slfo.1.1_1.6 updated - coreutils-9.4-slfo.1.1_2.1 updated - ca-certificates-2+git20240805.fd24d50-slfo.1.1_1.2 updated - ca-certificates-mozilla-2.84-slfo.1.1_1.1 updated - container:suse-toolbox-image-1.0.0-5.50 updated From sle-container-updates at lists.suse.com Thu May 7 07:17:33 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:17:33 +0200 (CEST) Subject: SUSE-CU-2026:4708-1: Security update of rancher/seedimage-builder Message-ID: <20260507071733.104B3F79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4708-1 Container Tags : rancher/seedimage-builder:1.6.10 , rancher/seedimage-builder:1.6.10-9.51 Container Release : 9.51 Severity : critical Type : security References : 1216378 1228081 1233593 1233594 1233773 1238724 1239941 1246965 1247850 1247858 1249147 1250410 1250553 1251213 1252048 1252148 1254293 1254666 1254867 1255066 1255066 1255768 1256105 1256427 1256525 1256526 1256766 1256804 1256805 1256805 1256807 1256808 1256809 1256810 1256811 1256812 1256822 1256830 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1256876 1256878 1256880 1257005 1257111 1257144 1257359 1257364 1257365 1257496 1257593 1257594 1257595 1258002 1258005 1258020 1258143 1258311 1258371 1258392 1258655 1258859 1259118 1259126 1259271 1259362 1259362 1259363 1259364 1259365 1259418 1259472 1259502 1259623 1259650 1259697 1259711 1259726 1259729 1259816 1259825 1259845 1259859 1259859 1259859 1259924 1260078 1260082 1260265 1260441 1260442 1260443 1260444 1260445 1260754 1260755 1261209 1261621 1261622 1261624 1261630 1261630 1261634 1261678 1261696 1261705 1261706 1261708 1261712 1261717 1261718 1261720 1261809 1261845 1261845 1261850 1261851 1261852 1261853 1261854 1261855 1261856 1261857 1261876 1261957 1262144 1262216 1262220 1262254 1262255 1262425 1262426 1262631 1262632 1262635 1262636 1262638 1263689 1263689 CVE-2023-45853 CVE-2024-10524 CVE-2024-11595 CVE-2024-11596 CVE-2025-10911 CVE-2025-11187 CVE-2025-14017 CVE-2025-14104 CVE-2025-15281 CVE-2025-15467 CVE-2025-15467 CVE-2025-15468 CVE-2025-28162 CVE-2025-28164 CVE-2025-39977 CVE-2025-40309 CVE-2025-40309 CVE-2025-66471 CVE-2025-66614 CVE-2025-67746 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-71066 CVE-2025-8058 CVE-2025-8732 CVE-2025-9230 CVE-2025-9615 CVE-2026-0861 CVE-2026-0915 CVE-2026-0989 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796 CVE-2026-22801 CVE-2026-23004 CVE-2026-23204 CVE-2026-23268 CVE-2026-23268 CVE-2026-23268 CVE-2026-23437 CVE-2026-23437 CVE-2026-23865 CVE-2026-23868 CVE-2026-24515 CVE-2026-24880 CVE-2026-25075 CVE-2026-25210 CVE-2026-25646 CVE-2026-25854 CVE-2026-27135 CVE-2026-27171 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-29111 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-31406 CVE-2026-31406 CVE-2026-31431 CVE-2026-31431 CVE-2026-31789 CVE-2026-31790 CVE-2026-31812 CVE-2026-3184 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-32990 CVE-2026-33186 CVE-2026-33416 CVE-2026-33636 CVE-2026-34379 CVE-2026-34380 CVE-2026-34483 CVE-2026-34486 CVE-2026-34487 CVE-2026-34500 CVE-2026-34588 CVE-2026-34589 CVE-2026-34757 CVE-2026-35328 CVE-2026-35329 CVE-2026-35330 CVE-2026-35331 CVE-2026-35332 CVE-2026-35333 CVE-2026-35334 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-40176 CVE-2026-40244 CVE-2026-40250 CVE-2026-40261 CVE-2026-4046 CVE-2026-40706 CVE-2026-4105 CVE-2026-41651 CVE-2026-4437 CVE-2026-4438 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 109 Released: Thu May 15 11:36:36 2025 Summary: Security update for wget Type: security Severity: moderate References: 1233593,1233594,1233773,CVE-2024-10524,CVE-2024-11595,CVE-2024-11596 This update for wget fixes the following issues: - CVE-2024-10524: Drop support for shorthand URLs (bsc#1233773). ----------------------------------------------------------------- Advisory ID: 570 Released: Thu Feb 12 14:57:47 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,1257359,1259472,CVE-2025-14104,CVE-2025-9615,CVE-2026-25075 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: 569 Released: Thu Feb 12 15:05:28 2026 Summary: Security update for curl Type: security Severity: important References: 1239941,1256105,CVE-2025-14017 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ----------------------------------------------------------------- Advisory ID: 572 Released: Thu Feb 12 15:47:03 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1261696,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). ----------------------------------------------------------------- Advisory ID: 576 Released: Fri Feb 13 17:46:23 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,1258143,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). ----------------------------------------------------------------- Advisory ID: 578 Released: Mon Feb 16 09:28:24 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,1259816,1260265,CVE-2026-0989,CVE-2026-33186 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). ----------------------------------------------------------------- Advisory ID: 593 Released: Thu Feb 26 11:51:48 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1256525,1256526,1257364,1257365,1258020,1259623,1261876,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646,CVE-2026-31812 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). ----------------------------------------------------------------- Advisory ID: 597 Released: Thu Feb 26 12:33:53 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 604 Released: Wed Mar 4 09:37:59 2026 Summary: Security update for ca-certificates-mozilla Type: security Severity: moderate References: 1238724,1249147,1251213,1257111,1258002 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.84 state of Mozilla SSL root CAs (bsc#1258002) - Removed: - Baltimore CyberTrust Root - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - DigiNotar Root CA - Added: - e-Szigno TLS Root CA 2023 - OISTE Client Root ECC G1 - OISTE Client Root RSA G1 - OISTE Server Root ECC G1 - OISTE Server Root RSA G1 - SwissSign RSA SMIME Root CA 2022 - 1 - SwissSign RSA TLS Root CA 2022 - 1 - TrustAsia SMIME ECC Root CA - TrustAsia SMIME RSA Root CA - TrustAsia TLS ECC Root CA - TrustAsia TLS RSA Root CA ----------------------------------------------------------------- Advisory ID: 608 Released: Fri Mar 6 12:53:41 2026 Summary: Security update for libxslt, libxml2 Type: security Severity: moderate References: 1247850,1247858,1250553,1255066,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,1259859,CVE-2025-10911,CVE-2025-40309,CVE-2025-8732,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757,CVE-2026-23268 This update for libxslt, libxml2 fixes the following issues: Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811). - CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling `nextCatalog` elements (bsc#1256809, bsc#1256812). - CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858). - CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257594, bsc#1257595). - CVE-2025-10911: parsing xsl nodes may lead to use-after-free with key data stored cross-RVT (bsc#1250553). ----------------------------------------------------------------- Advisory ID: 610 Released: Mon Mar 9 10:54:57 2026 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,1255066,1258392,1259859,CVE-2023-45853,CVE-2025-40309,CVE-2026-23268,CVE-2026-27171 This update for zlib fixes the following issues: - CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) - CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ----------------------------------------------------------------- Advisory ID: 612 Released: Tue Mar 10 09:40:03 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1258859,1259502,CVE-2026-23868,CVE-2026-3184 This update for util-linux fixes the following issue: - CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). ----------------------------------------------------------------- Advisory ID: 617 Released: Thu Mar 12 10:40:37 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1259363,1259364,1259365,1261621,1261622,1261624,1261634,CVE-2026-1965,CVE-2026-34379,CVE-2026-34380,CVE-2026-34588,CVE-2026-34589,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: 623 Released: Mon Mar 16 14:23:56 2026 Summary: Security update for freetype2 Type: security Severity: moderate References: 1252148,1258371,1259118,1261850,1261851,1261852,1261853,1261854,1261855,1261856,1261857,CVE-2025-66614,CVE-2026-23865,CVE-2026-24880,CVE-2026-25854,CVE-2026-29129,CVE-2026-29145,CVE-2026-29146,CVE-2026-32990,CVE-2026-34483,CVE-2026-34486,CVE-2026-34487,CVE-2026-34500 This update for freetype2 fixes the following issue: Update to freetype2 2.14.2: - CVE-2026-23865: Integer overflow in the tt_var_load_item_variation_store function (bsc#1259118). Changelog: * Several changes related to LCD filtering are implemented to achieve better performance and encourage sound practices. * Instead of blanket LCD filtering over the entire bitmap, it is now applied only to non-zero spans using direct rendering. This speeds up the ClearType-like rendering by more than 40% at sizes above 32 ppem. * Setting the filter weights with FT_Face_Properties is no longer supported. The default and light filters are optimized to work with any face. * The legacy libXft LCD filter algorithm is no longer provided. * The italic angle in `PS_FontInfo` is now stored as a fixed-point value in degrees for all Type 1 fonts and their derivatives, consistent with CFF fonts and common practices. The broken underline position and thickness values are fixed for CFF fonts. * The `x` field in the `FT_Span` structure is now unsigned. * Demo program `ftgrid` got an option `-m` to select a start character to display. * Similarly, demo program `ftmulti` got an option `-m` to select a text string for rendering. * Option `-d` in the demo program `ttdebug` is now called `-a`, expecting a comma-separated list of axis values. The user interface is also slightly improved. * The `ftinspect` demo program can now be compiled with Qt6, too. * The auto-hinter got new abilities. It can now better separate diacritic glyphs from base glyphs at small sizes by artificially moving diacritics up (or down) if necessary * Tilde accent glyphs get vertically stretched at small sizes so that they don't degenerate to horizontal lines. * Diacritics directly attached to a base glyph (like the ogonek in character '??') no longer distort the shape of the base glyph * The TrueType instruction interpreter was optimized to produce a 15% gain in the glyph loading speed. * Handling of Variation Fonts is now considerably faster * TrueType and CFF glyph loading speed has been improved by 5-10% on modern 64-bit platforms as a result of better handling of fixed-point multiplication. * The BDF driver now loads fonts 75% faster. ----------------------------------------------------------------- Advisory ID: 638 Released: Tue Mar 24 10:27:18 2026 Summary: Security update for systemd Type: security Severity: important References: 1228081,1254293,1256427,1259418,1259650,1259697,1259859,CVE-2026-23268,CVE-2026-29111,CVE-2026-4105 This update for systemd fixes the following issues: Security issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Non security issues: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) - detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293) Changelog: - a943e3ce2f machined: reject invalid class types when registering machines - 71593f77db udev: fix review mixup - 73a89810b4 udev-builtin-net-id: print cescaped bad attributes - 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX - 40905232e2 udev: ensure tag parsing stays within bounds - 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf - d018ac1ea3 udev: check for invalid chars in various fields received from the kernel - aef6e11921 core/cgroup: avoid one unnecessary strjoina() - cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements - 26a748f727 core: validate input cgroup path more prudently - 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs - 8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386 ----------------------------------------------------------------- Advisory ID: 644 Released: Thu Mar 26 10:10:44 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1259845,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: 651 Released: Thu Apr 2 14:55:24 2026 Summary: Recommended update for crypto-policies Type: recommended Severity: important References: 1258311,1259825,1261209,CVE-2026-4046 This update for crypto-policies fixes the following issues: - Add PQC support for OpenSSH (bsc#1258311, bsc#1259825) * Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default ----------------------------------------------------------------- Advisory ID: 654 Released: Tue Apr 7 20:52:31 2026 Summary: Security update for expat Type: security Severity: important References: 1259711,1259726,1259729,1262220,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778,CVE-2026-41651 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: 657 Released: Wed Apr 8 18:32:18 2026 Summary: Security update for openssl-3 Type: security Severity: important References: 1254867,1260441,1260442,1260443,1260444,1260445,CVE-2025-66471,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790 This update for openssl-3 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ----------------------------------------------------------------- Advisory ID: 660 Released: Thu Apr 9 12:16:32 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1260754,1260755,1262425,1262426,CVE-2026-33416,CVE-2026-33636,CVE-2026-40244,CVE-2026-40250 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). - CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ----------------------------------------------------------------- Advisory ID: 659 Released: Thu Apr 9 13:02:01 2026 Summary: Security update for glibc Type: security Severity: important References: 1260078,1260082,1262216,CVE-2026-40706,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ----------------------------------------------------------------- Advisory ID: 675 Released: Mon Apr 20 14:43:53 2026 Summary: Security update for libcap Type: security Severity: important References: 1250410,1256876,1256878,1256880,1259271,1261809,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-9230,CVE-2026-4878 This update for libcap fixes the following issues: - CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in `cap_set_file()` (bsc#1261809). ----------------------------------------------------------------- Advisory ID: 672 Released: Mon Apr 20 14:56:30 2026 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1255768,1261678,1262254,1262255,CVE-2025-67746,CVE-2026-28390,CVE-2026-40176,CVE-2026-40261 This update for openssl-3 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ----------------------------------------------------------------- Advisory ID: 681 Released: Tue Apr 21 10:57:05 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: 680 Released: Tue Apr 21 11:02:28 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1261705,1261706,1261708,1261712,1261717,1261718,1261720,1261957,CVE-2026-34757,CVE-2026-35328,CVE-2026-35329,CVE-2026-35330,CVE-2026-35331,CVE-2026-35332,CVE-2026-35333,CVE-2026-35334 This update for libpng16 fixes the following issue: - CVE-2026-34757: libpng: Information disclosure and data corruption via use-after-free vulnerability (bsc#1261957). ----------------------------------------------------------------- Advisory ID: 688 Released: Mon Apr 27 19:25:16 2026 Summary: Security update for sed Type: security Severity: moderate References: 1261630,1261845,1262144,1263689,CVE-2026-23437,CVE-2026-31406,CVE-2026-31431,CVE-2026-5958 This update for sed fixes the following issue: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: 695 Released: Thu Apr 30 17:04:03 2026 Summary: Security update for curl Type: security Severity: important References: 1252048,1258005,1258655,1259126,1259362,1261630,1261845,1262631,1262632,1262635,1262636,1262638,1263689,CVE-2025-39977,CVE-2025-71066,CVE-2026-1965,CVE-2026-23004,CVE-2026-23204,CVE-2026-23437,CVE-2026-31406,CVE-2026-31431,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - boost-license1_84_0-1.84.0-1.4 added - btrfsprogs-udev-rules-6.1.3-6.19 added - compat-usrmerge-tools-84.87-3.1 added - crypto-policies-20230920.570ea89-2.1 added - elemental-httpfy-1.6.10-1.1 added - elemental-seedimage-hooks-1.6.10-1.1 added - file-magic-5.44-4.151 added - kbd-legacy-2.6.4-1.3 added - libsemanage-conf-3.5-3.1 added - pkgconf-m4-1.8.0-2.205 added - system-user-root-20190513-2.208 added - filesystem-84.87-5.2 added - glibc-2.38-12.1 added - libzstd1-1.5.5-8.142 added - libz1-1.2.13-7.1 added - libxxhash0-0.8.1-2.194 added - libuuid1-2.39.3-6.1 added - liburcu8-0.14.0-2.8 added - libunistring5-1.1-3.1 added - libtextstyle0-0.21.1-6.1 added - libtasn1-6-4.19.0-5.1 added - libsmartcols1-2.39.3-6.1 added - libsepol2-3.5-3.1 added - libseccomp2-2.5.4-3.1 added - libpopt0-1.19-2.184 added - libpkgconf3-1.8.0-2.205 added - libpcre2-8-0-10.42-2.179 added - libparted-fs-resize0-3.5-2.11 added - libnss_usrfiles2-2.27-3.1 added - libnghttp2-14-1.52.0-6.1 added - liblzo2-2-2.10-3.1 added - liblzma5-5.4.3-5.1 added - liblz4-1-1.9.4-4.1 added - liblua5_4-5-5.4.6-1.68 added - libjson-c5-0.16-3.1 added - libjitterentropy3-3.4.1-3.1 added - libip4tc2-1.8.9-4.1 added - libgpg-error0-1.47-4.136 added - libgmp10-6.3.0-1.119 added - libgcc_s1-13.3.0+git8781-2.1 added - libfuse2-2.9.9-3.1 added - libffi8-3.4.4-3.1 added - libexpat1-2.7.1-5.1 added - libeconf0-0.6.1-1.13 added - libcrypt1-4.4.36-1.134 added - libcom_err2-1.47.0-3.1 added - libcap2-2.69-3.1 added - libcap-ng0-0.8.3-4.1 added - libbz2-1-1.0.8-3.1 added - libburn4-1.5.4-1.9 added - libbtrfsutil1-6.1.3-6.19 added - libbtrfs0-6.1.3-6.19 added - libbrotlicommon1-1.1.0-1.6 added - libblkid1-2.39.3-6.1 added - libaudit1-3.0.9-4.1 added - libattr1-2.5.1-3.1 added - libargon2-1-20190702-3.1 added - libalternatives1-1.2+30.a5431e9-3.1 added - libaio1-0.3.113-3.1 added - libacl1-2.3.1-3.1 added - fillup-1.42-3.1 added - dosfstools-4.2-2.9 added - diffutils-3.10-2.101 added - libpng16-16-1.6.43-5.1 added - libidn2-0-2.3.4-3.1 added - pkgconf-1.8.0-2.205 added - libselinux1-3.5-3.1 added - netcfg-11.6-4.42 added - libxml2-2-2.11.6-12.1 added - squashfs-4.6.1-3.7 added - libgcrypt20-1.10.3-3.1 added - libstdc++6-13.3.0+git8781-2.1 added - libp11-kit0-0.25.3-1.6 added - perl-base-5.38.2-4.1 added - libext2fs2-1.47.0-3.1 added - libudev1-254.27-3.1 added - chkstat-1600_20240206-1.8 added - libzio1-1.08-3.1 added - libmagic1-5.44-4.151 added - libjte2-1.22-1.8 added - libbrotlidec1-1.1.0-1.6 added - libfdisk1-2.39.3-6.1 added - alts-1.2+30.a5431e9-3.1 added - libpsl5-0.21.2-3.1 added - sed-4.9-3.1 added - libsubid4-4.15.1-1.1 added - libsemanage2-3.5-3.1 added - libmount1-2.39.3-6.1 added - findutils-4.9.0-4.1 added - libsystemd0-254.27-3.1 added - libncurses6-6.4.20240224-11.1 added - terminfo-base-6.4.20240224-11.1 added - libinih0-56-3.1 added - libboost_thread1_84_0-1.84.0-1.4 added - p11-kit-0.25.3-1.6 added - p11-kit-tools-0.25.3-1.6 added - libisofs6-1.5.4-1.9 added - libfreetype6-2.14.2-1.1 added - ncurses-utils-6.4.20240224-11.1 added - libreadline8-8.2-2.180 added - libedit0-20210910.3.1-9.169 added - gptfdisk-1.0.9-4.1 added - libisoburn1-1.5.4-1.9 added - bash-5.2.15-3.1 added - bash-sh-5.2.15-3.1 added - xz-5.4.3-5.1 added - systemd-default-settings-branding-openSUSE-0.7-2.4 added - systemd-default-settings-0.7-2.4 added - pkgconf-pkg-config-1.8.0-2.205 added - login_defs-4.15.1-1.1 added - libdevmapper1_03-2.03.22_1.02.196-1.8 added - gzip-1.13-1.50 added - grep-3.11-4.8 added - gettext-runtime-0.21.1-6.1 added - coreutils-9.4-5.1 added - ALP-dummy-release-0.1-8.67 added - libparted2-3.5-2.11 added - libdevmapper-event1_03-2.03.22_1.02.196-1.8 added - info-7.0.3-4.1 added - xfsprogs-6.5.0-1.9 added - thin-provisioning-tools-0.9.0-2.10 added - systemd-rpm-macros-24-1.205 added - systemd-presets-common-SUSE-15-5.1 added - rpm-config-SUSE-20240214-1.1 added - rpm-4.18.0-7.1 added - permissions-config-1600_20240206-1.8 added - glibc-locale-base-2.38-12.1 added - e2fsprogs-1.47.0-3.1 added - ca-certificates-2+git20230406.2dae8b7-3.1 added - ca-certificates-mozilla-2.84-1.1 added - btrfsprogs-6.1.3-6.19 added - parted-3.5-2.11 added - liblvm2cmd2_03-2.03.22-1.8 added - xorriso-1.5.4-1.9 added - device-mapper-2.03.22_1.02.196-1.8 added - systemd-presets-branding-ALP-transactional-20230214-3.1 added - permissions-1600_20240206-1.8 added - mtools-4.0.43-4.9 added - libopenssl3-3.1.4-13.1 added - pam-1.6.0-5.1 added - grub2-2.12~rc1-7.1 added - grub2-i386-pc-2.12~rc1-7.1 added - suse-module-tools-16.0.43-1.1 added - kmod-30-11.1 added - rsync-3.2.7-5.1 added - libkmod2-30-11.1 added - libcurl-mini4-8.14.1-6.1 added - libcryptsetup12-2.6.1-4.13 added - util-linux-2.39.3-6.1 added - shadow-4.15.1-1.1 added - pam-config-2.11-2.1 added - kbd-2.6.4-1.3 added - curl-8.14.1-6.1 added - libsnapper7-0.10.5-2.10 added - aaa_base-84.87+git20240906.742565b-1.1 added - dbus-1-daemon-1.14.10-1.11 added - dbus-1-tools-1.14.10-1.11 added - systemd-254.27-3.1 added - sysuser-shadow-3.1-2.197 added - dbus-1-common-1.14.10-1.11 added - libdbus-1-3-1.14.10-1.11 added - dbus-1-1.14.10-1.11 added - system-group-kvm-20170617-2.197 added - system-group-hardware-20170617-2.197 added - udev-254.27-3.1 added - snapper-0.10.5-2.10 added - lvm2-2.03.22-1.8 added - elemental-toolkit-2.1.5-1.1 added - container:suse-toolbox-image-1.0.0-9.105 added - container:bci-bci-base-16.0-6dac57506c189189476aff26919b9d9bd02d27b746266a8ef6fcadfa1d47a922-0 removed From sle-container-updates at lists.suse.com Thu May 7 07:18:18 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:18:18 +0200 (CEST) Subject: SUSE-CU-2026:4716-1: Security update of private-registry/1.2/harbor-trivy-adapter Message-ID: <20260507071818.03791F79C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/1.2/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4716-1 Container Tags : private-registry/1.2/harbor-trivy-adapter:1.2.0 , private-registry/1.2/harbor-trivy-adapter:1.2.0-1.14 , private-registry/1.2/harbor-trivy-adapter:latest Container Release : 1.14 Severity : important Type : security References : 1255366 1258094 1258513 1260193 1260971 1261052 1262389 1262893 CVE-2025-64702 CVE-2025-66564 CVE-2025-69725 CVE-2026-25934 CVE-2026-33186 CVE-2026-33747 CVE-2026-33748 CVE-2026-34986 CVE-2026-39984 ----------------------------------------------------------------- The container private-registry/1.2/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1722-1 Released: Wed May 6 16:56:29 2026 Summary: Security update for trivy Type: security Severity: important References: 1255366,1258094,1258513,1260193,1260971,1261052,1262389,1262893,CVE-2025-64702,CVE-2025-66564,CVE-2025-69725,CVE-2026-25934,CVE-2026-33186,CVE-2026-33747,CVE-2026-33748,CVE-2026-34986,CVE-2026-39984 This update for trivy fixes the following issues: - Update to version 0.70.0: * CVE-2026-33186: Fixed authorization bypass due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260193) * CVE-2026-33747: Fixed malicious API messages causing files to be written outside of the BuildKit state directory(bsc#1260971) * CVE-2026-33748: Fixed insufficient validation of Git URL fragment subdir components (bsc#1261052) * CVE-2026-39984: Fixed improper certificate validation (bsc#1262389) * CVE-2026-34986: Fixed denial of service via crafted JWE input (bsc#1262893) * chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#10496) * chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 (#10526) * chore(deps): bump the common group across 1 directory with 8 updates (#10540) * chore(deps): bump the docker group across 1 directory with 2 updates (#10538) * fix: use Development category for GoReleaser discussions (#10530) * chore(deps): bump testcontainers-go to v0.42.0 (#10531) * chore: update CODEOWNERS (#10529) * chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (#10511) * chore(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (#10510) * chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 (#10449) * ci: migrate from mkdocs-material-insiders to mkdocs-material (#10509) * chore: remove aquasecurity/homebrew-trivy tap from GoReleaser (#10508) * ci: update runners for workflows that interact with GitHub API (#10502) * ci: rename tokens and update runners (#10500) * ci: trigger helm chart publishing via helm-charts workflow (#10474) * ci: remove ruleset update step from release-please workflow (#10499) * ci: use large runner and replace ORG_REPO_TOKEN in release-please workflow (#10498) * ci: trigger rpm/deb deployment via trivy-repo workflow (#10476) * fix: remove os.Stdout from wazero module config (#10403) * chore(deps): bump the common group across 1 directory with 22 updates (#10408) * chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#10407) * fix(flag): validate template file extension (#10296) * fix(sbom): preserve Red Hat BuildInfo when scanning SBOMs without layer info (#10378) * fix: handle Go 1.26 GOEXPERIMENT version format change (#10351) * fix(python): handle multiple version specifiers in requirements.txt (#10361) * ci: run Trivy version bump in trivy-action (#10272) * fix(python): nil pointer dereference with optional poetry groups without dependencies (#10359) * ci: replace personal email with github-actions[bot] in workflows (#10369) * chore: replace smithy epoch parsing with stdlib time.Unix (#10286) * test: update golden files for purl changes (#10372) * ci: add zizmor to scan GitHub Actions workflows (#10322) * refactor: log statuses as strings (#10285) * ci: add build provenance attestations for release artifacts (#10316) * fix(sbom): add NOASSERTION for licenseDeclared/licenseConcluded in SPDX non-library packages (#10368) * fix(report): set correct sarif ROOTPATH uri when scanning a git repository (#10366) * perf(plugin): optimize directory traversal by replacing filepath.Walk with filepath.WalkDir (#10325) * docs: correct typos in CHANGELOG and diagram (#10320) * chore: delete roadmap wf (#10295) * ci(helm): bump Trivy version to 0.69.3 for Trivy Helm Chart 0.21.3 (#10310) * fix(cyclonedx): include CVSS v4 vulnerability ratings (#10313) * fix: detected vulnerability fields in azure and mariner detector (#10275) * ci: add persist-credentials: false to checkout steps (#10306) * ci(helm): bump Trivy version to 0.69.2 for Trivy Helm Chart 0.21.2 (#10270) * chore(deps): bump the common group across 1 directory with 8 updates (#10248) * chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#10257) * chore(deps): bump the aws group across 1 directory with 6 updates (#10249) * chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (#10241) * ci: remove apidiff workflow (#10259) * chore(deps): bump github.com/docker/cli from 29.1.4+incompatible to 29.2.1+incompatible in the docker group across 1 directory (#10221) * ci: bump golangci-lint to v2.10 in cache-test-assets (#10243) * feat(java): add support for proxy configuration from Maven settings.xml (#10187) * chore(deps): bump the github-actions group across 3 directories with 11 updates (#10242) * feat(python): add pylock.toml support (#10137) * chore: bump SPDX license IDs and exceptions to `v3.28.0` (#10233) * docs: fix typos and upgrade insecure HTTP links to HTTPS (#10219) * chore: bump golangci-lint to v2.10.0 (#10223) * feat(misconf): support for azurerm_network_interface_security_group_association (#10215) * ci: pin Docker Engine to v29 for integration tests (#10232) * feat(go): detect version from ELF symbol table for binaries built with -trimpath (#10197) * docs: migrate private registry documentation from GCR to GAR (#10208) * chore(deps): bump the common group across 1 directory with 24 updates (#10206) * chore(deps): update Docker client SDK to v29 (#10202) * test: update Docker Engine integration tests for Docker API v0.29.0+ compatibility (#10199) * fix(misconf): initialize custom annotation field if empty (#10123) * feat(ubuntu): add eol data for 25.10 (#10181) * docs: fix incorrect count of Python package managers (#10175) * chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (#10179) * feat(misconf): resolve Azure resources via resource_id (#10173) * ci(helm): bump Trivy version to 0.69.1 for Trivy Helm Chart 0.21.1 (#10155) * refactor: remove unused Insecure field from ServiceOption (#10113) * refactor: reduce complexity of init in detect.go (#10163) * feat(misconf): adapt ARM k8s clusters (#9696) (#10125) * docs: update version endpoint example in client/server documentation (#10151) * feat(vuln): skip third-party packages in common Detect function (#10129) * ci: add composite action for Go setup (#10146) * fix(misconf): apply check aliases when filtering results via .trivyignore (#10112) * docs(terraform): add limitation for data sources and computed resource attributes (#10128) * fix: update PhotonOS feed URL (#10122) * feat(server): include server version info in JSON output for client/server mode (#10075) * chore(deps): bump to alpine:3.23.3 and go-1.25.6 to fix CVEs (#10107) * refactor: unify scanner error limit and compiler limit (#10106) * ci(helm): bump Trivy version to 0.69.0 for Trivy Helm Chart 0.21.0 (#10103) * fix(java): Disable overwriting exclusions (#10088) * refactor(rust): use txtar format for cargo analyzer test data (#10104) * feat(python): add pylock.toml (PEP 751) parser (#9632) * chore(deps): bump the aws group across 1 directory with 6 updates (#10068) * fix(server): exclude JavaDB and CheckBundle from /version endpoint (#10100) - Update to version 0.69.3: * CVE-2026-25934: Fixed improper verification of data integrity values for .pack and .idx files (bsc#1258094) * fix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#10291) * release: v0.69.2 [release/v0.69] (#10266) * fix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#10267) * fix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#10264) * ci: remove apidiff workflow * release: v0.69.1 [release/v0.69] (#10145) * ci: add composite action for Go setup [backport: release/v0.69] (#10150) * fix(misconf): apply check aliases when filtering results via .trivyignore [backport: release/v0.69] (#10143) * chore(deps): bump to alpine:3.23.3 and go-1.25.6 to fix CVEs [backport: release/v0.69] (#10135) - Update to version 0.69.0: * CVE-2025-64702: Fixed quic-go HTTP/3 QPACK Header Expansion DoS (bsc#1255366) * CVE-2025-69725: Fixed incorrect input validation in the RedirectSlashes function (bsc#1258513) * chore: bump trivy-checks to v2 (#9875) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091) * fix(repo): return a nil interface for gitAuth if missing (#10097) * fix(java): correctly inherit properties from parent fields for pom.xml files (#9111) * fix(rust): implement version inheritance for Cargo mono repos (#10011) * feat(activestate): add support ActiveState images (#10081) * feat(vex): support per-repo tls configuration (#10030) * refactor: allow per-request transport options override (#10083) * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084) * chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085) * fix(java): correctly propagate repositories from upper POMs to dependencies (#10077) * feat(rocky): enable modular package vulnerability detection (#10069) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079) * docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070) * feat(report): add Trivy version to JSON output (#10065) * fix(rust): add cargo workspace members glob support (#10032) * feat: add AnalyzedBy field to track which analyzer detected packages (#10059) * fix: use canonical SPDX license IDs from embeded licenses.json (#10053) * docs: fix link to Docker Image Specification (#10057) * feat(secret): add detection for Symfony default secret key (#9892) * refactor(misconf): move common logic to base value and simplify typed values (#9986) * fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880) * feat(misconf): use Terraform plan configuration to partially restore schema (#9623) * feat(misconf): add action block to Terraform schema (#10035) * fix(misconf): correct typos in block and attribute names (#9993) * test(misconf): simplify test values using *Test helpers (#9985) * fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980) * feat(misconf): support for ARM resources defined as an object (#9959) * feat(misconf): support for azurerm_*_web_app (#9944) * test: migrate private test helpers to `export_test.go` convention (#10043) * chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048) * fix(secret): improve word boundary detection for Hugging Face tokens (#10046) * fix(go): use ldflags version for all pseudo-versions (#10037) * chore: switch to ID from AVDID in internal and user-facing fields (#9655) * refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752) * fix: move enum into items for array-type fields in JSON Schema (#10039) * docs: fix incorrect documentation URLs (#10038) * feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033) * fix(docker): fix non-det scan results for images with embedded SBOM (#9866) * chore(deps): bump the github-actions group with 11 updates (#10001) * test: fix assertion after 2026 roll over (#10002) * fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964) * fix(license): normalize licenses for PostAnalyzers (#9941) * feat(nodejs): parse licenses from `package-lock.json` file (#9983) * chore: update reference links to Go Wiki (#9987) * refactor: add xslices.Map and replace lo.Map usages (#9984) * fix(image): race condition in image artifact inspection (#9966) * feat(flag): add JSON Schema for trivy.yaml configuration file (#9971) * refactor(debian): use txtar format for test data (#9957) * chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973) * feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930) * feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932) * docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961) * perf(misconf): optimize string concatenation in azure scanner (#9969) * chore: add client option to install script (#9962) * ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956) * chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952) * docs: update binary signature verification for sigstore bundles (#9929) * chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935) * chore(alpine): add EOL date for alpine 3.23 (#9934) * feat(cloudformation): add support for Fn::ForEach (#9508) * ci: enable `check-latest` for `setup-go` (#9931) * feat(debian): detect third-party packages using maintainer list (#9917) * fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924) * feat(helm): add sslCertDir parameter (#9697) * fix(misconf): respect .yml files when Helm charts are detected (#9912) * feat(php): add support for dev dependencies in Composer (#9910) * chore(deps): bump the common group across 1 directory with 9 updates (#9903) * chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859) * fix: remove trailing tab in statefulset template (#9889) * feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800) * feat(misconf): initial ansible scanning support (#9332) * feat(misconf): Update Azure Database schema (#9811) * ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869) * chore: update the install script (#9874) The following package changes have been done: - trivy-0.70.0-150000.1.12.1 updated From sle-container-updates at lists.suse.com Thu May 7 07:25:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:25:38 +0200 (CEST) Subject: SUSE-CU-2026:4723-1: Security update of private-registry/harbor-trivy-adapter Message-ID: <20260507072538.C3EDBF79C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4723-1 Container Tags : private-registry/harbor-trivy-adapter:1.1.2 , private-registry/harbor-trivy-adapter:1.1.2-2.34 , private-registry/harbor-trivy-adapter:latest Container Release : 2.34 Severity : important Type : security References : 1255366 1258094 1258513 1260193 1260971 1261052 1262389 1262893 CVE-2025-64702 CVE-2025-66564 CVE-2025-69725 CVE-2026-25934 CVE-2026-33186 CVE-2026-33747 CVE-2026-33748 CVE-2026-34986 CVE-2026-39984 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1722-1 Released: Wed May 6 16:56:29 2026 Summary: Security update for trivy Type: security Severity: important References: 1255366,1258094,1258513,1260193,1260971,1261052,1262389,1262893,CVE-2025-64702,CVE-2025-66564,CVE-2025-69725,CVE-2026-25934,CVE-2026-33186,CVE-2026-33747,CVE-2026-33748,CVE-2026-34986,CVE-2026-39984 This update for trivy fixes the following issues: - Update to version 0.70.0: * CVE-2026-33186: Fixed authorization bypass due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260193) * CVE-2026-33747: Fixed malicious API messages causing files to be written outside of the BuildKit state directory(bsc#1260971) * CVE-2026-33748: Fixed insufficient validation of Git URL fragment subdir components (bsc#1261052) * CVE-2026-39984: Fixed improper certificate validation (bsc#1262389) * CVE-2026-34986: Fixed denial of service via crafted JWE input (bsc#1262893) * chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#10496) * chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 (#10526) * chore(deps): bump the common group across 1 directory with 8 updates (#10540) * chore(deps): bump the docker group across 1 directory with 2 updates (#10538) * fix: use Development category for GoReleaser discussions (#10530) * chore(deps): bump testcontainers-go to v0.42.0 (#10531) * chore: update CODEOWNERS (#10529) * chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 (#10511) * chore(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (#10510) * chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 (#10449) * ci: migrate from mkdocs-material-insiders to mkdocs-material (#10509) * chore: remove aquasecurity/homebrew-trivy tap from GoReleaser (#10508) * ci: update runners for workflows that interact with GitHub API (#10502) * ci: rename tokens and update runners (#10500) * ci: trigger helm chart publishing via helm-charts workflow (#10474) * ci: remove ruleset update step from release-please workflow (#10499) * ci: use large runner and replace ORG_REPO_TOKEN in release-please workflow (#10498) * ci: trigger rpm/deb deployment via trivy-repo workflow (#10476) * fix: remove os.Stdout from wazero module config (#10403) * chore(deps): bump the common group across 1 directory with 22 updates (#10408) * chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#10407) * fix(flag): validate template file extension (#10296) * fix(sbom): preserve Red Hat BuildInfo when scanning SBOMs without layer info (#10378) * fix: handle Go 1.26 GOEXPERIMENT version format change (#10351) * fix(python): handle multiple version specifiers in requirements.txt (#10361) * ci: run Trivy version bump in trivy-action (#10272) * fix(python): nil pointer dereference with optional poetry groups without dependencies (#10359) * ci: replace personal email with github-actions[bot] in workflows (#10369) * chore: replace smithy epoch parsing with stdlib time.Unix (#10286) * test: update golden files for purl changes (#10372) * ci: add zizmor to scan GitHub Actions workflows (#10322) * refactor: log statuses as strings (#10285) * ci: add build provenance attestations for release artifacts (#10316) * fix(sbom): add NOASSERTION for licenseDeclared/licenseConcluded in SPDX non-library packages (#10368) * fix(report): set correct sarif ROOTPATH uri when scanning a git repository (#10366) * perf(plugin): optimize directory traversal by replacing filepath.Walk with filepath.WalkDir (#10325) * docs: correct typos in CHANGELOG and diagram (#10320) * chore: delete roadmap wf (#10295) * ci(helm): bump Trivy version to 0.69.3 for Trivy Helm Chart 0.21.3 (#10310) * fix(cyclonedx): include CVSS v4 vulnerability ratings (#10313) * fix: detected vulnerability fields in azure and mariner detector (#10275) * ci: add persist-credentials: false to checkout steps (#10306) * ci(helm): bump Trivy version to 0.69.2 for Trivy Helm Chart 0.21.2 (#10270) * chore(deps): bump the common group across 1 directory with 8 updates (#10248) * chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#10257) * chore(deps): bump the aws group across 1 directory with 6 updates (#10249) * chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (#10241) * ci: remove apidiff workflow (#10259) * chore(deps): bump github.com/docker/cli from 29.1.4+incompatible to 29.2.1+incompatible in the docker group across 1 directory (#10221) * ci: bump golangci-lint to v2.10 in cache-test-assets (#10243) * feat(java): add support for proxy configuration from Maven settings.xml (#10187) * chore(deps): bump the github-actions group across 3 directories with 11 updates (#10242) * feat(python): add pylock.toml support (#10137) * chore: bump SPDX license IDs and exceptions to `v3.28.0` (#10233) * docs: fix typos and upgrade insecure HTTP links to HTTPS (#10219) * chore: bump golangci-lint to v2.10.0 (#10223) * feat(misconf): support for azurerm_network_interface_security_group_association (#10215) * ci: pin Docker Engine to v29 for integration tests (#10232) * feat(go): detect version from ELF symbol table for binaries built with -trimpath (#10197) * docs: migrate private registry documentation from GCR to GAR (#10208) * chore(deps): bump the common group across 1 directory with 24 updates (#10206) * chore(deps): update Docker client SDK to v29 (#10202) * test: update Docker Engine integration tests for Docker API v0.29.0+ compatibility (#10199) * fix(misconf): initialize custom annotation field if empty (#10123) * feat(ubuntu): add eol data for 25.10 (#10181) * docs: fix incorrect count of Python package managers (#10175) * chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (#10179) * feat(misconf): resolve Azure resources via resource_id (#10173) * ci(helm): bump Trivy version to 0.69.1 for Trivy Helm Chart 0.21.1 (#10155) * refactor: remove unused Insecure field from ServiceOption (#10113) * refactor: reduce complexity of init in detect.go (#10163) * feat(misconf): adapt ARM k8s clusters (#9696) (#10125) * docs: update version endpoint example in client/server documentation (#10151) * feat(vuln): skip third-party packages in common Detect function (#10129) * ci: add composite action for Go setup (#10146) * fix(misconf): apply check aliases when filtering results via .trivyignore (#10112) * docs(terraform): add limitation for data sources and computed resource attributes (#10128) * fix: update PhotonOS feed URL (#10122) * feat(server): include server version info in JSON output for client/server mode (#10075) * chore(deps): bump to alpine:3.23.3 and go-1.25.6 to fix CVEs (#10107) * refactor: unify scanner error limit and compiler limit (#10106) * ci(helm): bump Trivy version to 0.69.0 for Trivy Helm Chart 0.21.0 (#10103) * fix(java): Disable overwriting exclusions (#10088) * refactor(rust): use txtar format for cargo analyzer test data (#10104) * feat(python): add pylock.toml (PEP 751) parser (#9632) * chore(deps): bump the aws group across 1 directory with 6 updates (#10068) * fix(server): exclude JavaDB and CheckBundle from /version endpoint (#10100) - Update to version 0.69.3: * CVE-2026-25934: Fixed improper verification of data integrity values for .pack and .idx files (bsc#1258094) * fix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#10291) * release: v0.69.2 [release/v0.69] (#10266) * fix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#10267) * fix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#10264) * ci: remove apidiff workflow * release: v0.69.1 [release/v0.69] (#10145) * ci: add composite action for Go setup [backport: release/v0.69] (#10150) * fix(misconf): apply check aliases when filtering results via .trivyignore [backport: release/v0.69] (#10143) * chore(deps): bump to alpine:3.23.3 and go-1.25.6 to fix CVEs [backport: release/v0.69] (#10135) - Update to version 0.69.0: * CVE-2025-64702: Fixed quic-go HTTP/3 QPACK Header Expansion DoS (bsc#1255366) * CVE-2025-69725: Fixed incorrect input validation in the RedirectSlashes function (bsc#1258513) * chore: bump trivy-checks to v2 (#9875) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091) * fix(repo): return a nil interface for gitAuth if missing (#10097) * fix(java): correctly inherit properties from parent fields for pom.xml files (#9111) * fix(rust): implement version inheritance for Cargo mono repos (#10011) * feat(activestate): add support ActiveState images (#10081) * feat(vex): support per-repo tls configuration (#10030) * refactor: allow per-request transport options override (#10083) * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084) * chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085) * fix(java): correctly propagate repositories from upper POMs to dependencies (#10077) * feat(rocky): enable modular package vulnerability detection (#10069) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079) * docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070) * feat(report): add Trivy version to JSON output (#10065) * fix(rust): add cargo workspace members glob support (#10032) * feat: add AnalyzedBy field to track which analyzer detected packages (#10059) * fix: use canonical SPDX license IDs from embeded licenses.json (#10053) * docs: fix link to Docker Image Specification (#10057) * feat(secret): add detection for Symfony default secret key (#9892) * refactor(misconf): move common logic to base value and simplify typed values (#9986) * fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880) * feat(misconf): use Terraform plan configuration to partially restore schema (#9623) * feat(misconf): add action block to Terraform schema (#10035) * fix(misconf): correct typos in block and attribute names (#9993) * test(misconf): simplify test values using *Test helpers (#9985) * fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980) * feat(misconf): support for ARM resources defined as an object (#9959) * feat(misconf): support for azurerm_*_web_app (#9944) * test: migrate private test helpers to `export_test.go` convention (#10043) * chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048) * fix(secret): improve word boundary detection for Hugging Face tokens (#10046) * fix(go): use ldflags version for all pseudo-versions (#10037) * chore: switch to ID from AVDID in internal and user-facing fields (#9655) * refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752) * fix: move enum into items for array-type fields in JSON Schema (#10039) * docs: fix incorrect documentation URLs (#10038) * feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033) * fix(docker): fix non-det scan results for images with embedded SBOM (#9866) * chore(deps): bump the github-actions group with 11 updates (#10001) * test: fix assertion after 2026 roll over (#10002) * fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964) * fix(license): normalize licenses for PostAnalyzers (#9941) * feat(nodejs): parse licenses from `package-lock.json` file (#9983) * chore: update reference links to Go Wiki (#9987) * refactor: add xslices.Map and replace lo.Map usages (#9984) * fix(image): race condition in image artifact inspection (#9966) * feat(flag): add JSON Schema for trivy.yaml configuration file (#9971) * refactor(debian): use txtar format for test data (#9957) * chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973) * feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930) * feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932) * docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961) * perf(misconf): optimize string concatenation in azure scanner (#9969) * chore: add client option to install script (#9962) * ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956) * chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952) * docs: update binary signature verification for sigstore bundles (#9929) * chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935) * chore(alpine): add EOL date for alpine 3.23 (#9934) * feat(cloudformation): add support for Fn::ForEach (#9508) * ci: enable `check-latest` for `setup-go` (#9931) * feat(debian): detect third-party packages using maintainer list (#9917) * fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924) * feat(helm): add sslCertDir parameter (#9697) * fix(misconf): respect .yml files when Helm charts are detected (#9912) * feat(php): add support for dev dependencies in Composer (#9910) * chore(deps): bump the common group across 1 directory with 9 updates (#9903) * chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859) * fix: remove trailing tab in statefulset template (#9889) * feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800) * feat(misconf): initial ansible scanning support (#9332) * feat(misconf): Update Azure Database schema (#9811) * ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869) * chore: update the install script (#9874) The following package changes have been done: - trivy-0.70.0-150000.1.12.1 updated - system-user-harbor-2.14.3-150700.1.15 updated - container:suse-sle15-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Thu May 7 07:27:33 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:27:33 +0200 (CEST) Subject: SUSE-IU-2026:2942-1: Recommended update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260507072733.D5B67F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2942-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.141 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.141 Severity : moderate Type : recommended References : 1261639 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 708 Released: Wed May 6 12:44:56 2026 Summary: Recommended update for libselinux Type: recommended Severity: moderate References: 1261639 This update for libselinux fixes the following issues: - Backport commit 'libselinux: retain LIFO order for path substitutions' (bsc#1261639) * otherwise we can not add equivalencies that overload each other in the policy * libselinux: retain LIFO order for path substitutions The following package changes have been done: - python313-selinux-3.8.1-160000.3.1 updated - selinux-tools-3.8.1-160000.3.1 updated From sle-container-updates at lists.suse.com Thu May 7 07:38:03 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:38:03 +0200 (CEST) Subject: SUSE-IU-2026:2954-1: Recommended update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260507073803.46041F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2954-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.121 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.121 Severity : moderate Type : recommended References : 1261639 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 708 Released: Wed May 6 12:44:56 2026 Summary: Recommended update for libselinux Type: recommended Severity: moderate References: 1261639 This update for libselinux fixes the following issues: - Backport commit 'libselinux: retain LIFO order for path substitutions' (bsc#1261639) * otherwise we can not add equivalencies that overload each other in the policy * libselinux: retain LIFO order for path substitutions The following package changes have been done: - libselinux1-3.8.1-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-3b55c3d2b2750075f91d7df741e47d3eb2d2bc901573de01ec220e4f6799075c-0 updated From sle-container-updates at lists.suse.com Thu May 7 07:42:05 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:42:05 +0200 (CEST) Subject: SUSE-IU-2026:2962-1: Recommended update of suse/sl-micro/6.2/rt-os-container Message-ID: <20260507074205.D9E81F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:2962-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.161 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 6.161 Severity : moderate Type : recommended References : 1261639 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 708 Released: Wed May 6 12:44:56 2026 Summary: Recommended update for libselinux Type: recommended Severity: moderate References: 1261639 This update for libselinux fixes the following issues: - Backport commit 'libselinux: retain LIFO order for path substitutions' (bsc#1261639) * otherwise we can not add equivalencies that overload each other in the policy * libselinux: retain LIFO order for path substitutions The following package changes have been done: - libselinux1-3.8.1-160000.3.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-16da3eaed7f45d1b3ace1709ba4f599b72edb9802168e4c3aaa62f52a61e4fe5-0 updated From sle-container-updates at lists.suse.com Fri May 8 07:06:57 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 09:06:57 +0200 (CEST) Subject: SUSE-IU-2026:3118-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20260508070657.2D7B8FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3118-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.272 , suse/sle-micro/base-5.5:latest Image Release : 5.8.272 Severity : moderate Type : recommended References : 1261274 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1759-1 Released: Thu May 7 16:03:37 2026 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1261274 This update for dracut fixes the following issues: - Update to version 055+suse.399.g9aa7e567: * fix: make iso-scan trigger udev events (bsc#1261274) The following package changes have been done: - dracut-055+suse.399.g9aa7e567-150500.3.35.1 updated From sle-container-updates at lists.suse.com Fri May 8 07:14:30 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 09:14:30 +0200 (CEST) Subject: SUSE-IU-2026:3120-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260508071430.9C5D8FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3120-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.143 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.143 Severity : low Type : security References : 1247589 CVE-2025-50422 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 716 Released: Thu May 7 11:32:34 2026 Summary: Security update for cairo Type: security Severity: low References: 1247589,CVE-2025-50422 This update for cairo fixes the following issue: - CVE-2025-50422: Poppler crash on malformed input (bsc#1247589). The following package changes have been done: - libcairo2-1.18.4-160000.3.1 updated - libcairo-gobject2-1.18.4-160000.3.1 updated From sle-container-updates at lists.suse.com Fri May 8 07:14:33 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 09:14:33 +0200 (CEST) Subject: SUSE-IU-2026:3122-1: Recommended update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260508071433.C1838FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3122-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.146 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.146 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 721 Released: Thu May 7 18:13:26 2026 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit fixes the following issues: Changes in elemental-toolkit: - Drop upstream reproducible build patch. The following package changes have been done: - elemental-toolkit-2.3.2-160000.2.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-cbddd26862461c485b48dc084aa3bc6fe2043d32492da5619ffbf585b01f4add-0 updated From sle-container-updates at lists.suse.com Fri May 8 07:25:47 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 09:25:47 +0200 (CEST) Subject: SUSE-IU-2026:3136-1: Recommended update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260508072547.E338AF79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3136-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.124 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.124 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 721 Released: Thu May 7 18:13:26 2026 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit fixes the following issues: Changes in elemental-toolkit: - Drop upstream reproducible build patch. The following package changes have been done: - elemental-toolkit-2.3.2-160000.2.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-cbddd26862461c485b48dc084aa3bc6fe2043d32492da5619ffbf585b01f4add-0 updated From sle-container-updates at lists.suse.com Fri May 8 07:30:43 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 09:30:43 +0200 (CEST) Subject: SUSE-IU-2026:3143-1: Recommended update of suse/sl-micro/6.2/rt-os-container Message-ID: <20260508073043.EE082F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3143-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.165 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 6.165 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 721 Released: Thu May 7 18:13:26 2026 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit fixes the following issues: Changes in elemental-toolkit: - Drop upstream reproducible build patch. The following package changes have been done: - elemental-toolkit-2.3.2-160000.2.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-e5b0f38cf4816e7ac099de71a17bd4bb37d527244e35027b998fcac9b66ac19a-0 updated From sle-container-updates at lists.suse.com Fri May 8 08:14:43 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 10:14:43 +0200 (CEST) Subject: SUSE-CU-2026:4808-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20260508081443.24595F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4808-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.17 , suse/manager/4.3/proxy-httpd:4.3.17.9.76.17 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.76.17 Severity : important Type : security References : 1259611 1259734 1259735 1259989 1260026 1261969 1261970 1262098 1262319 1262654 CVE-2025-13462 CVE-2026-1502 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). The following package changes have been done: - python3-base-3.6.15-150300.10.118.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated From sle-container-updates at lists.suse.com Fri May 8 08:14:44 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 10:14:44 +0200 (CEST) Subject: SUSE-CU-2026:4809-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20260508081445.01885F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4809-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.17 , suse/manager/4.3/proxy-httpd:4.3.17.9.76.18 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.76.18 Severity : important Type : security References : 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2026-1965 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - libcurl4-8.14.1-150400.5.83.1 updated - curl-8.14.1-150400.5.83.1 updated - container:sles15-ltss-image-15.4.0-6.19 updated From sle-container-updates at lists.suse.com Fri May 8 08:16:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 10:16:38 +0200 (CEST) Subject: SUSE-CU-2026:4810-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20260508081638.85C8BF79C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4810-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.17 , suse/manager/4.3/proxy-salt-broker:4.3.17.9.66.19 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.66.19 Severity : important Type : security References : 1259611 1259734 1259735 1259989 1260026 1261969 1261970 1262098 1262319 1262654 CVE-2025-13462 CVE-2026-1502 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated From sle-container-updates at lists.suse.com Fri May 8 08:16:39 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 10:16:39 +0200 (CEST) Subject: SUSE-CU-2026:4811-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20260508081639.A66DDF79C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4811-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.17 , suse/manager/4.3/proxy-salt-broker:4.3.17.9.66.20 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.66.20 Severity : important Type : security References : 1259362 1262631 1262632 1262635 1262636 1262638 CVE-2026-1965 CVE-2026-4873 CVE-2026-5545 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - libcurl4-8.14.1-150400.5.83.1 updated - curl-8.14.1-150400.5.83.1 updated - container:sles15-ltss-image-15.4.0-6.19 updated From sle-container-updates at lists.suse.com Fri May 8 08:20:36 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 10:20:36 +0200 (CEST) Subject: SUSE-CU-2026:4814-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20260508082036.50E8FF79C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4814-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.17 , suse/manager/4.3/proxy-ssh:4.3.17.9.66.13 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.66.13 Severity : important Type : security References : 1259611 1259734 1259735 1259989 1260026 1261969 1261970 1262098 1262319 1262654 CVE-2025-13462 CVE-2026-1502 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated From sle-container-updates at lists.suse.com Fri May 8 08:22:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 8 May 2026 10:22:38 +0200 (CEST) Subject: SUSE-CU-2026:4816-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20260508082238.EC8ADF79C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4816-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.17 , suse/manager/4.3/proxy-tftpd:4.3.17.9.66.15 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.66.15 Severity : important Type : security References : 1259611 1259734 1259735 1259989 1260026 1261969 1261970 1262098 1262319 1262654 CVE-2025-13462 CVE-2026-1502 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated From sle-container-updates at lists.suse.com Sat May 9 07:07:17 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 May 2026 09:07:17 +0200 (CEST) Subject: SUSE-CU-2026:4820-1: Security update of private-registry/1.2/harbor-portal Message-ID: <20260509070717.CEC2CFB96@maintenance.suse.de> SUSE Container Update Advisory: private-registry/1.2/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4820-1 Container Tags : private-registry/1.2/harbor-portal:1.2.0 , private-registry/1.2/harbor-portal:1.2.0-1.16 , private-registry/1.2/harbor-portal:latest Container Release : 1.16 Severity : important Type : security References : 1257675 1260416 1260417 1260418 CVE-2026-1642 CVE-2026-27654 CVE-2026-27784 CVE-2026-28753 ----------------------------------------------------------------- The container private-registry/1.2/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1761-1 Released: Fri May 8 10:58:08 2026 Summary: Security update for nginx Type: security Severity: important References: 1257675,1260416,1260417,1260418,CVE-2026-1642,CVE-2026-27654,CVE-2026-27784,CVE-2026-28753 This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack (bsc#1257675). - CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module` module (bsc#1260416). - CVE-2026-27784: NGINX worker memory overread or overwrite via a specially crafted MP4 file (bsc#1260417). - CVE-2026-28753: arbitrary header injection into SMTP upstream requests via attacker-controlled DNS server (bsc#1260418). The following package changes have been done: - nginx-1.21.5-150600.10.15.1 updated From sle-container-updates at lists.suse.com Sat May 9 07:08:10 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 May 2026 09:08:10 +0200 (CEST) Subject: SUSE-CU-2026:4821-1: Security update of private-registry/harbor-portal Message-ID: <20260509070810.30CF5FB96@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4821-1 Container Tags : private-registry/harbor-portal:1.1.2 , private-registry/harbor-portal:1.1.2-2.33 , private-registry/harbor-portal:latest Container Release : 2.33 Severity : important Type : security References : 1257675 1260416 1260417 1260418 CVE-2026-1642 CVE-2026-27654 CVE-2026-27784 CVE-2026-28753 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1761-1 Released: Fri May 8 10:58:08 2026 Summary: Security update for nginx Type: security Severity: important References: 1257675,1260416,1260417,1260418,CVE-2026-1642,CVE-2026-27654,CVE-2026-27784,CVE-2026-28753 This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack (bsc#1257675). - CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module` module (bsc#1260416). - CVE-2026-27784: NGINX worker memory overread or overwrite via a specially crafted MP4 file (bsc#1260417). - CVE-2026-28753: arbitrary header injection into SMTP upstream requests via attacker-controlled DNS server (bsc#1260418). The following package changes have been done: - nginx-1.21.5-150600.10.15.1 updated From sle-container-updates at lists.suse.com Sun May 10 07:08:44 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 May 2026 09:08:44 +0200 (CEST) Subject: SUSE-IU-2026:3273-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20260510070844.73EEAFCE1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3273-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.141 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.141 Severity : moderate Type : recommended References : 1239718 1246504 1252048 1253193 1258005 1258655 1259126 1259706 1259842 1261630 1261845 1263689 CVE-2025-39977 CVE-2025-71066 CVE-2026-23004 CVE-2026-23204 CVE-2026-23437 CVE-2026-31406 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 698 Released: Sat May 9 19:38:20 2026 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1239718,1246504,1252048,1253193,1258005,1258655,1259126,1259706,1259842,1261630,1261845,1263689,CVE-2025-39977,CVE-2025-71066,CVE-2026-23004,CVE-2026-23204,CVE-2026-23437,CVE-2026-31406,CVE-2026-31431 This update for libzypp, zypper fixes the following issues: Changes in libzypp: - Update to version 17.38.7: * Fix purge-kernel -rc kernel handling (bsc#1239718) * Explicitly_set_pool_DISTTYPE_RPM - Update to version 17.38.6: * Check for trusted key updates when updating the general keyring (bsc#1259706) * Support multiple MirroredOrigin authorities (bsc#1253193) * Workaround a doxygen bug * libzypp.spec: Add missing graphviz-gd BuildRequires (bsc#1259842) Changes in zypper: - Update to version 1.14.96: - Autorefresh ris-services the way as plugin-services (bsc#1246504) It's actually wrong to treat service refreshes different depending on the service type. For the purpose of a service it makes no difference how the data about the repos to use are acquired. The following package changes have been done: - SL-Micro-release-6.0-25.94 updated - libzypp-17.38.7-1.1 updated - zypper-1.14.96-1.1 updated - container:suse-toolbox-image-1.0.0-9.106 updated From sle-container-updates at lists.suse.com Sun May 10 07:06:49 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 May 2026 09:06:49 +0200 (CEST) Subject: SUSE-IU-2026:3272-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20260510070649.B0F29FCCC@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3272-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.174 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.174 Severity : moderate Type : security References : 1263366 1263367 CVE-2026-40355 CVE-2026-40356 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 701 Released: Sat May 9 18:16:13 2026 Summary: Security update for krb5 Type: security Severity: moderate References: 1263366,1263367,CVE-2026-40355,CVE-2026-40356 This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). The following package changes have been done: - SL-Micro-release-6.0-25.94 updated - krb5-1.20.1-8.1 updated - container:SL-Micro-base-container-2.1.3-7.141 updated From sle-container-updates at lists.suse.com Sun May 10 07:20:51 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 May 2026 09:20:51 +0200 (CEST) Subject: SUSE-CU-2026:4832-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20260510072051.71081FB96@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4832-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.106 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.106 Severity : important Type : security References : 1158038 1239718 1246504 1247948 1252048 1252744 1253193 1253740 1254157 1254158 1254159 1254160 1254480 1257882 1258005 1258193 1258655 1259126 1259311 1259706 1259842 1261630 1261845 1263689 CVE-2025-39977 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-71066 CVE-2026-23004 CVE-2026-23204 CVE-2026-23437 CVE-2026-31406 CVE-2026-31431 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 536 Released: Tue Dec 16 09:31:52 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1158038,1247948,1252744,1253740,1254157,1254158,1254159,1254160,1254480,1257882,1258193,1259311,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-66293: Fixed out-of-bounds read in png_image_read_composite (bsc#1254480). - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157). - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158). - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159). - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160). ----------------------------------------------------------------- Advisory ID: 698 Released: Sat May 9 19:38:20 2026 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1239718,1246504,1252048,1253193,1258005,1258655,1259126,1259706,1259842,1261630,1261845,1263689,CVE-2025-39977,CVE-2025-71066,CVE-2026-23004,CVE-2026-23204,CVE-2026-23437,CVE-2026-31406,CVE-2026-31431 This update for libzypp, zypper fixes the following issues: Changes in libzypp: - Update to version 17.38.7: * Fix purge-kernel -rc kernel handling (bsc#1239718) * Explicitly_set_pool_DISTTYPE_RPM - Update to version 17.38.6: * Check for trusted key updates when updating the general keyring (bsc#1259706) * Support multiple MirroredOrigin authorities (bsc#1253193) * Workaround a doxygen bug * libzypp.spec: Add missing graphviz-gd BuildRequires (bsc#1259842) Changes in zypper: - Update to version 1.14.96: - Autorefresh ris-services the way as plugin-services (bsc#1246504) It's actually wrong to treat service refreshes different depending on the service type. For the purpose of a service it makes no difference how the data about the repos to use are acquired. The following package changes have been done: - SL-Micro-release-6.0-25.94 updated - libzypp-17.38.7-1.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.93 updated - zypper-1.14.96-1.1 updated From sle-container-updates at lists.suse.com Sun May 10 07:22:27 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 May 2026 09:22:27 +0200 (CEST) Subject: SUSE-IU-2026:3276-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20260510072227.A80E0FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3276-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.104 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.104 Severity : moderate Type : security References : 1250471 1258074 1260876 1263366 1263367 CVE-2025-5791 CVE-2026-26007 CVE-2026-34073 CVE-2026-40355 CVE-2026-40356 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 522 Released: Sat May 9 17:45:07 2026 Summary: Security update for krb5 Type: security Severity: moderate References: 1250471,1258074,1260876,1263366,1263367,CVE-2025-5791,CVE-2026-26007,CVE-2026-34073,CVE-2026-40355,CVE-2026-40356 This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.12.37 updated - krb5-1.21.3-slfo.1.1_4.1 updated - libavahi-common3-0.8-slfo.1.1_7.1 updated - libavahi-core7-0.8-slfo.1.1_7.1 updated - libavahi-client3-0.8-slfo.1.1_7.1 updated - avahi-0.8-slfo.1.1_7.1 updated - container:SL-Micro-base-container-2.2.1-5.128 updated From sle-container-updates at lists.suse.com Sun May 10 07:24:15 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 May 2026 09:24:15 +0200 (CEST) Subject: SUSE-IU-2026:3277-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20260510072415.8BE36FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3277-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.128 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.128 Severity : moderate Type : security References : 1250471 1258074 1260876 1263366 1263367 CVE-2025-5791 CVE-2026-26007 CVE-2026-34073 CVE-2026-40355 CVE-2026-40356 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 522 Released: Sat May 9 17:45:07 2026 Summary: Security update for krb5 Type: security Severity: moderate References: 1250471,1258074,1260876,1263366,1263367,CVE-2025-5791,CVE-2026-26007,CVE-2026-34073,CVE-2026-40355,CVE-2026-40356 This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.12.37 updated - krb5-1.21.3-slfo.1.1_4.1 updated - container:suse-toolbox-image-1.0.0-5.51 updated From sle-container-updates at lists.suse.com Sun May 10 07:26:07 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 May 2026 09:26:07 +0200 (CEST) Subject: SUSE-IU-2026:3278-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20260510072607.AB4C1FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3278-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.129 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.129 Severity : moderate Type : security References : 1250471 1258074 1260876 1263366 1263367 CVE-2025-5791 CVE-2026-26007 CVE-2026-34073 CVE-2026-40355 CVE-2026-40356 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 522 Released: Sat May 9 17:45:07 2026 Summary: Security update for krb5 Type: security Severity: moderate References: 1250471,1258074,1260876,1263366,1263367,CVE-2025-5791,CVE-2026-26007,CVE-2026-34073,CVE-2026-40355,CVE-2026-40356 This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.12.37 updated - krb5-1.21.3-slfo.1.1_4.1 updated - container:SL-Micro-base-container-2.2.1-5.128 updated From sle-container-updates at lists.suse.com Sun May 10 07:28:04 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 10 May 2026 09:28:04 +0200 (CEST) Subject: SUSE-IU-2026:3279-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20260510072804.29127FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3279-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.119 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.119 Severity : moderate Type : security References : 1250471 1258074 1260876 1263366 1263367 CVE-2025-5791 CVE-2026-26007 CVE-2026-34073 CVE-2026-40355 CVE-2026-40356 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 522 Released: Sat May 9 17:45:07 2026 Summary: Security update for krb5 Type: security Severity: moderate References: 1250471,1258074,1260876,1263366,1263367,CVE-2025-5791,CVE-2026-26007,CVE-2026-34073,CVE-2026-40355,CVE-2026-40356 This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.12.37 updated - krb5-1.21.3-slfo.1.1_4.1 updated - container:SL-Micro-container-2.2.1-7.104 updated From sle-container-updates at lists.suse.com Mon May 11 07:21:17 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:21:17 +0200 (CEST) Subject: SUSE-CU-2026:4847-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-httpd Message-ID: <20260511072117.9F857F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4847-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.3.1.8.21.1 , suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest Container Release : 8.21.1 Severity : important Type : security References : 1259611 1259734 1259735 1259924 1259989 1260026 1261969 1261970 1262098 1262319 1262654 CVE-2025-13462 CVE-2025-69720 CVE-2026-1502 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). The following package changes have been done: - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - python3-base-3.6.15-150300.10.118.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:21:23 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:21:23 +0200 (CEST) Subject: SUSE-CU-2026:4848-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker Message-ID: <20260511072123.40793F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4848-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.3.1.9.19.2 , suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:latest Container Release : 9.19.2 Severity : important Type : security References : 1259611 1259734 1259735 1259924 1259989 1260026 1260589 1261969 1261970 1262098 1262319 1262654 1262760 1263007 CVE-2025-13462 CVE-2025-69720 CVE-2026-1502 CVE-2026-25645 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1647-1 Released: Tue Apr 28 20:02:59 2026 Summary: Security update for python-requests Type: security Severity: moderate References: 1260589,CVE-2026-25645 This update for python-requests fixes the following issues: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1807-1 Released: Mon May 11 08:03:00 2026 Summary: Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1262760,1263007 Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - python3-base-3.6.15-150300.10.118.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated - python311-requests-2.31.0-150400.6.21.1 updated - python311-salt-3006.0-150700.14.18.1 updated - salt-3006.0-150700.14.18.1 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:21:28 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:21:28 +0200 (CEST) Subject: SUSE-CU-2026:4849-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-squid Message-ID: <20260511072128.5CA24F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4849-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.3.1.8.19.1 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:latest Container Release : 8.19.1 Severity : important Type : security References : 1259611 1259734 1259735 1259924 1259989 1260026 1261969 1261970 1262098 1262319 1262654 CVE-2025-13462 CVE-2025-69720 CVE-2026-1502 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). The following package changes have been done: - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:21:33 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:21:33 +0200 (CEST) Subject: SUSE-CU-2026:4850-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-ssh Message-ID: <20260511072133.876A7F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4850-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.3.1.8.19.1 , suse/multi-linux-manager/5.1/x86_64/proxy-ssh:latest Container Release : 8.19.1 Severity : important Type : security References : 1259611 1259734 1259735 1259924 1259989 1260026 1261969 1261970 1262098 1262319 1262654 CVE-2025-13462 CVE-2025-69720 CVE-2026-1502 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). The following package changes have been done: - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:21:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:21:38 +0200 (CEST) Subject: SUSE-CU-2026:4851-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-tftpd Message-ID: <20260511072138.7273EF79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4851-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:5.1.3.1.8.19.1 , suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:latest Container Release : 8.19.1 Severity : important Type : security References : 1259611 1259734 1259735 1259924 1259989 1260026 1260589 1261969 1261970 1262098 1262319 1262654 CVE-2025-13462 CVE-2025-69720 CVE-2026-1502 CVE-2026-25645 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1644-1 Released: Tue Apr 28 15:31:39 2026 Summary: Security update for python-requests Type: security Severity: moderate References: 1260589,CVE-2026-25645 This update for python-requests fixes the following issues: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). The following package changes have been done: - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated - python3-requests-2.25.1-150300.3.21.1 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:21:43 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:21:43 +0200 (CEST) Subject: SUSE-CU-2026:4852-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-attestation Message-ID: <20260511072143.C55DDF79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4852-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.3.1.8.21.1 , suse/multi-linux-manager/5.1/x86_64/server-attestation:latest Container Release : 8.21.1 Severity : important Type : security References : 1259118 1261957 1262490 1262494 1262495 1262496 1262497 1262500 1262501 CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-34268 CVE-2026-34282 CVE-2026-34757 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1561-1 Released: Thu Apr 23 08:34:49 2026 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: This update for mozilla-nss fixes the following issues: Update to NSS 3.112.4: * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey. * Improving the allocation of S/MIME DecryptSymKey. * store email on subject cache_entry in NSS trust domain. * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation. * Improve size calculations in CMS content buffering. * avoid integer overflow while escaping RFC822 Names. * Reject excessively large ASN.1 SEQUENCE OF in quickder. * Deep copy profile data in CERT_FindSMimeProfile. * Improve input validation in DSAU signature decoding. * avoid integer overflow in RSA_EMSAEncodePSS. * RSA_EMSAEncodePSS should validate the length of mHash. * Add a maximum cert uncompressed len and tests. * Clarify extension negotiation mechanism for TLS Handshakes. * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree. * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag. * Remove invalid PORT_Free(). * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * make ss->ssl3.hs.cookie an owned-copy of the cookie. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1602-1 Released: Fri Apr 24 13:46:25 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1261957,CVE-2026-34757 This update for libpng16 fixes the following issue: - CVE-2026-34757: information disclosure and data corruption due to use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` (bsc#1261957). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1732-1 Released: Thu May 7 02:43:10 2026 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1259118,1262490,1262494,1262495,1262496,1262497,1262500,1262501,CVE-2026-22007,CVE-2026-22013,CVE-2026-22016,CVE-2026-22018,CVE-2026-22021,CVE-2026-23865,CVE-2026-34268,CVE-2026-34282 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.19+10 (April 2026 CPU). Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). - CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). - CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). - CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). - CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). - CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). - CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). - CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: - Provide the timezone-java and tzdata-java (jsc#PED-15898). The following package changes have been done: - libfreebl3-3.112.4-150400.3.66.1 updated - libpng16-16-1.6.40-150600.3.20.1 updated - mozilla-nss-certs-3.112.4-150400.3.66.1 updated - mozilla-nss-3.112.4-150400.3.66.1 updated - libsoftokn3-3.112.4-150400.3.66.1 updated - java-17-openjdk-headless-17.0.19.0-150400.3.66.2 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:21:49 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:21:49 +0200 (CEST) Subject: SUSE-CU-2026:4853-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api Message-ID: <20260511072149.23646F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4853-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.3.1.8.19.1 , suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:latest Container Release : 8.19.1 Severity : moderate Type : security References : 1259924 CVE-2025-69720 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). The following package changes have been done: - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:21:55 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:21:55 +0200 (CEST) Subject: SUSE-CU-2026:4854-1: Security update of suse/multi-linux-manager/5.1/x86_64/server Message-ID: <20260511072155.8A859F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4854-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/server:5.1.3.1.8.19.2 , suse/multi-linux-manager/5.1/x86_64/server:latest Container Release : 8.19.2 Severity : important Type : security References : 1258371 1259118 1259148 1259310 1259436 1259611 1259734 1259735 1259985 1259989 1259996 1260026 1260414 1260589 1260589 1261191 1261271 1261850 1261851 1261852 1261853 1261854 1261855 1261856 1261857 1261957 1261969 1261970 1262098 1262319 1262490 1262494 1262495 1262496 1262497 1262500 1262501 1262654 1262760 1263007 CVE-2025-13462 CVE-2025-66614 CVE-2026-1502 CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-24880 CVE-2026-25645 CVE-2026-25645 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-33412 CVE-2026-33554 CVE-2026-34268 CVE-2026-34282 CVE-2026-3446 CVE-2026-34483 CVE-2026-34486 CVE-2026-34487 CVE-2026-34500 CVE-2026-34714 CVE-2026-34757 CVE-2026-3479 CVE-2026-34982 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1536-1 Released: Tue Apr 21 16:49:27 2026 Summary: Recommended update for release-notes-multi-linux-manager Type: recommended Severity: moderate References: This update for release-notes-multi-linux-manager fixes the following issues: * Added support for Liberty Linux 10 as client. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1545-1 Released: Wed Apr 22 11:21:10 2026 Summary: Recommended update for ipmitool Type: recommended Severity: moderate References: 1259310 This update for ipmitool fixes the following issue: - Fix bad pid file creation in ipmievd (bsc#1259310). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1552-1 Released: Wed Apr 22 14:23:56 2026 Summary: Recommended update for adcli Type: recommended Severity: moderate References: 1259148,1259996 This update for adcli fixes the following issues: - Build with openldap 2.5 to support TLS channel binding; (bsc#1259148); - Add missing use-ldaps option; (bsc#1259996) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1559-1 Released: Thu Apr 23 06:44:53 2026 Summary: Recommended update for python-apache-libcloud, python3-apache-libcloud Type: recommended Severity: moderate References: This update for python-apache-libcloud fixes the following issues: python-apache-libcloud: - Deliver the Python 3.11 flavor as python311-apache-libcloud (jsc#PED-14450) - Package version at 3.8.0 python3-apache-libcloud: - Deliver the Python 3.6 flavor as python3-apache-libcloud (jsc#PED-14450) - Source package was renamed from python-apache-libcloud to python3-apache-libcloud to avoid conflicts with the Python 3.11 flavor - Package version at 3.3.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1561-1 Released: Thu Apr 23 08:34:49 2026 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: This update for mozilla-nss fixes the following issues: Update to NSS 3.112.4: * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey. * Improving the allocation of S/MIME DecryptSymKey. * store email on subject cache_entry in NSS trust domain. * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation. * Improve size calculations in CMS content buffering. * avoid integer overflow while escaping RFC822 Names. * Reject excessively large ASN.1 SEQUENCE OF in quickder. * Deep copy profile data in CERT_FindSMimeProfile. * Improve input validation in DSAU signature decoding. * avoid integer overflow in RSA_EMSAEncodePSS. * RSA_EMSAEncodePSS should validate the length of mHash. * Add a maximum cert uncompressed len and tests. * Clarify extension negotiation mechanism for TLS Handshakes. * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree. * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag. * Remove invalid PORT_Free(). * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * make ss->ssl3.hs.cookie an owned-copy of the cookie. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1602-1 Released: Fri Apr 24 13:46:25 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1261957,CVE-2026-34757 This update for libpng16 fixes the following issue: - CVE-2026-34757: information disclosure and data corruption due to use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` (bsc#1261957). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1604-1 Released: Fri Apr 24 13:48:06 2026 Summary: Security update for tomcat Type: security Severity: important References: 1258371,1261850,1261851,1261852,1261853,1261854,1261855,1261856,1261857,CVE-2025-66614,CVE-2026-24880,CVE-2026-25854,CVE-2026-29129,CVE-2026-29145,CVE-2026-29146,CVE-2026-32990,CVE-2026-34483,CVE-2026-34486,CVE-2026-34487,CVE-2026-34500 This update for tomcat fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371). Other fixes: - Update to Tomcat 9.0.117 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1607-1 Released: Fri Apr 24 13:50:52 2026 Summary: Security update for vim Type: security Severity: important References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982 This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). - CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). - CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1644-1 Released: Tue Apr 28 15:31:39 2026 Summary: Security update for python-requests Type: security Severity: moderate References: 1260589,CVE-2026-25645 This update for python-requests fixes the following issues: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1647-1 Released: Tue Apr 28 20:02:59 2026 Summary: Security update for python-requests Type: security Severity: moderate References: 1260589,CVE-2026-25645 This update for python-requests fixes the following issues: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1719-1 Released: Wed May 6 16:42:23 2026 Summary: Recommended update for sssd Type: recommended Severity: important References: 1259436 This update for sssd fixes the following issues: - With the 2.10 update sssd runs under unprivileged user which is not possible in certain scenarios. This update reverts to run as root with minimum privileges (bsc#1259436); - Let krb5 child tolerate missing capabilities; - Fix systemd try-restart warning when updating ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1732-1 Released: Thu May 7 02:43:10 2026 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1259118,1262490,1262494,1262495,1262496,1262497,1262500,1262501,CVE-2026-22007,CVE-2026-22013,CVE-2026-22016,CVE-2026-22018,CVE-2026-22021,CVE-2026-23865,CVE-2026-34268,CVE-2026-34282 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.19+10 (April 2026 CPU). Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). - CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). - CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). - CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). - CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). - CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). - CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). - CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: - Provide the timezone-java and tzdata-java (jsc#PED-15898). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1755-1 Released: Thu May 7 15:54:52 2026 Summary: Security update for freeipmi Type: security Severity: important References: 1260414,CVE-2026-33554 This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses (bsc#1260414). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1807-1 Released: Mon May 11 08:03:00 2026 Summary: Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1262760,1263007 Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - libfreebl3-3.112.4-150400.3.66.1 updated - libfreeipmi17-1.6.8-150400.3.3.1 updated - libipa_hbac0-2.10.2-150700.9.28.1 updated - libpng16-16-1.6.40-150600.3.20.1 updated - libsss_idmap0-2.10.2-150700.9.28.1 updated - libsss_nss_idmap0-2.10.2-150700.9.28.1 updated - release-notes-multi-linux-manager-5.1.3-150700.5.23.1 updated - susemanager-schema-utility-5.1.18-150700.3.19.1 updated - vim-data-common-9.2.0280-150500.20.46.1 updated - ipmitool-1.8.19.13.gbe11d94-150700.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-3.6.15-150300.10.118.1 updated - python3-curses-3.6.15-150300.10.118.1 updated - libsss_certmap0-2.10.2-150700.9.28.1 updated - mozilla-nss-certs-3.112.4-150400.3.66.1 updated - spacewalk-java-lib-5.1.25-150700.3.19.1 updated - vim-9.2.0280-150500.20.46.1 updated - adcli-0.8.2-150600.22.5.1 updated - mozilla-nss-3.112.4-150400.3.66.1 updated - libsoftokn3-3.112.4-150400.3.66.1 updated - susemanager-schema-5.1.18-150700.3.19.1 updated - sssd-ldap-2.10.2-150700.9.28.1 updated - sssd-2.10.2-150700.9.28.1 updated - sssd-krb5-common-2.10.2-150700.9.28.1 updated - java-17-openjdk-headless-17.0.19.0-150400.3.66.2 updated - sssd-krb5-2.10.2-150700.9.28.1 updated - sssd-dbus-2.10.2-150700.9.28.1 updated - python3-sssd-config-2.10.2-150700.9.28.1 updated - sssd-ad-2.10.2-150700.9.28.1 updated - tomcat-servlet-4_0-api-9.0.117-150200.105.1 updated - tomcat-el-3_0-api-9.0.117-150200.105.1 updated - java-17-openjdk-17.0.19.0-150400.3.66.2 updated - spacewalk-base-minimal-5.1.20-150700.3.17.1 updated - sssd-tools-2.10.2-150700.9.28.1 updated - sssd-ipa-2.10.2-150700.9.28.1 updated - tomcat-jsp-2_3-api-9.0.117-150200.105.1 updated - spacewalk-base-minimal-config-5.1.20-150700.3.17.1 updated - tomcat-lib-9.0.117-150200.105.1 updated - spacewalk-base-5.1.20-150700.3.17.1 updated - python311-requests-2.31.0-150400.6.21.1 updated - python3-requests-2.25.1-150300.3.21.1 updated - salt-3006.0-150700.14.18.1 updated - python311-salt-3006.0-150700.14.18.1 updated - python3-apache-libcloud-3.3.1-150400.9.3.1 updated - salt-master-3006.0-150700.14.18.1 updated - tomcat-9.0.117-150200.105.1 updated - salt-api-3006.0-150700.14.18.1 updated - spacewalk-java-postgresql-5.1.25-150700.3.19.1 updated - spacewalk-java-config-5.1.25-150700.3.19.1 updated - spacewalk-taskomatic-5.1.25-150700.3.19.1 updated - spacewalk-java-5.1.25-150700.3.19.1 updated - spacewalk-html-5.1.20-150700.3.17.1 updated - susemanager-tools-5.1.16-150700.3.12.1 updated - susemanager-5.1.16-150700.3.12.1 updated - container:bci-bci-init-15.7-4a0adf5155548b683c66ff485a7e982a444ac8c4fe688a46b0fc9ce7bf332fb6-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:22:00 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:22:00 +0200 (CEST) Subject: SUSE-CU-2026:4855-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-migration-14-16 Message-ID: <20260511072200.B749CF79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-migration-14-16 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4855-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.3.1.8.19.1 , suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:latest Container Release : 8.19.1 Severity : important Type : security References : 1259611 1259734 1259735 1259924 1259989 1260026 1261969 1261970 1262098 1262319 1262654 CVE-2025-13462 CVE-2025-69720 CVE-2026-1502 CVE-2026-3446 CVE-2026-3479 CVE-2026-3644 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). The following package changes have been done: - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - python3-base-3.6.15-150300.10.118.1 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:22:05 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:22:05 +0200 (CEST) Subject: SUSE-CU-2026:4856-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-postgresql Message-ID: <20260511072205.BB588F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-postgresql ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4856-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server-postgresql:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/server-postgresql:5.1.3.1.6.21.1 , suse/multi-linux-manager/5.1/x86_64/server-postgresql:latest Container Release : 6.21.1 Severity : moderate Type : security References : 1259924 CVE-2025-69720 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server-postgresql was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). The following package changes have been done: - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated - container:registry.suse.com-suse-postgres-16-aa96dafa55a34986818c1d69cb854a74c7e69159250adcb6040f698a246f2857-0 updated From sle-container-updates at lists.suse.com Mon May 11 07:22:11 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 11 May 2026 09:22:11 +0200 (CEST) Subject: SUSE-CU-2026:4857-1: Recommended update of suse/multi-linux-manager/5.1/x86_64/server-saline Message-ID: <20260511072211.147D3F79C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-saline ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4857-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.3.1 , suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.3.1.9.19.2 , suse/multi-linux-manager/5.1/x86_64/server-saline:latest Container Release : 9.19.2 Severity : moderate Type : recommended References : 1262760 1263007 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server-saline was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1807-1 Released: Mon May 11 08:03:00 2026 Summary: Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1262760,1263007 Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - salt-3006.0-150700.14.18.1 updated - python311-salt-3006.0-150700.14.18.1 updated - container:bci-bci-base-15.7-07d8c80b3c1b8287450453b5fb7fab24c31e32ee657f87deeb820b65120b8658-0 updated From sle-container-updates at lists.suse.com Tue May 12 07:07:45 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 May 2026 09:07:45 +0200 (CEST) Subject: SUSE-IU-2026:3292-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20260512070745.801FBFB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3292-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.582 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.582 Severity : important Type : security References : 1222465 1229655 1233655 1234736 1246965 1247850 1247858 1248586 1249055 1250553 1253043 1253741 1254297 1254441 1254662 1254666 1254670 1254670 1254878 1255731 1255732 1255733 1255734 1256105 1256766 1256805 1256807 1256808 1256809 1256811 1256812 1256822 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1257005 1257049 1257144 1257359 1257463 1257496 1257593 1257594 1257595 1258045 1258049 1258054 1258080 1258081 1258392 1258568 1258859 1259362 1259362 1259363 1259364 1259365 1259377 1259418 1259619 1259650 1259697 1259711 1259726 1259729 1259845 1259924 1260441 1260442 1260443 1260444 1261678 1261809 1262144 1262631 1262632 1262635 1262636 1262638 510058 CVE-2025-10158 CVE-2025-10911 CVE-2025-13601 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-7039 CVE-2025-70873 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058 CVE-2025-8732 CVE-2025-9615 CVE-2026-0861 CVE-2026-0915 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-22795 CVE-2026-22796 CVE-2026-24515 CVE-2026-25210 CVE-2026-27135 CVE-2026-27171 CVE-2026-2781 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-29111 CVE-2026-31789 CVE-2026-3184 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4377-1 Released: Fri Dec 12 10:37:09 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:41-1 Released: Tue Jan 6 11:33:23 2026 Summary: Security update for rsync Type: security Severity: moderate References: 1254441,CVE-2025-10158 This update for rsync fixes the following issues: - CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:117-1 Released: Tue Jan 13 05:33:38 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:359-1 Released: Mon Feb 2 10:54:54 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:570-1 Released: Tue Feb 17 17:38:47 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1247858,1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:783-1 Released: Tue Mar 3 14:36:14 2026 Summary: Security update for zlib Type: security Severity: moderate References: 1258392,CVE-2026-27171 This update for zlib fixes the following issue: - CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing checks for negative lengths (bsc#1258392). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:791-1 Released: Tue Mar 3 16:59:33 2026 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1257463 This update for gcc15 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:813-1 Released: Thu Mar 5 09:33:59 2026 Summary: Security update for mozilla-nss Type: security Severity: moderate References: 1258568,CVE-2026-2781 This update for mozilla-nss fixes the following issues: Update to NSS 3.112.3: * CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:826-1 Released: Thu Mar 5 16:16:29 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:856-1 Released: Tue Mar 10 09:35:24 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1258859,CVE-2026-3184 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:896-1 Released: Fri Mar 13 16:25:07 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) - CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) - CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:911-1 Released: Tue Mar 17 20:56:12 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1061-1 Released: Thu Mar 26 11:35:08 2026 Summary: Security update for systemd Type: security Severity: important References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - 6a38d88a42 machined: reject invalid class types when registering machines - 8c9a592e5a udev: fix review mixup - b57007a917 udev-builtin-net-id: print cescaped bad attributes - ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX - 0f63e799e6 udev: ensure tag parsing stays within bounds - 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf - 5be21460ce udev: check for invalid chars in various fields received from the kernel - 9559607b16 core/cgroup: avoid one unnecessary strjoina() - fcae348ca4 core: validate input cgroup path more prudently - a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere - 08125d6b06 units: add dep on systemd-logind.service by user at .service ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1065-1 Released: Thu Mar 26 11:38:12 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1087-1 Released: Thu Mar 26 16:20:57 2026 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1222465,1234736 This update for util-linux fixes the following issues: - recognize fuse 'portal' as a virtual file system (bsc#1234736). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1166-1 Released: Thu Apr 2 03:08:04 2026 Summary: Security update for expat Type: security Severity: important References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1247-1 Released: Fri Apr 10 12:34:39 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1259845,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1290-1 Released: Mon Apr 13 10:08:34 2026 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1260441,1260442,1260443,1260444,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1403-1 Released: Thu Apr 16 13:34:01 2026 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1427-1 Released: Fri Apr 17 11:58:37 2026 Summary: Security update for NetworkManager Type: security Severity: moderate References: 1257359,CVE-2025-9615 This update for NetworkManager fixes the following issue: - CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1432-1 Released: Fri Apr 17 12:12:08 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1550-1 Released: Wed Apr 22 11:41:14 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1261678,CVE-2026-28390 This update for openssl-1_1 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1561-1 Released: Thu Apr 23 08:34:49 2026 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: This update for mozilla-nss fixes the following issues: Update to NSS 3.112.4: * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey. * Improving the allocation of S/MIME DecryptSymKey. * store email on subject cache_entry in NSS trust domain. * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation. * Improve size calculations in CMS content buffering. * avoid integer overflow while escaping RFC822 Names. * Reject excessively large ASN.1 SEQUENCE OF in quickder. * Deep copy profile data in CERT_FindSMimeProfile. * Improve input validation in DSAU signature decoding. * avoid integer overflow in RSA_EMSAEncodePSS. * RSA_EMSAEncodePSS should validate the length of mHash. * Add a maximum cert uncompressed len and tests. * Clarify extension negotiation mechanism for TLS Handshakes. * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree. * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag. * Remove invalid PORT_Free(). * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * make ss->ssl3.hs.cookie an owned-copy of the cookie. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1565-1 Released: Thu Apr 23 09:08:29 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1659-1 Released: Wed Apr 29 13:09:06 2026 Summary: Security update for sed Type: security Severity: moderate References: 1262144,CVE-2026-5958 This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - glibc-2.31-150300.98.1 updated - libz1-1.2.13-150500.4.6.1 updated - libuuid1-2.37.4-150500.9.26.1 updated - libudev1-249.17-150400.8.55.1 updated - libsmartcols1-2.37.4-150500.9.26.1 updated - libgcc_s1-15.2.0+git10201-150000.1.9.1 updated - libexpat1-2.7.1-150400.3.37.1 updated - libcap2-2.63-150400.3.6.1 updated - libblkid1-2.37.4-150500.9.26.1 updated - libxml2-2-2.10.3-150500.5.38.1 updated - libopenssl1_1-1.1.1l-150500.17.54.1 updated - libstdc++6-15.2.0+git10201-150000.1.9.1 updated - libfdisk1-2.37.4-150500.9.26.1 updated - libmount1-2.37.4-150500.9.26.1 updated - libkmod2-29-150300.4.18.1 updated - libsystemd0-249.17-150400.8.55.1 updated - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.18.4 updated - sed-4.4-150300.13.6.1 updated - util-linux-2.37.4-150500.9.26.1 updated - kmod-29-150300.4.18.1 updated - systemd-249.17-150400.8.55.1 updated - util-linux-systemd-2.37.4-150500.9.26.1 updated - udev-249.17-150400.8.55.1 updated - libdevmapper-event1_03-2.03.22_1.02.196-150500.7.18.4 updated - libfreebl3-3.112.4-150400.3.66.1 updated - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libnghttp2-14-1.40.0-150200.22.1 updated - libsasl2-3-2.1.28-150500.3.3.1 updated - libsqlite3-0-3.51.3-150000.3.39.1 updated - libssh-config-0.9.8-150400.3.17.1 updated - libgobject-2_0-0-2.70.5-150400.3.34.1 updated - libgmodule-2_0-0-2.70.5-150400.3.34.1 updated - libssh4-0.9.8-150400.3.17.1 updated - mozilla-nss-certs-3.112.4-150400.3.66.1 updated - device-mapper-2.03.22_1.02.196-150500.7.18.4 updated - libgio-2_0-0-2.70.5-150400.3.34.1 updated - glib2-tools-2.70.5-150400.3.34.1 updated - libcurl4-8.14.1-150400.5.83.1 updated - mozilla-nss-3.112.4-150400.3.66.1 updated - libsoftokn3-3.112.4-150400.3.66.1 updated - libnm0-1.38.6-150500.3.5.1 updated - NetworkManager-1.38.6-150500.3.5.1 updated - liblvm2cmd2_03-2.03.22-150500.7.18.4 updated - lvm2-2.03.22-150500.7.18.4 updated - glibc-locale-base-2.31-150300.98.1 updated - rsync-3.2.3-150400.3.26.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.8.1 updated From sle-container-updates at lists.suse.com Tue May 12 07:19:20 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 May 2026 09:19:20 +0200 (CEST) Subject: SUSE-IU-2026:3295-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20260512071920.085CDF79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3295-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.142 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.142 Severity : moderate Type : security References : 1252930 1252931 1252932 1252933 1252934 1252935 1258907 1258909 1263726 1263728 1263729 1263731 1263732 1263733 1263734 1263735 1263736 1263737 1263739 1263741 1263742 1263743 1263744 1263745 1263746 1263747 1263749 1263750 1263751 1263752 1263753 1263754 1263756 1263757 1263762 1263765 1263766 1263767 1263809 CVE-2025-54770 CVE-2025-54771 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2026-3201 CVE-2026-3203 CVE-2026-5299 CVE-2026-5401 CVE-2026-5403 CVE-2026-5404 CVE-2026-5405 CVE-2026-5406 CVE-2026-5407 CVE-2026-5408 CVE-2026-5409 CVE-2026-5653 CVE-2026-5654 CVE-2026-5656 CVE-2026-5657 CVE-2026-6519 CVE-2026-6520 CVE-2026-6521 CVE-2026-6522 CVE-2026-6523 CVE-2026-6524 CVE-2026-6527 CVE-2026-6529 CVE-2026-6530 CVE-2026-6531 CVE-2026-6532 CVE-2026-6533 CVE-2026-6534 CVE-2026-6535 CVE-2026-6537 CVE-2026-6538 CVE-2026-6868 CVE-2026-6869 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 702 Released: Mon May 11 10:48:36 2026 Summary: Security update for grub2 Type: security Severity: moderate References: 1252930,1252931,1252932,1252933,1252934,1252935,1258907,1258909,1263726,1263728,1263729,1263731,1263732,1263733,1263734,1263735,1263736,1263737,1263739,1263741,1263742,1263743,1263744,1263745,1263746,1263747,1263749,1263750,1263751,1263752,1263753,1263754,1263756,1263757,1263762,1263765,1263766,1263767,1263809,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664,CVE-2026-3201,CVE-2026-3203,CVE-2026-5299,CVE-2026-5401,CVE-2026-5403,CVE-2026-5404,CVE-2026-5405,CVE-2026-5406,CVE-2026-5407,CVE-2026-5408,CVE-2026-5409,CVE-2026-5653,CVE-2026-5654,CVE-2026-5656,CVE-2026-5657,CVE-2026-6519,CVE-2026-6520,CVE-2026-6521,CVE-2026-6522,CVE-2026-6523,CVE-2026-6524,CVE-2026-6527,CVE-2026-6529,CVE-2026-6530,CVE-2026-6531,CVE-2026-6532,CVE-2026-6533,CVE-2026-6534,CVE-2026-6535,CVE-2026-6537,CVE-2026-6538,CVE-2026-6868,CVE-2026-6869 This update for grub2 fixes the following issues - CVE-2025-54770: Missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930). - CVE-2025-54771: grub_file_close() does not properly controls the fs refcount (bsc#1252931). - CVE-2025-61661: Out-of-bounds write in grub_usb_get_string() function (bsc#1252932). - CVE-2025-61662: Missing unregister call for gettext command may lead to use-after-free (bsc#1252933). - CVE-2025-61663: Missing unregister call for normal commands may lead to use-after-free (bsc#1252934). - CVE-2025-61664: Missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935). Changes for grub2: - Bump upstream SBAT generation to 6 The following package changes have been done: - grub2-2.12~rc1-8.1 updated - grub2-i386-pc-2.12~rc1-8.1 updated - grub2-x86_64-efi-2.12~rc1-8.1 updated From sle-container-updates at lists.suse.com Tue May 12 07:23:51 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 May 2026 09:23:51 +0200 (CEST) Subject: SUSE-IU-2026:3297-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20260512072351.6724BF79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3297-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.172 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.172 Severity : important Type : security References : 1264449 1264450 CVE-2026-43284 CVE-2026-43500 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-397 Released: Mon May 11 13:16:00 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1264449,1264450,CVE-2026-43284,CVE-2026-43500 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 RT kernel was updated to fix the following issues: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). - CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). The following package changes have been done: - kernel-rt-6.4.0-43.1 updated - container:SL-Micro-container-2.1.3-6.175 updated From sle-container-updates at lists.suse.com Tue May 12 07:31:49 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 May 2026 09:31:49 +0200 (CEST) Subject: SUSE-IU-2026:3298-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20260512073149.BF1F2F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3298-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.120 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.120 Severity : important Type : security References : 1264449 1264450 CVE-2026-43284 CVE-2026-43500 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-397 Released: Mon May 11 13:16:00 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1264449,1264450,CVE-2026-43284,CVE-2026-43500 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 RT kernel was updated to fix the following issues: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). - CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). The following package changes have been done: - kernel-rt-6.4.0-43.1 updated From sle-container-updates at lists.suse.com Thu May 7 07:17:35 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 7 May 2026 09:17:35 +0200 (CEST) Subject: SUSE-CU-2026:4709-1: Security update of rancher/seedimage-builder Message-ID: <20260507071735.31826F79C@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4709-1 Container Tags : rancher/seedimage-builder:1.7.4 , rancher/seedimage-builder:1.7.4-4.55 Container Release : 4.55 Severity : important Type : security References : 1084929 1084929 1215720 1216355 1216378 1218459 1221126 1222465 1228081 1229122 1229376 1229950 1234634 1234736 1236621 1236877 1238686 1238849 1238929 1240150 1240385 1240626 1240698 1241830 1242114 1242174 1242844 1243105 1243226 1243268 1243274 1243297 1243419 1243581 1243802 1243833 1243867 1244035 1244485 1244561 1244564 1244565 1244566 1244567 1244568 1244570 1244571 1244572 1244574 1244575 1244596 1244933 1245169 1245292 1245985 1246038 1246118 1246466 1246556 1246602 1246623 1246790 1246965 1246995 1247054 1247326 1247594 1247690 1247719 1247720 1247735 1247816 1247816 1247884 1247885 1248373 1248410 1248438 1248502 1248516 1248678 1248687 1249013 1249385 1249590 1250373 1250692 1250748 1250952 1251135 1251194 1251966 1251971 1252008 1252148 1252266 1252337 1252376 1252543 1252729 1252911 1252924 1253126 1253129 1253132 1253334 1253691 1254094 1254132 1254293 1254817 1254928 1255129 1255144 1255148 1255285 1255311 1255490 1255572 1255721 1255868 1256427 1256459 1256525 1256526 1256624 1256640 1256644 1256675 1256679 1256708 1256732 1256766 1256780 1256784 1256802 1256805 1256822 1256830 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1256865 1256867 1257005 1257007 1257144 1257153 1257154 1257174 1257209 1257222 1257228 1257231 1257238 1257244 1257246 1257332 1257364 1257365 1257466 1257472 1257473 1257496 1257551 1257552 1257553 1257554 1257556 1257557 1257559 1257560 1257561 1257562 1257565 1257570 1257572 1257573 1257576 1257579 1257580 1257581 1257586 1257600 1257631 1257635 1257679 1257682 1257686 1257687 1257688 1257704 1257705 1257706 1257707 1257709 1257714 1257715 1257716 1257718 1257722 1257723 1257726 1257729 1257730 1257732 1257734 1257735 1257737 1257739 1257740 1257741 1257742 1257743 1257745 1257749 1257750 1257755 1257757 1257758 1257759 1257761 1257762 1257763 1257765 1257768 1257770 1257772 1257775 1257776 1257788 1257789 1257790 1257805 1257808 1257809 1257811 1257813 1257814 1257815 1257816 1257817 1257818 1257830 1257877 1257904 1257918 1257927 1257942 1257952 1257960 1258002 1258020 1258022 1258051 1258083 1258153 1258181 1258183 1258184 1258222 1258229 1258232 1258234 1258236 1258237 1258245 1258249 1258252 1258256 1258258 1258259 1258272 1258273 1258276 1258277 1258279 1258286 1258289 1258290 1258297 1258298 1258299 1258303 1258304 1258308 1258309 1258313 1258317 1258321 1258323 1258324 1258326 1258331 1258338 1258349 1258354 1258355 1258358 1258374 1258376 1258377 1258379 1258389 1258392 1258394 1258395 1258397 1258411 1258415 1258419 1258421 1258422 1258424 1258429 1258430 1258442 1258455 1258461 1258464 1258465 1258468 1258469 1258483 1258484 1258489 1258517 1258518 1258519 1258520 1258524 1258544 1258637 1258660 1258664 1258672 1258784 1258786 1258824 1258859 1259051 1259118 1259329 1259362 1259362 1259363 1259364 1259365 1259377 1259418 1259456 1259467 1259543 1259548 1259650 1259697 1259711 1259726 1259729 1259845 1259845 1260078 1260082 1260754 1260755 1260871 1261809 1261957 1262144 1262631 1262632 1262635 1262636 1262638 142461 391434 544339 CVE-2021-21411 CVE-2023-45853 CVE-2024-12224 CVE-2024-25621 CVE-2024-38822 CVE-2024-38823 CVE-2024-38824 CVE-2024-38825 CVE-2024-43806 CVE-2024-44906 CVE-2025-11896 CVE-2025-14831 CVE-2025-15281 CVE-2025-15467 CVE-2025-20053 CVE-2025-20109 CVE-2025-22236 CVE-2025-22237 CVE-2025-22238 CVE-2025-22239 CVE-2025-22240 CVE-2025-22241 CVE-2025-22242 CVE-2025-22839 CVE-2025-22840 CVE-2025-22870 CVE-2025-22872 CVE-2025-22889 CVE-2025-26403 CVE-2025-28162 CVE-2025-28164 CVE-2025-31133 CVE-2025-32086 CVE-2025-39753 CVE-2025-39964 CVE-2025-40099 CVE-2025-40103 CVE-2025-40230 CVE-2025-40918 CVE-2025-41244 CVE-2025-4373 CVE-2025-44779 CVE-2025-4674 CVE-2025-46836 CVE-2025-47287 CVE-2025-47906 CVE-2025-47907 CVE-2025-47907 CVE-2025-50738 CVE-2025-52565 CVE-2025-52881 CVE-2025-53534 CVE-2025-53906 CVE-2025-53942 CVE-2025-54386 CVE-2025-54388 CVE-2025-54389 CVE-2025-54409 CVE-2025-54410 CVE-2025-54424 CVE-2025-54576 CVE-2025-54799 CVE-2025-54801 CVE-2025-54882 CVE-2025-54996 CVE-2025-54997 CVE-2025-54998 CVE-2025-54999 CVE-2025-55000 CVE-2025-55001 CVE-2025-55003 CVE-2025-58160 CVE-2025-5999 CVE-2025-6000 CVE-2025-6004 CVE-2025-6011 CVE-2025-6013 CVE-2025-6014 CVE-2025-6015 CVE-2025-6018 CVE-2025-6037 CVE-2025-6052 CVE-2025-61962 CVE-2025-64329 CVE-2025-68160 CVE-2025-68173 CVE-2025-68186 CVE-2025-68292 CVE-2025-68295 CVE-2025-68329 CVE-2025-68371 CVE-2025-68745 CVE-2025-68785 CVE-2025-68810 CVE-2025-68813 CVE-2025-68818 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-71071 CVE-2025-71085 CVE-2025-71104 CVE-2025-71120 CVE-2025-71125 CVE-2025-71134 CVE-2025-71161 CVE-2025-71182 CVE-2025-71183 CVE-2025-71184 CVE-2025-71185 CVE-2025-71186 CVE-2025-71188 CVE-2025-71189 CVE-2025-71190 CVE-2025-71191 CVE-2025-71192 CVE-2025-71193 CVE-2025-71194 CVE-2025-71195 CVE-2025-71196 CVE-2025-71197 CVE-2025-71198 CVE-2025-71199 CVE-2025-71200 CVE-2025-71222 CVE-2025-71224 CVE-2025-71225 CVE-2025-71229 CVE-2025-71231 CVE-2025-71232 CVE-2025-71233 CVE-2025-71234 CVE-2025-71235 CVE-2025-71236 CVE-2025-7195 CVE-2025-7700 CVE-2025-8058 CVE-2025-8067 CVE-2025-8341 CVE-2025-9820 CVE-2026-0861 CVE-2026-0915 CVE-2026-0989 CVE-2026-1965 CVE-2026-1965 CVE-2026-22693 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796 CVE-2026-22801 CVE-2026-22979 CVE-2026-22980 CVE-2026-22998 CVE-2026-22999 CVE-2026-23003 CVE-2026-23004 CVE-2026-23010 CVE-2026-23017 CVE-2026-23018 CVE-2026-23021 CVE-2026-23022 CVE-2026-23023 CVE-2026-23024 CVE-2026-23026 CVE-2026-23030 CVE-2026-23031 CVE-2026-23033 CVE-2026-23035 CVE-2026-23037 CVE-2026-23038 CVE-2026-23042 CVE-2026-23047 CVE-2026-23049 CVE-2026-23050 CVE-2026-23053 CVE-2026-23054 CVE-2026-23055 CVE-2026-23056 CVE-2026-23057 CVE-2026-23058 CVE-2026-23059 CVE-2026-23060 CVE-2026-23061 CVE-2026-23062 CVE-2026-23063 CVE-2026-23064 CVE-2026-23065 CVE-2026-23066 CVE-2026-23068 CVE-2026-23069 CVE-2026-23070 CVE-2026-23071 CVE-2026-23073 CVE-2026-23074 CVE-2026-23074 CVE-2026-23076 CVE-2026-23078 CVE-2026-23080 CVE-2026-23082 CVE-2026-23083 CVE-2026-23084 CVE-2026-23085 CVE-2026-23086 CVE-2026-23088 CVE-2026-23089 CVE-2026-23090 CVE-2026-23091 CVE-2026-23094 CVE-2026-23095 CVE-2026-23096 CVE-2026-23097 CVE-2026-23099 CVE-2026-23100 CVE-2026-23101 CVE-2026-23102 CVE-2026-23104 CVE-2026-23105 CVE-2026-23107 CVE-2026-23108 CVE-2026-23110 CVE-2026-23111 CVE-2026-23111 CVE-2026-23112 CVE-2026-23116 CVE-2026-23119 CVE-2026-23121 CVE-2026-23123 CVE-2026-23128 CVE-2026-23129 CVE-2026-23131 CVE-2026-23133 CVE-2026-23135 CVE-2026-23136 CVE-2026-23137 CVE-2026-23139 CVE-2026-23141 CVE-2026-23142 CVE-2026-23144 CVE-2026-23145 CVE-2026-23146 CVE-2026-23148 CVE-2026-23150 CVE-2026-23151 CVE-2026-23152 CVE-2026-23154 CVE-2026-23155 CVE-2026-23156 CVE-2026-23157 CVE-2026-23158 CVE-2026-23161 CVE-2026-23163 CVE-2026-23166 CVE-2026-23167 CVE-2026-23169 CVE-2026-23170 CVE-2026-23171 CVE-2026-23172 CVE-2026-23173 CVE-2026-23176 CVE-2026-23177 CVE-2026-23178 CVE-2026-23179 CVE-2026-23182 CVE-2026-23188 CVE-2026-23189 CVE-2026-23190 CVE-2026-23191 CVE-2026-23198 CVE-2026-23202 CVE-2026-23207 CVE-2026-23208 CVE-2026-23209 CVE-2026-23209 CVE-2026-23210 CVE-2026-23213 CVE-2026-23214 CVE-2026-23221 CVE-2026-23222 CVE-2026-23223 CVE-2026-23224 CVE-2026-23229 CVE-2026-23230 CVE-2026-23865 CVE-2026-24515 CVE-2026-25210 CVE-2026-25646 CVE-2026-25727 CVE-2026-25727 CVE-2026-25727 CVE-2026-25799 CVE-2026-26269 CVE-2026-26996 CVE-2026-27135 CVE-2026-27135 CVE-2026-27171 CVE-2026-28417 CVE-2026-28690 CVE-2026-29111 CVE-2026-30883 CVE-2026-3184 CVE-2026-31979 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33416 CVE-2026-33636 CVE-2026-34352 CVE-2026-34757 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4437 CVE-2026-4438 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 386 Released: Fri Feb 13 15:09:31 2026 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1228081,1243226,1254094,1254293,1255285,1256427,1257007,1257153,1257244,CVE-2025-6018 This update for systemd fixes the following issues: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) This way, both the old and new versions of the shared libraries will be present during the update. This should prevent issues during package updates when incompatible changes are introduced in the new versions of the shared libraries. - detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293) ----------------------------------------------------------------- Advisory ID: 392 Released: Mon Feb 16 09:18:45 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1236621,1236877,1238686,1238849,1238929,1240626,1240698,1242174,1243105,1243268,1243274,1243297,1243802,1244561,1244564,1244565,1244566,1244567,1244568,1244570,1244571,1244572,1244574,1244575,1252729,1256805,CVE-2024-38822,CVE-2024-38823,CVE-2024-38824,CVE-2024-38825,CVE-2025-22236,CVE-2025-22237,CVE-2025-22238,CVE-2025-22239,CVE-2025-22240,CVE-2025-22241,CVE-2025-22242,CVE-2025-22870,CVE-2025-47287,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). ----------------------------------------------------------------- Advisory ID: 395 Released: Mon Feb 16 09:54:43 2026 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1242844,1244596,1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1257918,CVE-2025-15467,CVE-2025-4373,CVE-2025-6052,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796,CVE-2026-25727 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). ----------------------------------------------------------------- Advisory ID: 410 Released: Tue Feb 17 10:33:51 2026 Summary: Security update for expat Type: security Severity: important References: 1229376,1229950,1243867,1245169,1257144,1257496,391434,CVE-2024-12224,CVE-2024-43806,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). ----------------------------------------------------------------- Advisory ID: 398 Released: Tue Feb 17 10:40:29 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1240150,1241830,1242114,1243833,1244035,1246556,1248516,1257877,1257927,CVE-2025-22872,CVE-2026-25727 This update for grub2 fixes the following issues: - Optimize PBKDF2 to reduce the decryption time (bsc#1248516) * lib/crypto: Introduce new HMAC functions to reuse buffers * lib/pbkdf2: Optimize PBKDF2 by reusing HMAC handle * kern/misc: Implement faster grub_memcpy() for aligned buffers ----------------------------------------------------------------- Advisory ID: 411 Released: Thu Feb 26 12:25:49 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1218459,1245985,1246038,1246466,1247054,1247690,1252337,1256525,1256526,1257364,1257365,1258020,CVE-2025-11896,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646 This update for libpng16 fixes the following issues: - CVE-2026-25646: Fixed a heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). ----------------------------------------------------------------- Advisory ID: 417 Released: Mon Mar 2 15:52:11 2026 Summary: Security update for glibc Type: security Severity: important References: 1240385,1244933,1246602,1246965,1256766,1256822,1257005,1258229,1259051,CVE-2025-15281,CVE-2025-53906,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915,CVE-2026-26269,CVE-2026-28417 This update for glibc fixes the following issues: - CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005). - CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965). ----------------------------------------------------------------- Advisory ID: 423 Released: Wed Mar 4 10:35:51 2026 Summary: Security update for ca-certificates-mozilla Type: security Severity: moderate References: 1256459,1258002,CVE-2021-21411,CVE-2024-44906,CVE-2025-44779,CVE-2025-47907,CVE-2025-50738,CVE-2025-53534,CVE-2025-53942,CVE-2025-54386,CVE-2025-54388,CVE-2025-54410,CVE-2025-54424,CVE-2025-54576,CVE-2025-54799,CVE-2025-54801,CVE-2025-54996,CVE-2025-54997,CVE-2025-54998,CVE-2025-54999,CVE-2025-55000,CVE-2025-55001,CVE-2025-55003,CVE-2025-5999,CVE-2025-6000,CVE-2025-6004,CVE-2025-6011,CVE-2025-6013,CVE-2025-6014,CVE-2025-6015,CVE-2025-6037,CVE-2025-7195,CVE-2025-8341,CVE-2026-22693 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.84 state of Mozilla SSL root CAs (bsc#1258002) - Removed: - Baltimore CyberTrust Root - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - DigiNotar Root CA - Added: - e-Szigno TLS Root CA 2023 - OISTE Client Root ECC G1 - OISTE Client Root RSA G1 - OISTE Server Root ECC G1 - OISTE Server Root RSA G1 - SwissSign RSA SMIME Root CA 2022 - 1 - SwissSign RSA TLS Root CA 2022 - 1 - TrustAsia SMIME ECC Root CA - TrustAsia SMIME RSA Root CA - TrustAsia TLS ECC Root CA - TrustAsia TLS RSA Root CA ----------------------------------------------------------------- Advisory ID: 432 Released: Mon Mar 9 11:25:10 2026 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,1245292,1247326,1247816,1258392,1259845,CVE-2023-45853,CVE-2026-27135,CVE-2026-27171 This update for zlib fixes the following issues: - CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) - CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ----------------------------------------------------------------- Advisory ID: 435 Released: Tue Mar 10 19:43:23 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1229122,1234634,1246118,1247719,1247720,1247816,1249590,1250748,1251135,1251966,1251971,1252008,1252266,1252911,1252924,1253129,1253691,1254817,1254928,1255129,1255144,1255148,1255311,1255490,1255572,1255721,1255868,1256640,1256675,1256679,1256708,1256732,1256784,1256802,1256865,1256867,1257154,1257174,1257209,1257222,1257228,1257231,1257246,1257332,1257466,1257472,1257473,1257551,1257552,1257553,1257554,1257556,1257557,1257559,1257560,1257561,1257562,1257565,1257570,1257572,1257573,1257576,1257579,1257580,1257581,1257586,1257600,1257631,1257635,1257679,1257682,1257686,1257687,1257688,1257704,1257705,1257706,1257707,1257709,1257714,1257715,1257716,1257718,1257722,1257723,1257726,1257729,1257730,1257732,1257734,1257735,1257737,1257739,1257740,1257741,1257742,1257743,1257745,1257749,1257750,1257755,1257757,1257758,1257759,1257761,1257762,1257763,1257765,1257768,1257770,1257772,1257775,1257776,1257788,1257789,1257790,1257805,1257808,1257809,1257811,1257813,1257814,1257815,1 257816,1257817,1257818,1257830,1257942,1257952,1258153,1258181,1258184,1258222,1258232,1258234,1258237,1258245,1258249,1258252,1258256,1258258,1258259,1258272,1258273,1258276,1258277,1258279,1258286,1258289,1258290,1258297,1258298,1258299,1258303,1258304,1258308,1258309,1258313,1258317,1258321,1258323,1258324,1258326,1258331,1258338,1258349,1258354,1258355,1258358,1258374,1258376,1258377,1258379,1258389,1258394,1258395,1258397,1258411,1258415,1258419,1258421,1258422,1258424,1258429,1258430,1258442,1258455,1258461,1258464,1258465,1258468,1258469,1258483,1258484,1258489,1258517,1258518,1258519,1258520,1258524,1258544,1258660,1258672,1258824,1258859,1259329,CVE-2025-39753,CVE-2025-39964,CVE-2025-40099,CVE-2025-40103,CVE-2025-40230,CVE-2025-4674,CVE-2025-47906,CVE-2025-47907,CVE-2025-68173,CVE-2025-68186,CVE-2025-68292,CVE-2025-68295,CVE-2025-68329,CVE-2025-68371,CVE-2025-68745,CVE-2025-68785,CVE-2025-68810,CVE-2025-68818,CVE-2025-71071,CVE-2025-71104,CVE-2025-71125,CVE-2025-71134,CVE-2 025-71161,CVE-2025-71182,CVE-2025-71183,CVE-2025-71184,CVE-2025-71185,CVE-2025-71186,CVE-2025-71188,CVE-2025-71189,CVE-2025-71190,CVE-2025-71191,CVE-2025-71192,CVE-2025-71193,CVE-2025-71194,CVE-2025-71195,CVE-2025-71196,CVE-2025-71197,CVE-2025-71198,CVE-2025-71199,CVE-2025-71200,CVE-2025-71222,CVE-2025-71224,CVE-2025-71225,CVE-2025-71229,CVE-2025-71231,CVE-2025-71232,CVE-2025-71233,CVE-2025-71234,CVE-2025-71235,CVE-2025-71236,CVE-2026-22979,CVE-2026-22980,CVE-2026-22998,CVE-2026-23003,CVE-2026-23004,CVE-2026-23010,CVE-2026-23017,CVE-2026-23018,CVE-2026-23021,CVE-2026-23022,CVE-2026-23023,CVE-2026-23024,CVE-2026-23026,CVE-2026-23030,CVE-2026-23031,CVE-2026-23033,CVE-2026-23035,CVE-2026-23037,CVE-2026-23038,CVE-2026-23042,CVE-2026-23047,CVE-2026-23049,CVE-2026-23050,CVE-2026-23053,CVE-2026-23054,CVE-2026-23055,CVE-2026-23056,CVE-2026-23057,CVE-2026-23058,CVE-2026-23059,CVE-2026-23060,CVE-2026-23061,CVE-2026-23062,CVE-2026-23063,CVE-2026-23064,CVE-2026-23065,CVE-2026-23066,CVE-2026-230 68,CVE-2026-23069,CVE-2026-23070,CVE-2026-23071,CVE-2026-23073,CVE-2026-23074,CVE-2026-23076,CVE-2026-23078,CVE-2026-23080,CVE-2026-23082,CVE-2026-23083,CVE-2026-23084,CVE-2026-23085,CVE-2026-23086,CVE-2026-23088,CVE-2026-23089,CVE-2026-23090,CVE-2026-23091,CVE-2026-23094,CVE-2026-23095,CVE-2026-23096,CVE-2026-23097,CVE-2026-23099,CVE-2026-23100,CVE-2026-23101,CVE-2026-23102,CVE-2026-23104,CVE-2026-23105,CVE-2026-23107,CVE-2026-23108,CVE-2026-23110,CVE-2026-23111,CVE-2026-23112,CVE-2026-23116,CVE-2026-23119,CVE-2026-23121,CVE-2026-23123,CVE-2026-23128,CVE-2026-23129,CVE-2026-23131,CVE-2026-23133,CVE-2026-23135,CVE-2026-23136,CVE-2026-23137,CVE-2026-23139,CVE-2026-23141,CVE-2026-23142,CVE-2026-23144,CVE-2026-23145,CVE-2026-23146,CVE-2026-23148,CVE-2026-23150,CVE-2026-23151,CVE-2026-23152,CVE-2026-23154,CVE-2026-23155,CVE-2026-23156,CVE-2026-23157,CVE-2026-23158,CVE-2026-23161,CVE-2026-23163,CVE-2026-23166,CVE-2026-23167,CVE-2026-23169,CVE-2026-23170,CVE-2026-23171,CVE-2026-23172,CVE- 2026-23173,CVE-2026-23176,CVE-2026-23177,CVE-2026-23178,CVE-2026-23179,CVE-2026-23182,CVE-2026-23188,CVE-2026-23189,CVE-2026-23190,CVE-2026-23191,CVE-2026-23198,CVE-2026-23202,CVE-2026-23207,CVE-2026-23208,CVE-2026-23209,CVE-2026-23210,CVE-2026-23213,CVE-2026-23214,CVE-2026-23221,CVE-2026-23222,CVE-2026-23223,CVE-2026-23224,CVE-2026-23229,CVE-2026-23230,CVE-2026-3184 This update for util-linux fixes the following issue: - CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). ----------------------------------------------------------------- Advisory ID: 440 Released: Thu Mar 12 11:27:47 2026 Summary: Security update for curl Type: security Severity: important References: 1243419,1246995,1256624,1256644,1259362,1259363,1259364,1259365,CVE-2025-68813,CVE-2025-71085,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: 442 Released: Mon Mar 16 10:25:28 2026 Summary: Security update for freetype2 Type: security Severity: moderate References: 1084929,1246790,1252148,1259118,CVE-2025-7700,CVE-2026-23865 This update for freetype2 fixes the following issue: Update to freetype2 2.14.2: - CVE-2026-23865: Integer overflow in the tt_var_load_item_variation_store function (bsc#1259118). Changelog: * Several changes related to LCD filtering are implemented to achieve better performance and encourage sound practices. * Instead of blanket LCD filtering over the entire bitmap, it is now applied only to non-zero spans using direct rendering. This speeds up the ClearType-like rendering by more than 40% at sizes above 32 ppem. * Setting the filter weights with FT_Face_Properties is no longer supported. The default and light filters are optimized to work with any face. * The legacy libXft LCD filter algorithm is no longer provided. * A bunch of potential security problems have been found (bsc#1259118, CVE-2026-23865). All users should update. * The italic angle in `PS_FontInfo` is now stored as a fixed-point value in degrees for all Type 1 fonts and their derivatives, consistent with CFF fonts and common practices. The broken underline position and thickness values are fixed for CFF fonts. * The `x` field in the `FT_Span` structure is now unsigned. * Demo program `ftgrid` got an option `-m` to select a start character to display. * Similarly, demo program `ftmulti` got an option `-m` to select a text string for rendering. * Option `-d` in the demo program `ttdebug` is now called `-a`, expecting a comma-separated list of axis values. The user interface is also slightly improved. * The `ftinspect` demo program can now be compiled with Qt6, too. * The auto-hinter got new abilities. It can now better separate diacritic glyphs from base glyphs at small sizes by artificially moving diacritics up (or down) if necessary * Tilde accent glyphs get vertically stretched at small sizes so that they don't degenerate to horizontal lines. * Diacritics directly attached to a base glyph (like the ogonek in character '??') no longer distort the shape of the base glyph * The TrueType instruction interpreter was optimized to produce a 15% gain in the glyph loading speed. * Handling of Variation Fonts is now considerably faster * TrueType and CFF glyph loading speed has been improved by 5-10% on modern 64-bit platforms as a result of better handling of fixed-point multiplication. * The BDF driver now loads fonts 75% faster. ----------------------------------------------------------------- Advisory ID: 449 Released: Thu Mar 19 12:24:33 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1247884,1247885,1251194,1259377,CVE-2025-54389,CVE-2025-54409,CVE-2025-61962,CVE-2026-3731 This update for libssh fixes the following issue: - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ----------------------------------------------------------------- Advisory ID: 458 Released: Tue Mar 24 10:38:06 2026 Summary: Security update for systemd Type: security Severity: important References: 1248438,1258786,1259418,1259456,1259467,1259650,1259697,CVE-2025-20053,CVE-2025-20109,CVE-2025-22839,CVE-2025-22840,CVE-2025-22889,CVE-2025-26403,CVE-2025-32086,CVE-2026-25799,CVE-2026-28690,CVE-2026-29111,CVE-2026-30883,CVE-2026-4105 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - a943e3ce2f machined: reject invalid class types when registering machines - 71593f77db udev: fix review mixup - 73a89810b4 udev-builtin-net-id: print cescaped bad attributes - 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX - 40905232e2 udev: ensure tag parsing stays within bounds - 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf - d018ac1ea3 udev: check for invalid chars in various fields received from the kernel - aef6e11921 core/cgroup: avoid one unnecessary strjoina() - cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements - 26a748f727 core: validate input cgroup path more prudently - 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs ----------------------------------------------------------------- Advisory ID: 464 Released: Fri Mar 27 10:41:48 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1248502,1254132,1257960,1258083,1259845,CVE-2025-14831,CVE-2025-8067,CVE-2025-9820,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: 471 Released: Tue Apr 7 13:08:58 2026 Summary: Security update for expat Type: security Severity: important References: 1247594,1247735,1248373,1249013,1257904,1258236,1259548,1259711,1259726,1259729,CVE-2025-54882,CVE-2025-58160,CVE-2026-25727,CVE-2026-31979,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: 479 Released: Thu Apr 9 12:48:50 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1248678,1260754,1260755,1260871,CVE-2026-33416,CVE-2026-33636,CVE-2026-34352 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). - CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ----------------------------------------------------------------- Advisory ID: 478 Released: Thu Apr 9 13:38:10 2026 Summary: Security update for glibc Type: security Severity: important References: 1243581,1248410,1248687,1258637,1260078,1260082,142461,544339,CVE-2025-46836,CVE-2026-26996,CVE-2026-4437,CVE-2026-4438 This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ----------------------------------------------------------------- Advisory ID: 494 Released: Mon Apr 20 19:04:13 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in `cap_set_file()` (bsc#1261809). ----------------------------------------------------------------- Advisory ID: 495 Released: Mon Apr 20 19:12:53 2026 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1222465,1234736,1246623,1250373,1250692,CVE-2025-40918,CVE-2025-41244 This update for util-linux fixes the following issues: - Recognize fuse 'portal' as a virtual file system (bsc#1234736) - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465) ----------------------------------------------------------------- Advisory ID: 499 Released: Tue Apr 21 10:33:03 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1084929,1215720,1216355,1258664,1261957,CVE-2026-34757 This update for libpng16 fixes the following issue: - CVE-2026-34757: libpng: Information disclosure and data corruption via use-after-free vulnerability (bsc#1261957). ----------------------------------------------------------------- Advisory ID: 497 Released: Tue Apr 21 10:42:57 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1221126,1244485,1249385,1250952,1258022,1259543 This update for grub2 fixes the following issues: - Fix missing install device check in grub2-install on PowerPC which could lead to bootlist corruption (bsc#1221126) * add mandatory install device check for PowerPC - Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385) * use net config for boot location instead of - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume - Backport upstream's commit to prevent BIOS assert (bsc#1258022) ----------------------------------------------------------------- Advisory ID: 513 Released: Mon Apr 27 19:14:51 2026 Summary: Security update for sed Type: security Severity: moderate References: 1252376,1252543,1253334,1262144,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881,CVE-2026-5958 This update for sed fixes the following issue: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: 517 Released: Thu Apr 30 16:47:08 2026 Summary: Security update for curl Type: security Severity: important References: 1253126,1253132,1256780,1257238,1258051,1258183,1258784,1259362,1262631,1262632,1262635,1262636,1262638,CVE-2024-25621,CVE-2025-64329,CVE-2025-71120,CVE-2026-1965,CVE-2026-22999,CVE-2026-23074,CVE-2026-23111,CVE-2026-23209,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). The following package changes have been done: - boost-license1_84_0-1.84.0-slfo.1.1_1.4 updated - btrfsprogs-udev-rules-6.8.1-slfo.1.1_1.2 updated - compat-usrmerge-tools-84.87-slfo.1.1_1.5 updated - crypto-policies-20230920.570ea89-slfo.1.1_2.1 updated - elemental-httpfy-1.7.4-slfo.1.1_1.1 updated - elemental-seedimage-hooks-1.7.4-slfo.1.1_1.1 updated - libsemanage-conf-3.5-slfo.1.1_1.3 updated - libssh-config-0.10.6-slfo.1.1_5.1 added - pkgconf-m4-1.8.0-slfo.1.1_1.5 updated - system-user-root-20190513-slfo.1.1_1.2 updated - filesystem-84.87-slfo.1.1_1.2 updated - glibc-2.38-slfo.1.1_7.1 updated - libzstd1-1.5.5-slfo.1.1_1.4 updated - libz1-1.2.13-slfo.1.1_2.1 updated - libxxhash0-0.8.1-slfo.1.1_2.1 updated - libverto1-0.3.2-slfo.1.1_1.2 added - libuuid1-2.40.4-slfo.1.1_5.1 updated - liburcu8-0.14.0-slfo.1.1_1.3 updated - libunistring5-1.1-slfo.1.1_1.2 updated - libtextstyle0-0.21.1-slfo.1.1_2.1 updated - libtasn1-6-4.19.0-slfo.1.1_3.1 updated - libsmartcols1-2.40.4-slfo.1.1_5.1 updated - libsepol2-3.5-slfo.1.1_1.3 updated - libseccomp2-2.5.4-slfo.1.1_1.4 updated - libsasl2-3-2.1.28-slfo.1.1_1.2 added - libpopt0-1.19-slfo.1.1_1.3 updated - libpkgconf3-1.8.0-slfo.1.1_1.5 updated - libpcre2-8-0-10.42-slfo.1.1_1.4 updated - libparted-fs-resize0-3.5-slfo.1.1_1.2 updated - libnss_usrfiles2-2.27-slfo.1.1_1.3 updated - libnghttp2-14-1.52.0-slfo.1.1_2.1 updated - liblzo2-2-2.10-slfo.1.1_1.3 updated - liblzma5-5.4.3-slfo.1.1_2.1 updated - liblz4-1-1.9.4-slfo.1.1_1.2 updated - liblua5_4-5-5.4.6-slfo.1.1_1.3 updated - libkeyutils1-1.6.3-slfo.1.1_1.3 added - libjson-c5-0.16-slfo.1.1_1.2 updated - libjitterentropy3-3.4.1-slfo.1.1_1.3 updated - libip4tc2-1.8.9-slfo.1.1_2.1 updated - libgpg-error0-1.47-slfo.1.1_1.3 updated - libgmp10-6.3.0-slfo.1.1_1.5 updated - libgcc_s1-14.3.0+git11799-slfo.1.1_1.1 updated - libfuse2-2.9.9-slfo.1.1_1.2 updated - libffi8-3.4.6-slfo.1.1_1.4 updated - libexpat1-2.7.1-slfo.1.1_5.1 updated - libeconf0-0.7.2-slfo.1.1_1.3 updated - libcrypt1-4.4.36-slfo.1.1_1.4 updated - libcom_err2-1.47.0-slfo.1.1_1.2 updated - libcap2-2.69-slfo.1.1_2.1 updated - libcap-ng0-0.8.3-slfo.1.1_1.4 updated - libbz2-1-1.0.8-slfo.1.1_1.4 updated - libburn4-1.5.4-slfo.1.1_1.2 updated - libbtrfsutil1-6.8.1-slfo.1.1_1.2 updated - libbtrfs0-6.8.1-slfo.1.1_1.2 updated - libbrotlicommon1-1.1.0-slfo.1.1_1.3 updated - libaudit1-3.1.1-slfo.1.1_2.1 updated - libattr1-2.5.1-slfo.1.1_1.3 updated - libargon2-1-20190702-slfo.1.1_1.2 updated - libalternatives1-1.2+30.a5431e9-slfo.1.1_1.3 updated - libaio1-0.3.113-slfo.1.1_1.2 updated - libacl1-2.3.1-slfo.1.1_1.3 updated - fillup-1.42-slfo.1.1_2.2 updated - dosfstools-4.2-slfo.1.1_1.2 updated - diffutils-3.10-slfo.1.1_1.3 updated - libpng16-16-1.6.43-slfo.1.1_5.1 updated - libidn2-0-2.3.4-slfo.1.1_1.2 updated - pkgconf-1.8.0-slfo.1.1_1.5 updated - libselinux1-3.5-slfo.1.1_1.3 updated - netcfg-11.6-slfo.1.1_1.2 updated - libxml2-2-2.11.6-slfo.1.1_8.1 updated - squashfs-4.6.1-slfo.1.1_1.2 updated - libgcrypt20-1.10.3-slfo.1.1_3.1 updated - libstdc++6-14.3.0+git11799-slfo.1.1_1.1 updated - libp11-kit0-0.25.3-slfo.1.1_1.2 updated - libblkid1-2.40.4-slfo.1.1_5.1 updated - perl-base-5.38.2-slfo.1.1_2.1 updated - libext2fs2-1.47.0-slfo.1.1_1.2 updated - libudev1-254.27-slfo.1.1_4.1 updated - chkstat-1600_20240206-slfo.1.1_1.5 updated - libzio1-1.08-slfo.1.1_1.3 updated - libjte2-1.22-slfo.1.1_1.2 updated - libbrotlidec1-1.1.0-slfo.1.1_1.3 updated - alts-1.2+30.a5431e9-slfo.1.1_1.3 updated - libpsl5-0.21.2-slfo.1.1_1.2 updated - sed-4.9-slfo.1.1_2.1 updated - libsubid4-4.15.1-slfo.1.1_1.3 updated - libsemanage2-3.5-slfo.1.1_1.3 updated - findutils-4.9.0-slfo.1.1_2.1 updated - libsystemd0-254.27-slfo.1.1_4.1 updated - libncurses6-6.4.20240224-slfo.1.1_2.1 updated - terminfo-base-6.4.20240224-slfo.1.1_2.1 updated - libinih0-56-slfo.1.1_1.3 updated - libboost_thread1_84_0-1.84.0-slfo.1.1_1.4 updated - p11-kit-0.25.3-slfo.1.1_1.2 updated - p11-kit-tools-0.25.3-slfo.1.1_1.2 updated - libmount1-2.40.4-slfo.1.1_5.1 updated - libfdisk1-2.40.4-slfo.1.1_5.1 updated - libisofs6-1.5.4-slfo.1.1_1.2 updated - libfreetype6-2.14.2-slfo.1.1_1.1 updated - ncurses-utils-6.4.20240224-slfo.1.1_2.1 updated - libreadline8-8.2-slfo.1.1_1.4 updated - libedit0-20210910.3.1-slfo.1.1_1.3 updated - gptfdisk-1.0.9-slfo.1.1_2.1 updated - libisoburn1-1.5.4-slfo.1.1_1.2 updated - bash-5.2.15-slfo.1.1_1.6 updated - bash-sh-5.2.15-slfo.1.1_1.6 updated - xz-5.4.3-slfo.1.1_2.1 updated - systemd-default-settings-branding-openSUSE-0.7-slfo.1.1_1.2 updated - systemd-default-settings-0.7-slfo.1.1_1.2 updated - pkgconf-pkg-config-1.8.0-slfo.1.1_1.5 updated - login_defs-4.15.1-slfo.1.1_1.3 updated - libdevmapper1_03-2.03.22_1.02.196-slfo.1.1_1.3 updated - gzip-1.13-slfo.1.1_2.4 updated - grep-3.11-slfo.1.1_1.2 updated - gettext-runtime-0.21.1-slfo.1.1_2.1 updated - coreutils-9.4-slfo.1.1_2.1 updated - ALP-dummy-release-0.1-slfo.1.1_1.5 updated - libparted2-3.5-slfo.1.1_1.2 updated - libdevmapper-event1_03-2.03.22_1.02.196-slfo.1.1_1.3 updated - info-7.0.3-slfo.1.1_1.3 updated - xfsprogs-6.5.0-slfo.1.1_1.2 updated - thin-provisioning-tools-0.9.0-slfo.1.1_1.4 updated - systemd-rpm-macros-24-slfo.1.1_1.2 updated - systemd-presets-common-SUSE-15-slfo.1.1_1.2 updated - rpm-config-SUSE-20240214-slfo.1.1_1.2 updated - rpm-4.18.0-slfo.1.1_2.1 updated - permissions-config-1600_20240206-slfo.1.1_1.5 updated - glibc-locale-base-2.38-slfo.1.1_7.1 updated - e2fsprogs-1.47.0-slfo.1.1_1.2 updated - ca-certificates-2+git20240805.fd24d50-slfo.1.1_1.2 updated - ca-certificates-mozilla-2.84-slfo.1.1_1.1 updated - btrfsprogs-6.8.1-slfo.1.1_1.2 updated - parted-3.5-slfo.1.1_1.2 updated - liblvm2cmd2_03-2.03.22-slfo.1.1_1.3 updated - xorriso-1.5.4-slfo.1.1_1.2 updated - device-mapper-2.03.22_1.02.196-slfo.1.1_1.3 updated - systemd-presets-branding-ALP-transactional-20230214-slfo.1.1_1.2 updated - permissions-1600_20240206-slfo.1.1_1.5 updated - mtools-4.0.43-slfo.1.1_1.2 updated - libopenssl3-3.1.4-slfo.1.1_9.1 updated - pam-1.6.1-slfo.1.1_4.1 updated - grub2-2.12-slfo.1.1_5.1 updated - grub2-i386-pc-2.12-slfo.1.1_5.1 updated - suse-module-tools-16.0.43-slfo.1.1_1.2 updated - kmod-32-slfo.1.1_2.1 updated - rsync-3.3.0-slfo.1.1_4.1 updated - libldap2-2.6.4-slfo.1.1_1.2 added - libkmod2-32-slfo.1.1_2.1 updated - libcryptsetup12-2.6.1-slfo.1.1_1.2 updated - krb5-1.21.3-slfo.1.1_2.1 added - util-linux-2.40.4-slfo.1.1_5.1 updated - shadow-4.15.1-slfo.1.1_1.3 updated - pam-config-2.11+git.20240906-slfo.1.1_2.1 updated - kbd-2.6.4-slfo.1.1_1.3 updated - libssh4-0.10.6-slfo.1.1_5.1 added - libsnapper7-0.11.2-slfo.1.1_1.2 updated - aaa_base-84.87+git20250903.33e5ba4-slfo.1.1_1.1 updated - libcurl4-8.14.1-slfo.1.1_7.1 added - dbus-1-daemon-1.14.10-slfo.1.1_1.2 updated - curl-8.14.1-slfo.1.1_7.1 updated - dbus-1-tools-1.14.10-slfo.1.1_1.2 updated - systemd-254.27-slfo.1.1_4.1 updated - sysuser-shadow-3.1-slfo.1.1_1.2 updated - dbus-1-common-1.14.10-slfo.1.1_1.2 updated - libdbus-1-3-1.14.10-slfo.1.1_1.2 updated - dbus-1-1.14.10-slfo.1.1_1.2 updated - system-group-kvm-20170617-slfo.1.1_1.2 updated - system-group-hardware-20170617-slfo.1.1_1.2 updated - udev-254.27-slfo.1.1_4.1 updated - snapper-0.11.2-slfo.1.1_1.2 updated - lvm2-2.03.22-slfo.1.1_1.3 updated - elemental-toolkit-2.2.7-slfo.1.1_1.1 updated - container:suse-toolbox-image-1.0.0-5.50 updated - file-magic-5.44-4.151 removed - kbd-legacy-2.6.4-1.3 removed - libcurl-mini4-8.14.1-6.1 removed - libmagic1-5.44-4.151 removed From sle-container-updates at lists.suse.com Sat May 9 07:03:49 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 May 2026 09:03:49 +0200 (CEST) Subject: SUSE-IU-2026:3233-1: Security update of suse-sles-15-sp4-chost-byos-v20260507-x86_64-gen2 Message-ID: <20260509070349.A8129FB96@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20260507-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3233-1 Image Tags : suse-sles-15-sp4-chost-byos-v20260507-x86_64-gen2:20260507 Image Release : Severity : important Type : security References : 1001888 1006827 1029961 1065729 1065729 1098094 1098228 1170554 1192862 1193629 1194869 1196823 1204957 1205128 1205567 1206798 1206889 1206893 1207051 1207088 1207611 1207612 1207619 1207620 1207622 1207636 1207644 1207646 1207652 1207653 1208570 1208758 1209799 1210763 1210817 1210943 1211162 1211690 1211692 1213025 1213032 1213093 1213098 1213105 1213110 1213111 1213114 1213653 1213747 1213747 1213867 1214635 1214940 1214954 1214962 1214986 1214990 1214992 1215148 1216062 1217366 1220137 1220144 1222465 1223007 1224138 1228015 1229003 1229750 1230185 1230861 1231084 1232351 1232526 1233038 1234225 1234736 1235905 1236104 1236104 1236208 1237236 1237240 1237241 1237242 1237885 1237906 1238414 1238491 1238754 1238763 1238896 1238917 1238917 1239119 1239439 1239566 1239938 1240788 1240871 1241002 1241284 1242006 1243794 1243991 1244003 1244011 1244050 1244057 1244057 1244550 1244758 1244904 1244937 1245110 1245199 1245210 1245667 1245723 1245751 1246011 1246025 1246057 1246399 1246544 1246602 1246965 1246974 1247177 1247432 1247483 1247850 1248306 1248377 1248586 1248600 1248807 1248816 1249055 1249076 1249156 1249158 1249375 1249479 1249608 1249657 1249806 1249827 1249857 1249859 1249871 1249988 1250224 1250397 1250553 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251040 1251043 1251045 1251047 1251052 1251057 1251059 1251061 1251063 1251064 1251065 1251066 1251068 1251072 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251154 1251159 1251164 1251166 1251169 1251170 1251173 1251178 1251180 1251182 1251197 1251198 1251199 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251222 1251223 1251230 1251247 1251268 1251271 1251281 1251282 1251283 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251302 1251303 1251305 1251306 1251310 1251312 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251786 1251823 1251930 1251967 1252033 1252033 1252035 1252046 1252047 1252069 1252110 1252148 1252232 1252232 1252265 1252267 1252318 1252338 1252379 1252380 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252634 1252678 1252688 1252692 1252780 1252785 1252785 1252862 1252893 1252904 1252919 1252931 1252932 1252933 1252934 1252935 1252974 1253001 1253028 1253043 1253126 1253132 1253223 1253367 1253409 1253431 1253436 1253702 1253741 1253757 1253783 1254132 1254157 1254158 1254159 1254160 1254180 1254297 1254353 1254353 1254362 1254400 1254401 1254425 1254462 1254463 1254464 1254480 1254520 1254559 1254562 1254572 1254578 1254580 1254592 1254608 1254609 1254614 1254615 1254617 1254625 1254631 1254632 1254634 1254644 1254645 1254649 1254653 1254656 1254658 1254660 1254662 1254664 1254666 1254670 1254670 1254671 1254674 1254676 1254677 1254686 1254690 1254692 1254694 1254696 1254698 1254699 1254704 1254706 1254709 1254710 1254711 1254712 1254713 1254714 1254716 1254723 1254725 1254728 1254729 1254743 1254745 1254751 1254756 1254759 1254763 1254767 1254775 1254780 1254781 1254782 1254783 1254785 1254788 1254789 1254792 1254813 1254842 1254843 1254847 1254851 1254866 1254867 1254867 1254878 1254894 1254902 1254915 1254916 1254917 1254920 1254959 1254974 1254986 1254994 1254997 1255002 1255005 1255007 1255049 1255060 1255075 1255163 1255165 1255171 1255251 1255377 1255401 1255467 1255469 1255521 1255528 1255546 1255549 1255554 1255555 1255558 1255560 1255562 1255565 1255574 1255576 1255578 1255582 1255594 1255600 1255607 1255608 1255609 1255618 1255619 1255620 1255623 1255624 1255626 1255627 1255628 1255636 1255688 1255690 1255697 1255702 1255704 1255715 1255731 1255732 1255733 1255734 1255749 1255750 1255757 1255758 1255760 1255762 1255765 1255769 1255771 1255773 1255780 1255786 1255787 1255789 1255790 1255791 1255792 1255796 1255797 1255800 1255801 1255802 1255803 1255804 1255806 1255808 1255819 1255839 1255843 1255844 1255872 1255875 1255876 1255877 1255878 1255880 1255889 1255901 1255902 1255905 1255906 1255908 1255909 1255910 1255912 1255919 1255922 1255925 1255939 1255950 1255953 1255954 1255962 1255964 1255968 1255969 1255970 1255971 1255978 1255979 1255983 1255985 1255990 1255993 1255994 1255996 1256034 1256040 1256042 1256045 1256046 1256048 1256049 1256053 1256056 1256057 1256062 1256063 1256064 1256065 1256074 1256081 1256086 1256091 1256093 1256095 1256099 1256105 1256114 1256115 1256118 1256119 1256121 1256122 1256124 1256125 1256126 1256127 1256130 1256131 1256132 1256133 1256136 1256137 1256140 1256141 1256142 1256143 1256145 1256149 1256152 1256154 1256155 1256157 1256158 1256162 1256165 1256167 1256172 1256173 1256174 1256177 1256178 1256179 1256182 1256184 1256185 1256186 1256188 1256189 1256191 1256192 1256193 1256194 1256196 1256199 1256200 1256202 1256203 1256204 1256205 1256206 1256207 1256208 1256211 1256215 1256216 1256219 1256220 1256221 1256223 1256228 1256230 1256231 1256235 1256241 1256242 1256244 1256245 1256246 1256248 1256250 1256254 1256260 1256265 1256269 1256271 1256274 1256282 1256285 1256291 1256295 1256300 1256306 1256317 1256320 1256323 1256326 1256328 1256331 1256333 1256334 1256335 1256337 1256338 1256341 1256344 1256346 1256349 1256353 1256355 1256368 1256370 1256375 1256382 1256383 1256384 1256386 1256388 1256389 1256390 1256391 1256394 1256395 1256396 1256397 1256423 1256426 1256432 1256498 1256499 1256500 1256504 1256525 1256526 1256582 1256612 1256623 1256641 1256645 1256675 1256709 1256726 1256744 1256745 1256747 1256766 1256779 1256792 1256804 1256805 1256807 1256808 1256809 1256810 1256811 1256812 1256822 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1256902 1257005 1257029 1257031 1257041 1257042 1257044 1257046 1257049 1257144 1257181 1257231 1257232 1257236 1257296 1257364 1257365 1257463 1257473 1257473 1257490 1257496 1257593 1257594 1257595 1257625 1257667 1257732 1257735 1257749 1257771 1257773 1257790 1257825 1257960 1258002 1258020 1258022 1258045 1258049 1258054 1258080 1258081 1258229 1258340 1258395 1258406 1258518 1258730 1258849 1258850 1258859 1259051 1259362 1259362 1259363 1259364 1259365 1259377 1259418 1259543 1259611 1259616 1259619 1259650 1259697 1259711 1259726 1259729 1259734 1259735 1259797 1259803 1259829 1259845 1259857 1259924 1259985 1259989 1260005 1260009 1260026 1260441 1260442 1260443 1260444 1260445 1260589 1260754 1260805 1261155 1261191 1261271 1261274 1261420 1261568 1261678 1261809 1261969 1261970 1262098 1262144 1262178 1262180 1262319 1262428 1262573 1262631 1262632 1262635 1262636 1262638 1262654 529469 837347 CVE-2022-0854 CVE-2022-43945 CVE-2022-48853 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50280 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50525 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2022-50614 CVE-2022-50615 CVE-2022-50617 CVE-2022-50618 CVE-2022-50619 CVE-2022-50622 CVE-2022-50623 CVE-2022-50625 CVE-2022-50626 CVE-2022-50629 CVE-2022-50630 CVE-2022-50633 CVE-2022-50635 CVE-2022-50636 CVE-2022-50638 CVE-2022-50640 CVE-2022-50641 CVE-2022-50643 CVE-2022-50644 CVE-2022-50646 CVE-2022-50649 CVE-2022-50652 CVE-2022-50653 CVE-2022-50656 CVE-2022-50658 CVE-2022-50660 CVE-2022-50661 CVE-2022-50662 CVE-2022-50664 CVE-2022-50666 CVE-2022-50668 CVE-2022-50669 CVE-2022-50670 CVE-2022-50671 CVE-2022-50672 CVE-2022-50673 CVE-2022-50675 CVE-2022-50677 CVE-2022-50678 CVE-2022-50679 CVE-2022-50697 CVE-2022-50698 CVE-2022-50699 CVE-2022-50700 CVE-2022-50702 CVE-2022-50703 CVE-2022-50704 CVE-2022-50709 CVE-2022-50715 CVE-2022-50716 CVE-2022-50717 CVE-2022-50718 CVE-2022-50719 CVE-2022-50722 CVE-2022-50724 CVE-2022-50726 CVE-2022-50727 CVE-2022-50728 CVE-2022-50730 CVE-2022-50731 CVE-2022-50732 CVE-2022-50733 CVE-2022-50735 CVE-2022-50736 CVE-2022-50740 CVE-2022-50742 CVE-2022-50744 CVE-2022-50745 CVE-2022-50747 CVE-2022-50749 CVE-2022-50750 CVE-2022-50751 CVE-2022-50752 CVE-2022-50754 CVE-2022-50755 CVE-2022-50756 CVE-2022-50757 CVE-2022-50758 CVE-2022-50760 CVE-2022-50761 CVE-2022-50763 CVE-2022-50767 CVE-2022-50769 CVE-2022-50770 CVE-2022-50773 CVE-2022-50774 CVE-2022-50776 CVE-2022-50777 CVE-2022-50779 CVE-2022-50781 CVE-2022-50782 CVE-2022-50809 CVE-2022-50814 CVE-2022-50819 CVE-2022-50821 CVE-2022-50822 CVE-2022-50823 CVE-2022-50824 CVE-2022-50826 CVE-2022-50827 CVE-2022-50828 CVE-2022-50829 CVE-2022-50830 CVE-2022-50832 CVE-2022-50834 CVE-2022-50835 CVE-2022-50836 CVE-2022-50839 CVE-2022-50840 CVE-2022-50842 CVE-2022-50843 CVE-2022-50844 CVE-2022-50845 CVE-2022-50846 CVE-2022-50848 CVE-2022-50849 CVE-2022-50850 CVE-2022-50851 CVE-2022-50853 CVE-2022-50856 CVE-2022-50858 CVE-2022-50859 CVE-2022-50860 CVE-2022-50861 CVE-2022-50864 CVE-2022-50866 CVE-2022-50868 CVE-2022-50870 CVE-2022-50872 CVE-2022-50876 CVE-2022-50878 CVE-2022-50880 CVE-2022-50881 CVE-2022-50882 CVE-2022-50884 CVE-2022-50885 CVE-2022-50886 CVE-2022-50887 CVE-2022-50888 CVE-2022-50889 CVE-2023-23559 CVE-2023-52433 CVE-2023-52923 CVE-2023-52923 CVE-2023-53178 CVE-2023-53215 CVE-2023-53254 CVE-2023-53365 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53541 CVE-2023-53542 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53559 CVE-2023-53560 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53576 CVE-2023-53579 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53676 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53715 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-53743 CVE-2023-53744 CVE-2023-53746 CVE-2023-53747 CVE-2023-53751 CVE-2023-53754 CVE-2023-53755 CVE-2023-53761 CVE-2023-53766 CVE-2023-53781 CVE-2023-53783 CVE-2023-53786 CVE-2023-53788 CVE-2023-53792 CVE-2023-53794 CVE-2023-53802 CVE-2023-53803 CVE-2023-53804 CVE-2023-53808 CVE-2023-53811 CVE-2023-53814 CVE-2023-53818 CVE-2023-53819 CVE-2023-53820 CVE-2023-53827 CVE-2023-53830 CVE-2023-53832 CVE-2023-53834 CVE-2023-53837 CVE-2023-53840 CVE-2023-53842 CVE-2023-53844 CVE-2023-53845 CVE-2023-53847 CVE-2023-53850 CVE-2023-53852 CVE-2023-53858 CVE-2023-53862 CVE-2023-53866 CVE-2023-53990 CVE-2023-53991 CVE-2023-53996 CVE-2023-53998 CVE-2023-54001 CVE-2023-54003 CVE-2023-54007 CVE-2023-54009 CVE-2023-54010 CVE-2023-54014 CVE-2023-54015 CVE-2023-54018 CVE-2023-54019 CVE-2023-54020 CVE-2023-54021 CVE-2023-54024 CVE-2023-54025 CVE-2023-54026 CVE-2023-54028 CVE-2023-54036 CVE-2023-54039 CVE-2023-54040 CVE-2023-54042 CVE-2023-54045 CVE-2023-54046 CVE-2023-54048 CVE-2023-54049 CVE-2023-54050 CVE-2023-54051 CVE-2023-54053 CVE-2023-54055 CVE-2023-54058 CVE-2023-54064 CVE-2023-54072 CVE-2023-54076 CVE-2023-54078 CVE-2023-54079 CVE-2023-54083 CVE-2023-54084 CVE-2023-54090 CVE-2023-54091 CVE-2023-54092 CVE-2023-54095 CVE-2023-54096 CVE-2023-54097 CVE-2023-54098 CVE-2023-54100 CVE-2023-54102 CVE-2023-54104 CVE-2023-54108 CVE-2023-54110 CVE-2023-54111 CVE-2023-54115 CVE-2023-54118 CVE-2023-54119 CVE-2023-54120 CVE-2023-54122 CVE-2023-54123 CVE-2023-54126 CVE-2023-54127 CVE-2023-54130 CVE-2023-54131 CVE-2023-54136 CVE-2023-54140 CVE-2023-54142 CVE-2023-54146 CVE-2023-54150 CVE-2023-54153 CVE-2023-54156 CVE-2023-54159 CVE-2023-54166 CVE-2023-54168 CVE-2023-54170 CVE-2023-54171 CVE-2023-54173 CVE-2023-54177 CVE-2023-54179 CVE-2023-54183 CVE-2023-54186 CVE-2023-54189 CVE-2023-54190 CVE-2023-54197 CVE-2023-54198 CVE-2023-54199 CVE-2023-54201 CVE-2023-54202 CVE-2023-54205 CVE-2023-54208 CVE-2023-54211 CVE-2023-54213 CVE-2023-54214 CVE-2023-54219 CVE-2023-54230 CVE-2023-54236 CVE-2023-54242 CVE-2023-54243 CVE-2023-54244 CVE-2023-54245 CVE-2023-54252 CVE-2023-54260 CVE-2023-54264 CVE-2023-54266 CVE-2023-54269 CVE-2023-54270 CVE-2023-54271 CVE-2023-54274 CVE-2023-54275 CVE-2023-54277 CVE-2023-54280 CVE-2023-54284 CVE-2023-54286 CVE-2023-54287 CVE-2023-54289 CVE-2023-54292 CVE-2023-54293 CVE-2023-54294 CVE-2023-54295 CVE-2023-54298 CVE-2023-54299 CVE-2023-54300 CVE-2023-54301 CVE-2023-54302 CVE-2023-54304 CVE-2023-54305 CVE-2023-54309 CVE-2023-54311 CVE-2023-54315 CVE-2023-54317 CVE-2023-54319 CVE-2023-54321 CVE-2023-54325 CVE-2023-54326 CVE-2023-7324 CVE-2024-2312 CVE-2024-25621 CVE-2024-26581 CVE-2024-26832 CVE-2024-28956 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350 CVE-2024-36357 CVE-2024-44987 CVE-2024-46854 CVE-2024-50143 CVE-2024-54031 CVE-2025-10911 CVE-2025-11468 CVE-2025-11563 CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13462 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-14831 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15282 CVE-2025-15366 CVE-2025-15367 CVE-2025-21658 CVE-2025-21738 CVE-2025-21738 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164 CVE-2025-30258 CVE-2025-31133 CVE-2025-31133 CVE-2025-38068 CVE-2025-38129 CVE-2025-38159 CVE-2025-38234 CVE-2025-38375 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39977 CVE-2025-39978 CVE-2025-40018 CVE-2025-40019 CVE-2025-40040 CVE-2025-40044 CVE-2025-40044 CVE-2025-40048 CVE-2025-40088 CVE-2025-40102 CVE-2025-40121 CVE-2025-40139 CVE-2025-40154 CVE-2025-40204 CVE-2025-40215 CVE-2025-40220 CVE-2025-40233 CVE-2025-40242 CVE-2025-40256 CVE-2025-40257 CVE-2025-40258 CVE-2025-40277 CVE-2025-40280 CVE-2025-40300 CVE-2025-40331 CVE-2025-40778 CVE-2025-40780 CVE-2025-45582 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-53906 CVE-2025-54505 CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-58150 CVE-2025-58436 CVE-2025-58436 CVE-2025-58436 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61915 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-66418 CVE-2025-66471 CVE-2025-66471 CVE-2025-68160 CVE-2025-68183 CVE-2025-68276 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68468 CVE-2025-68471 CVE-2025-68732 CVE-2025-68813 CVE-2025-68818 CVE-2025-68973 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-7039 CVE-2025-70873 CVE-2025-71066 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-8732 CVE-2025-9403 CVE-2025-9714 CVE-2025-9820 CVE-2026-0672 CVE-2026-0861 CVE-2026-0865 CVE-2026-0915 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1299 CVE-2026-1502 CVE-2026-1519 CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-21441 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796 CVE-2026-22801 CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23054 CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23103 CVE-2026-23191 CVE-2026-23204 CVE-2026-23209 CVE-2026-23243 CVE-2026-23268 CVE-2026-23269 CVE-2026-23272 CVE-2026-23274 CVE-2026-23490 CVE-2026-23553 CVE-2026-23557 CVE-2026-23558 CVE-2026-24515 CVE-2026-25210 CVE-2026-25645 CVE-2026-25646 CVE-2026-26269 CVE-2026-27135 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-28417 CVE-2026-29111 CVE-2026-30922 CVE-2026-31431 CVE-2026-31789 CVE-2026-31790 CVE-2026-3184 CVE-2026-32597 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33412 CVE-2026-33416 CVE-2026-3446 CVE-2026-34714 CVE-2026-3479 CVE-2026-34982 CVE-2026-34990 CVE-2026-35535 CVE-2026-3644 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6019 CVE-2026-6100 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20260507-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3794-1 Released: Fri Oct 24 17:36:29 2025 Summary: Security update for chrony Type: security Severity: moderate References: 1246544 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3843-1 Released: Tue Oct 28 17:40:42 2025 Summary: Security update for xen Type: security Severity: important References: 1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3853-1 Released: Wed Oct 29 15:06:03 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750 This update for vim fixes the following issues: - Fix: vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3854-1 Released: Wed Oct 29 15:10:39 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1248816 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4107-1 Released: Fri Nov 14 16:54:13 2025 Summary: Security update for bind Type: security Severity: important References: 1252379,1252380,CVE-2025-40778,CVE-2025-40780 This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4111-1 Released: Sat Nov 15 19:38:39 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214954,1214992,1215148,1217366,1236104,1249479,1249608,1249857,1249859,1249988,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251040,1251043,1251045,1251047,1251052,1251057,1251059,1251061,1251063,1251064,1251065,1251066,1251068,1251072,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251154,1251159,1251164,1251166,1251169,1251170,1251173,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251302,1251303,1251306,1251310,1251312,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1 251737,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252069,1252265,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252634,1252688,1252785,1252893,1252904,1252919,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-50488,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50 512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50525,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE-2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53541,CVE-2023-53542,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53559,CVE-2023-53560,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53576,CVE -2023-53579,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-39742,CVE-2025-39 797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-40018,CVE-2025-40044,CVE-2025-40088,CVE-2025-40102 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). - CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). The following non security issues were fixed: - fbcon: Fix OOB access in font allocation (bsc#1252033) - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4112-1 Released: Sat Nov 15 23:38:15 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4116-1 Released: Mon Nov 17 08:26:11 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4177-1 Released: Mon Nov 24 08:25:42 2025 Summary: Recommended update for python-azure-agent Type: recommended Severity: important References: 1253001 This update for python-azure-agent fixes the following issues: - Update to version 2.14.0.1 (bsc#1253001) * FIPS 140-3 support * Block extensions disallowed by policy * Report ext policy errors in heartbeat * Implement signature validation helper functions * Prevent ssh public key override * Use proper filesystem creation flag for btrfs * Enable resource monitoring in cgroup v2 machines * Update agent cgroup cleanup * Add cgroupv2 distros to supported list * Clean old agent cgroup setup * Redact sas tokens in telemetry events and agent log * Add conf option to use hardcoded wireserver ip instead of dhcp request to discover wireserver ip * Support for python 3.12 * Update telemetry message for agent updates and send new telemetry for ext resource governance * Disable rsm downgrade * Add community support for Chainguard OS * Swap out legacycrypt for crypt-r for Python 3.13+ * Pin setuptools version * Set the agent config file path for FreeBSD * Handle errors importing crypt module - From 2.13.1.1 * Setup: Fix install_requires list syntax * Pickup latest goal state on tenant certificate rotation + Avoid infinite loop when the tenant certificate is missing * Fix unsupported syntax in py2.6 * Cgroup rewrite: uses systemctl for expressing desired configuration instead drop-in files * Remove usages of tempfile.mktemp * Use random time for attempting new Agent update * Enable logcollector in v2 machines * Clean history files * Missing firewall rules reason * Add support for nftables (+ refactoring of firewall code) * Create walinuxagent nftable atomically ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4224-1 Released: Tue Nov 25 10:53:48 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4279-1 Released: Thu Nov 27 14:16:36 2025 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: hyper-v was updated to fix the following issue: - hyper-v is shipped on Aarch64. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4288-1 Released: Fri Nov 28 09:25:32 2025 Summary: Security update for containerd Type: security Severity: important References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4290-1 Released: Fri Nov 28 10:04:11 2025 Summary: Security update for cups Type: security Severity: moderate References: 1234225,1244057,1253783,CVE-2025-58436,CVE-2025-61915 This update for cups fixes the following issues: - CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783) - CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4319-1 Released: Wed Dec 3 13:34:00 2025 Summary: Security update for cups Type: security Severity: important References: 1254353,CVE-2025-58436 This update for cups fixes the following issues: - The fix for CVE-2025-58436 causes a regression where GTK applications will hang. (bsc#1254353) See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4425-1 Released: Wed Dec 17 12:20:02 2025 Summary: Security update for cups Type: security Severity: moderate References: 1244057,1254353,CVE-2025-58436 This update for cups fixes the following issues: Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients (bsc#1244057). Other issues fixed: - Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4436-1 Released: Wed Dec 17 14:55:46 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4525-1 Released: Fri Dec 26 13:19:00 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:27-1 Released: Mon Jan 5 13:45:08 2026 Summary: Security update for python3 Type: security Severity: moderate References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:29-1 Released: Mon Jan 5 13:58:05 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2025-39967,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033) The following non-security bugs were fixed: - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:214-1 Released: Thu Jan 22 13:09:26 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:224-1 Released: Thu Jan 22 13:18:20 2026 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1256341,CVE-2025-13151 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:360-1 Released: Mon Feb 2 10:55:33 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:394-1 Released: Thu Feb 5 16:42:04 2026 Summary: Security update for xen Type: security Severity: moderate References: 1252692,1254180,1256745,1256747,CVE-2025-58149,CVE-2025-58150,CVE-2026-23553 This update for xen fixes the following issues: Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) - CVE-2025-58149: Fixed incorrect removal od permissions on PCI device unplug allow PV guests to access memory of devices no longer assigned to it (XSA-476) (bsc#1252692) Other fixes: - Fixed virtxend service restart. Caused by a failure to start xenstored (bsc#1254180) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:430-1 Released: Wed Feb 11 09:43:42 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1256902,CVE-2026-23490 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service (bsc#1256902) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:443-1 Released: Wed Feb 11 10:46:43 2026 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1254866,1254867,1256331,CVE-2025-66418,CVE-2025-66471,CVE-2026-21441 This update for python-urllib3_1 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). - CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:463-1 Released: Thu Feb 12 08:40:25 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1256709 This update for supportutils fixes the following issues: - scplugin.rc is restored in package 3.2.12.1 for continued compatibility (bsc#1256709) - Changes to version 3.2.12: * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11: * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:510-1 Released: Fri Feb 13 15:52:36 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:575-1 Released: Wed Feb 18 10:10:36 2026 Summary: Security update for libpcap Type: security Severity: low References: 1255765,CVE-2025-11961 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:577-1 Released: Wed Feb 18 16:49:13 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:596-1 Released: Mon Feb 23 16:57:20 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:606-1 Released: Tue Feb 24 12:19:29 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:617-1 Released: Tue Feb 24 16:18:34 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1193629,1194869,1196823,1204957,1205567,1206889,1207051,1207088,1207611,1207620,1207622,1207636,1207644,1207646,1207652,1207653,1208570,1208758,1209799,1210817,1210943,1211690,1213025,1213032,1213093,1213105,1213110,1213111,1213653,1213747,1213867,1214635,1214940,1214962,1214986,1214990,1216062,1220137,1220144,1223007,1228015,1230185,1231084,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1238896,1238917,1242006,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1249871,1250397,1252046,1252678,1252785,1253028,1253409,1253702,1254462,1254463,1254464,1254520,1254559,1254562,1254572,1254578,1254580,1254592,1254608,1254609,1254614,1254615,1254617,1254625,1254631,1254632,1254634,1254644,1254645,1254649,1254653,1254656,1254658,1254660,1254664,1254671,1254674,1254676,1254677,1254686,1254690,1254692,1254694,1254696,1254698,1254699,1254704,1254706,1254709,1254710,1254711,1254712,1254713,1254714,1 254716,1254723,1254725,1254728,1254729,1254743,1254745,1254751,1254756,1254759,1254763,1254767,1254775,1254780,1254781,1254782,1254783,1254785,1254788,1254789,1254792,1254813,1254842,1254843,1254847,1254851,1254894,1254902,1254915,1254916,1254917,1254920,1254959,1254974,1254986,1254994,1255002,1255005,1255007,1255049,1255060,1255163,1255165,1255171,1255251,1255377,1255401,1255467,1255469,1255521,1255528,1255546,1255549,1255554,1255555,1255558,1255560,1255562,1255565,1255574,1255576,1255578,1255582,1255594,1255600,1255607,1255608,1255609,1255618,1255619,1255620,1255623,1255624,1255626,1255627,1255628,1255636,1255688,1255690,1255697,1255702,1255704,1255749,1255750,1255757,1255758,1255760,1255762,1255769,1255771,1255773,1255780,1255786,1255787,1255789,1255790,1255791,1255792,1255796,1255797,1255800,1255801,1255802,1255803,1255804,1255806,1255808,1255819,1255839,1255843,1255844,1255872,1255875,1255876,1255877,1255878,1255880,1255889,1255901,1255902,1255905,1255906,1255908,1255909,125591 0,1255912,1255919,1255922,1255925,1255939,1255950,1255953,1255954,1255962,1255964,1255968,1255969,1255970,1255971,1255978,1255979,1255983,1255985,1255990,1255993,1255994,1255996,1256034,1256040,1256042,1256045,1256046,1256048,1256049,1256053,1256056,1256057,1256062,1256063,1256064,1256065,1256074,1256081,1256086,1256091,1256093,1256095,1256099,1256114,1256115,1256118,1256119,1256121,1256122,1256124,1256125,1256126,1256127,1256130,1256131,1256132,1256133,1256136,1256137,1256140,1256141,1256142,1256143,1256145,1256149,1256152,1256154,1256155,1256157,1256158,1256162,1256165,1256167,1256172,1256173,1256174,1256177,1256178,1256179,1256182,1256184,1256185,1256186,1256188,1256189,1256191,1256192,1256193,1256194,1256196,1256199,1256200,1256202,1256203,1256204,1256205,1256206,1256207,1256208,1256211,1256215,1256216,1256219,1256220,1256221,1256223,1256228,1256230,1256231,1256235,1256241,1256242,1256245,1256248,1256250,1256254,1256260,1256265,1256269,1256271,1256274,1256282,1256285,1256291,125 6295,1256300,1256306,1256317,1256320,1256323,1256326,1256328,1256333,1256334,1256335,1256337,1256338,1256344,1256346,1256349,1256353,1256355,1256368,1256370,1256375,1256382,1256383,1256384,1256386,1256388,1256391,1256394,1256395,1256396,1256397,1256423,1256426,1256432,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,1257749,1257771,1257790,CVE-2022-0854,CVE-2022-48853,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50614,CVE-2022-50615,CVE-2022-50617,CVE-2022-50618,CVE-2022-50619,CVE-2022-50622,CVE-2022-50623,CVE-2022-50625,CVE-2022-50626,CVE-2022-50629,CVE-2022-50630,CVE-2022-50633,CVE-2022-50635,CVE-2022-50636,CVE-2022-50638,CVE-2022-50640,CVE-2022-50641,CVE-2022-50643,CVE-2022-50644,CVE-2022-50646,CVE-2022-50649,CVE-2022-50652,CVE-2022-50653,CVE-2022-50656,CVE-2022-50658,CVE-2022-50660,CVE-2022-50661,CVE-2022-50662,CVE-2022-50664,CVE-2022-50666,CVE-2022-50668,CVE-2022-50669,CVE-2022-50670,CVE-2022-50671,CVE-2022- 50672,CVE-2022-50673,CVE-2022-50675,CVE-2022-50677,CVE-2022-50678,CVE-2022-50679,CVE-2022-50697,CVE-2022-50698,CVE-2022-50699,CVE-2022-50700,CVE-2022-50702,CVE-2022-50703,CVE-2022-50704,CVE-2022-50709,CVE-2022-50715,CVE-2022-50716,CVE-2022-50717,CVE-2022-50718,CVE-2022-50719,CVE-2022-50722,CVE-2022-50724,CVE-2022-50726,CVE-2022-50727,CVE-2022-50728,CVE-2022-50730,CVE-2022-50731,CVE-2022-50732,CVE-2022-50733,CVE-2022-50735,CVE-2022-50736,CVE-2022-50740,CVE-2022-50742,CVE-2022-50744,CVE-2022-50745,CVE-2022-50747,CVE-2022-50749,CVE-2022-50750,CVE-2022-50751,CVE-2022-50752,CVE-2022-50754,CVE-2022-50755,CVE-2022-50756,CVE-2022-50757,CVE-2022-50758,CVE-2022-50760,CVE-2022-50761,CVE-2022-50763,CVE-2022-50767,CVE-2022-50769,CVE-2022-50770,CVE-2022-50773,CVE-2022-50774,CVE-2022-50776,CVE-2022-50777,CVE-2022-50779,CVE-2022-50781,CVE-2022-50782,CVE-2022-50809,CVE-2022-50814,CVE-2022-50819,CVE-2022-50821,CVE-2022-50822,CVE-2022-50823,CVE-2022-50824,CVE-2022-50826,CVE-2022-50827,CVE-2022-50828,C VE-2022-50829,CVE-2022-50830,CVE-2022-50832,CVE-2022-50834,CVE-2022-50835,CVE-2022-50836,CVE-2022-50839,CVE-2022-50840,CVE-2022-50842,CVE-2022-50843,CVE-2022-50844,CVE-2022-50845,CVE-2022-50846,CVE-2022-50848,CVE-2022-50849,CVE-2022-50850,CVE-2022-50851,CVE-2022-50853,CVE-2022-50856,CVE-2022-50858,CVE-2022-50859,CVE-2022-50860,CVE-2022-50861,CVE-2022-50864,CVE-2022-50866,CVE-2022-50868,CVE-2022-50870,CVE-2022-50872,CVE-2022-50876,CVE-2022-50878,CVE-2022-50880,CVE-2022-50881,CVE-2022-50882,CVE-2022-50884,CVE-2022-50885,CVE-2022-50886,CVE-2022-50887,CVE-2022-50888,CVE-2022-50889,CVE-2023-23559,CVE-2023-52433,CVE-2023-52923,CVE-2023-53178,CVE-2023-53215,CVE-2023-53254,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53743,CVE-2023-53744,CVE-2023-53746,CVE-2023-53747,CVE-2023-53751,CVE-2023-53754,CVE-2023-53755,CVE-2023-53761,CVE-2023-53766,CVE-2023-53781,CVE-2023-53783,CVE-2023-53786,CVE-2023-53788,CVE-2023-53792,CVE-2023-53794,CVE-2023-53802,CVE-2023-53803,CVE-2023 -53804,CVE-2023-53808,CVE-2023-53811,CVE-2023-53814,CVE-2023-53818,CVE-2023-53819,CVE-2023-53820,CVE-2023-53827,CVE-2023-53830,CVE-2023-53832,CVE-2023-53834,CVE-2023-53837,CVE-2023-53840,CVE-2023-53842,CVE-2023-53844,CVE-2023-53845,CVE-2023-53847,CVE-2023-53850,CVE-2023-53852,CVE-2023-53858,CVE-2023-53862,CVE-2023-53866,CVE-2023-53990,CVE-2023-53991,CVE-2023-53996,CVE-2023-53998,CVE-2023-54001,CVE-2023-54003,CVE-2023-54007,CVE-2023-54009,CVE-2023-54010,CVE-2023-54014,CVE-2023-54015,CVE-2023-54018,CVE-2023-54019,CVE-2023-54020,CVE-2023-54021,CVE-2023-54024,CVE-2023-54025,CVE-2023-54026,CVE-2023-54028,CVE-2023-54036,CVE-2023-54039,CVE-2023-54040,CVE-2023-54042,CVE-2023-54045,CVE-2023-54046,CVE-2023-54048,CVE-2023-54049,CVE-2023-54050,CVE-2023-54051,CVE-2023-54053,CVE-2023-54055,CVE-2023-54058,CVE-2023-54064,CVE-2023-54072,CVE-2023-54076,CVE-2023-54078,CVE-2023-54079,CVE-2023-54083,CVE-2023-54084,CVE-2023-54090,CVE-2023-54091,CVE-2023-54092,CVE-2023-54095,CVE-2023-54096,CVE-2023-54097, CVE-2023-54098,CVE-2023-54100,CVE-2023-54102,CVE-2023-54104,CVE-2023-54108,CVE-2023-54110,CVE-2023-54111,CVE-2023-54115,CVE-2023-54118,CVE-2023-54119,CVE-2023-54120,CVE-2023-54122,CVE-2023-54123,CVE-2023-54126,CVE-2023-54127,CVE-2023-54130,CVE-2023-54131,CVE-2023-54136,CVE-2023-54140,CVE-2023-54142,CVE-2023-54146,CVE-2023-54150,CVE-2023-54153,CVE-2023-54156,CVE-2023-54159,CVE-2023-54166,CVE-2023-54168,CVE-2023-54170,CVE-2023-54171,CVE-2023-54173,CVE-2023-54177,CVE-2023-54179,CVE-2023-54183,CVE-2023-54186,CVE-2023-54189,CVE-2023-54190,CVE-2023-54197,CVE-2023-54198,CVE-2023-54199,CVE-2023-54201,CVE-2023-54202,CVE-2023-54205,CVE-2023-54208,CVE-2023-54211,CVE-2023-54213,CVE-2023-54214,CVE-2023-54219,CVE-2023-54230,CVE-2023-54236,CVE-2023-54242,CVE-2023-54243,CVE-2023-54244,CVE-2023-54245,CVE-2023-54252,CVE-2023-54260,CVE-2023-54264,CVE-2023-54266,CVE-2023-54269,CVE-2023-54270,CVE-2023-54271,CVE-2023-54274,CVE-2023-54275,CVE-2023-54277,CVE-2023-54280,CVE-2023-54284,CVE-2023-54286,CVE-202 3-54287,CVE-2023-54289,CVE-2023-54292,CVE-2023-54293,CVE-2023-54294,CVE-2023-54295,CVE-2023-54298,CVE-2023-54299,CVE-2023-54300,CVE-2023-54301,CVE-2023-54302,CVE-2023-54304,CVE-2023-54305,CVE-2023-54309,CVE-2023-54311,CVE-2023-54315,CVE-2023-54317,CVE-2023-54319,CVE-2023-54321,CVE-2023-54325,CVE-2023-54326,CVE-2024-26581,CVE-2024-26832,CVE-2024-28956,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44987,CVE-2024-46854,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21738,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-39977,CVE-2025-40019,CVE-2025-40044,CVE-2025-40139,CVE-2025-40215,CVE-2025-40220,CVE-2025-40233,CVE-2025-40256,CVE-2025-40257,CVE-2025-40258,CVE-2025-40277,CVE-2025-40280,CVE-2025-40300,CVE-2025-40331,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68732,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089 ,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001,CVE-2026-23074,CVE-2026-23089 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785). - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576). - CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397). - CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871). - CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006). - CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678). - CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). The following non security issues were fixed: - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86/CPU/AMD: Add ZenX generations flags (bsc#1238896). - x86/its: Fix crash during dynamic its initialization (bsc#1257771). - x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771). - x86: make page fault handling disable interrupts properly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:664-1 Released: Thu Feb 26 16:15:04 2026 Summary: Security update for python3 Type: security Severity: important References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865 This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:694-1 Released: Fri Feb 27 16:14:32 2026 Summary: Security update for gpg2 Type: security Severity: moderate References: 1256389 This update for gpg2 fixes the following issues: Security fix: - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data (bsc#1256389) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:741-1 Released: Mon Mar 2 09:11:04 2026 Summary: Security update for shim Type: security Severity: moderate References: 1240871,1247432,CVE-2024-2312 This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix 'Verifiying' typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as 'vendor_db' - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:791-1 Released: Tue Mar 3 16:59:33 2026 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1257463 This update for gcc15 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:823-1 Released: Thu Mar 5 15:32:08 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1258022 This update for grub2 fixes the following issues: - Backport upstream's commit to prevent BIOS assert (bsc#1258022) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:826-1 Released: Thu Mar 5 16:16:29 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:837-1 Released: Fri Mar 6 08:30:05 2026 Summary: Recommended update for syslogd Type: recommended Severity: moderate References: This update for syslogd fixes the following issues: - Drop last sysvinit Requirement/Provide (jsc#PED-13698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:862-1 Released: Wed Mar 11 10:59:55 2026 Summary: Security update for gnutls Type: security Severity: moderate References: 1257960,CVE-2025-14831 This update for gnutls fixes the following issues: - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) (bsc#1257960). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:896-1 Released: Fri Mar 13 16:25:07 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) - CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) - CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:911-1 Released: Tue Mar 17 20:56:12 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:912-1 Released: Wed Mar 18 07:19:42 2026 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1229003,1258002 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user during install: allow rpm to properly execute %clean when completed. - Create /var/lib/ca-certificates during build to ensure rpm gives the %ghost'ed directory proper mode attributes. - Updated to 2.84 state (bsc#1258002) * Removed: + Baltimore CyberTrust Root + CommScope Public Trust ECC Root-01 + CommScope Public Trust ECC Root-02 + CommScope Public Trust RSA Root-01 + CommScope Public Trust RSA Root-02 + DigiNotar Root CA * Added: + e-Szigno TLS Root CA 2023 + OISTE Client Root ECC G1 + OISTE Client Root RSA G1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 + SwissSign RSA SMIME Root CA 2022 - 1 + SwissSign RSA TLS Root CA 2022 - 1 + TrustAsia SMIME ECC Root CA + TrustAsia SMIME RSA Root CA + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA - reenable the distrusted certs again. the distrust is only for certs issued after the distrust date, not for all certs of a CA. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:931-1 Released: Thu Mar 19 09:23:14 2026 Summary: Security update for jq Type: security Severity: low References: 1248600,CVE-2025-9403 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:949-1 Released: Fri Mar 20 19:08:19 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:982-1 Released: Mon Mar 23 17:48:23 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1258859,CVE-2026-3184 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:984-1 Released: Mon Mar 23 23:20:28 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1238917,1255075,1256645,1257231,1257473,1257732,1257735,1258340,1258395,1258518,1258849,1258850,1259857,CVE-2025-21738,CVE-2025-40242,CVE-2025-71066,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23191,CVE-2026-23204,CVE-2026-23209,CVE-2026-23268,CVE-2026-23269 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850). - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857). The following non-security bugs were fixed: - Disable CONFIG_NET_SCH_ATM (jsc#PED-12836). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1061-1 Released: Thu Mar 26 11:35:08 2026 Summary: Security update for systemd Type: security Severity: important References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - 6a38d88a42 machined: reject invalid class types when registering machines - 8c9a592e5a udev: fix review mixup - b57007a917 udev-builtin-net-id: print cescaped bad attributes - ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX - 0f63e799e6 udev: ensure tag parsing stays within bounds - 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf - 5be21460ce udev: check for invalid chars in various fields received from the kernel - 9559607b16 core/cgroup: avoid one unnecessary strjoina() - fcae348ca4 core: validate input cgroup path more prudently - a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere - 08125d6b06 units: add dep on systemd-logind.service by user at .service ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1065-1 Released: Thu Mar 26 11:38:12 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1067-1 Released: Thu Mar 26 11:39:01 2026 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1254867,1259829,CVE-2025-66471 This update for python-urllib3 fixes the following issue: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1090-1 Released: Thu Mar 26 18:44:54 2026 Summary: Security update for python3 Type: security Severity: important References: 1257181,CVE-2026-1299 This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1095-1 Released: Thu Mar 26 19:05:08 2026 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1105-1 Released: Fri Mar 27 08:03:05 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1158-1 Released: Tue Mar 31 13:55:47 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1259803,CVE-2026-30922 This update for python-pyasn1 fixes the following issues: - CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1166-1 Released: Thu Apr 2 03:08:04 2026 Summary: Security update for expat Type: security Severity: important References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1177-1 Released: Thu Apr 2 17:00:30 2026 Summary: Security update for tar Type: security Severity: important References: 1246399,CVE-2025-45582 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1247-1 Released: Fri Apr 10 12:34:39 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1259845,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1257-1 Released: Fri Apr 10 16:59:14 2026 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1309-1 Released: Tue Apr 14 12:39:22 2026 Summary: Security update for sudo Type: security Severity: important References: 1261420,CVE-2026-35535 This update for sudo fixes the following issue: - CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2026:1315-1 Released: Tue Apr 14 13:26:20 2026 Summary: Optional update for rsyslog Type: optional Severity: moderate References: This update for rsyslog fixes the following issue: - add the rsyslog-module-ossl (openssl TLS support). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1323-1 Released: Tue Apr 14 15:11:50 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1260754,CVE-2026-33416 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1383-1 Released: Thu Apr 16 11:14:40 2026 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1230861,1239439,1241002,1244550,1257490,1257625,1257667,1257825,1261155 This update for suseconnect-ng fixes the following issues: - Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). - Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) - Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) - Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library - Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1387-1 Released: Thu Apr 16 11:17:48 2026 Summary: Security update for vim Type: security Severity: important References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982 This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). - CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). - CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1399-1 Released: Thu Apr 16 12:44:14 2026 Summary: Security update for cups Type: security Severity: important References: 1261568,CVE-2026-34990 This update for cups fixes the following issue: - CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1400-1 Released: Thu Apr 16 12:47:09 2026 Summary: Security update for python-PyJWT Type: security Severity: important References: 1259616,CVE-2026-32597 This update for python-PyJWT fixes the following issues: - CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1428-1 Released: Fri Apr 17 12:00:40 2026 Summary: Security update for bind Type: security Severity: important References: 1260805,CVE-2026-1519 This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1432-1 Released: Fri Apr 17 12:12:08 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1487-1 Released: Mon Apr 20 17:52:11 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1495-1 Released: Mon Apr 20 17:59:12 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1562-1 Released: Thu Apr 23 09:05:52 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1261678,CVE-2026-28390 This update for openssl-1_1 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1563-1 Released: Thu Apr 23 09:07:39 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1246057,1256504,1256675,1257773,1259797,1260005,1260009,CVE-2025-38234,CVE-2025-68818,CVE-2026-23103,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). The following non security issue was fixed: - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1565-1 Released: Thu Apr 23 09:08:29 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1644-1 Released: Tue Apr 28 15:31:39 2026 Summary: Security update for python-requests Type: security Severity: moderate References: 1260589,CVE-2026-25645 This update for python-requests fixes the following issues: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1659-1 Released: Wed Apr 29 13:09:06 2026 Summary: Security update for sed Type: security Severity: moderate References: 1262144,CVE-2026-5958 This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1665-1 Released: Thu Apr 30 16:53:18 2026 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1222465,1234736 This update for util-linux fixes the following issues: - Recognize fuse 'portal' as a virtual file system (bsc#1234736). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1672-1 Released: Sat May 2 08:02:29 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one security issue. The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1692-1 Released: Tue May 5 10:03:54 2026 Summary: Security update for xen Type: security Severity: moderate References: 1262178,1262180,1262428,CVE-2025-54505,CVE-2026-23557,CVE-2026-23558 This update for xen fixes the following issues: - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 (bsc#1262428). - CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178). - CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1721-1 Released: Wed May 6 16:43:37 2026 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1253223,1258406,1258730 This update for cloud-netconfig fixes the following issues: - Update to version 1.19: * Make sure IPADDR variable is stripped of netmask - Update to version 1.18: * Fix issue with link-local address routing (bsc#1258730) - Update to version 1.17: * Do not set broadcast address explicitly (bsc#1258406) - Update to version 1.16: * Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223) * Fix variable names in the README ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1757-1 Released: Thu May 7 16:02:15 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1259543 This update for grub2 fixes the following issues: - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1758-1 Released: Thu May 7 16:03:01 2026 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1261274 This update for dracut fixes the following issues: - Update to version 055+suse.362.ge7032140: * fix: make iso-scan trigger udev events (bsc#1261274) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bind-utils-9.16.50-150400.5.59.1 updated - ca-certificates-mozilla-2.84-150200.44.1 updated - chrony-pool-suse-4.1-150400.21.8.1 updated - chrony-4.1-150400.21.8.1 updated - cifs-utils-6.15-150400.3.18.1 updated - cloud-netconfig-azure-1.19-150000.25.31.1 updated - containerd-ctr-1.7.29-150000.132.1 updated - containerd-1.7.29-150000.132.1 updated - cups-config-2.2.7-150000.3.86.1 updated - curl-8.14.1-150400.5.83.1 updated - dracut-055+suse.362.ge7032140-150400.3.43.1 updated - elfutils-0.185-150400.5.8.3 updated - glibc-locale-base-2.31-150300.98.1 updated - glibc-locale-2.31-150300.98.1 updated - glibc-2.31-150300.98.1 updated - gpg2-2.2.27-150300.3.19.1 updated - grub2-i386-pc-2.06-150400.11.72.2 updated - grub2-x86_64-efi-2.06-150400.11.72.2 updated - grub2-2.06-150400.11.72.2 updated - hyper-v-9-150200.14.14.1 updated - jq-1.6-150000.3.12.1 updated - kernel-default-5.14.21-150400.24.205.1 updated - kmod-29-150300.4.18.1 updated - libasm1-0.185-150400.5.8.3 updated - libavahi-client3-0.8-150400.7.26.1 updated - libavahi-common3-0.8-150400.7.26.1 updated - libblkid1-2.37.2-150400.8.44.1 updated - libcap2-2.63-150400.3.6.1 updated - libcups2-2.2.7-150000.3.86.1 updated - libcurl4-8.14.1-150400.5.83.1 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libexpat1-2.7.1-150400.3.37.1 updated - libfdisk1-2.37.2-150400.8.44.1 updated - libfreetype6-2.10.4-150000.4.25.1 updated - libgcc_s1-15.2.0+git10201-150000.1.9.1 updated - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libgnutls30-3.7.3-150400.4.56.1 updated - libjq1-1.6-150000.3.12.1 updated - libkmod2-29-150300.4.18.1 updated - libmount1-2.37.2-150400.8.44.1 updated - libncurses6-6.1-150000.5.33.1 updated - libnghttp2-14-1.40.0-150200.22.1 updated - libopenssl1_1-1.1.1l-150400.7.93.1 updated - libpcap1-1.10.1-150400.3.9.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libpng16-16-1.6.34-150000.3.22.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsmartcols1-2.37.2-150400.8.44.1 updated - libsqlite3-0-3.51.3-150000.3.39.1 updated - libssh-config-0.9.8-150400.3.17.1 updated - libssh4-0.9.8-150400.3.17.1 updated - libstdc++6-15.2.0+git10201-150000.1.9.1 updated - libsystemd0-249.17-150400.8.55.1 updated - libtasn1-6-4.13-150000.4.14.1 updated - libtasn1-4.13-150000.4.14.1 updated - libudev1-249.17-150400.8.55.1 updated - libuuid1-2.37.2-150400.8.44.1 updated - libxml2-2-2.9.14-150400.5.55.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - openssh-clients-8.4p1-150300.3.57.1 updated - openssh-common-8.4p1-150300.3.57.1 updated - openssh-server-8.4p1-150300.3.57.1 updated - openssh-8.4p1-150300.3.57.1 updated - openssl-1_1-1.1.1l-150400.7.93.1 updated - pciutils-3.13.0-150300.13.12.1 updated - python-azure-agent-config-server-2.14.0.1-150100.3.53.1 updated - python-azure-agent-2.14.0.1-150100.3.53.1 updated - python3-PyJWT-2.4.0-150200.3.11.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-bind-9.16.50-150400.5.59.1 updated - python3-pyasn1-0.4.2-150000.3.16.1 updated - python3-requests-2.25.1-150300.3.21.1 updated - python3-urllib3-1.25.10-150300.4.24.1 updated - python3-3.6.15-150300.10.118.1 updated - rsyslog-module-relp-8.2306.0-150400.5.35.1 updated - rsyslog-8.2306.0-150400.5.35.1 updated - runc-1.3.4-150000.92.1 updated - sed-4.4-150300.13.6.1 updated - shim-16.1-150300.4.31.3 updated - sudo-1.9.9-150400.4.42.1 updated - supportutils-3.2.12.1-150300.7.35.39.1 updated - suseconnect-ng-1.21.1-150400.3.49.1 updated - syslog-service-2.0-150300.13.3.1 updated - systemd-sysvinit-249.17-150400.8.55.1 updated - systemd-249.17-150400.8.55.1 updated - tar-1.34-150000.3.37.1 updated - terminfo-base-6.1-150000.5.33.1 updated - terminfo-6.1-150000.5.33.1 updated - udev-249.17-150400.8.55.1 updated - util-linux-systemd-2.37.2-150400.8.44.1 updated - util-linux-2.37.2-150400.8.44.1 updated - vim-data-common-9.2.0280-150000.5.89.1 updated - vim-9.2.0280-150000.5.89.1 updated - xen-libs-4.16.7_08-150400.4.81.2 updated From sle-container-updates at lists.suse.com Sat May 9 07:04:30 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 May 2026 09:04:30 +0200 (CEST) Subject: SUSE-IU-2026:3235-1: Security update of sles-15-sp4-chost-byos-v20260507-arm64 Message-ID: <20260509070430.A61ABFB96@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20260507-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3235-1 Image Tags : sles-15-sp4-chost-byos-v20260507-arm64:20260507 Image Release : Severity : important Type : security References : 1001888 1006827 1029961 1065729 1065729 1098094 1098228 1170554 1192862 1193629 1194869 1196823 1198323 1204957 1205128 1205567 1206798 1206889 1206893 1207051 1207088 1207611 1207612 1207619 1207620 1207622 1207636 1207644 1207646 1207652 1207653 1208570 1208758 1209799 1210763 1210817 1210943 1211162 1211690 1211692 1213025 1213032 1213093 1213098 1213105 1213110 1213111 1213114 1213653 1213747 1213747 1213867 1214635 1214940 1214954 1214962 1214986 1214990 1214992 1215148 1216062 1217366 1220137 1220144 1222465 1223007 1224138 1228015 1229003 1229750 1230185 1230861 1231084 1232351 1232526 1233038 1234225 1234736 1235905 1236104 1236104 1236208 1237236 1237240 1237241 1237242 1237885 1237906 1238414 1238491 1238754 1238763 1238896 1238917 1238917 1239119 1239439 1239566 1239938 1240788 1240871 1241002 1241284 1242006 1243794 1243991 1244003 1244011 1244050 1244057 1244057 1244550 1244758 1244904 1244937 1245110 1245199 1245210 1245667 1245723 1245751 1246011 1246025 1246057 1246399 1246544 1246602 1246965 1246974 1247177 1247432 1247483 1247850 1248306 1248377 1248586 1248600 1248807 1248816 1249055 1249076 1249156 1249158 1249375 1249479 1249608 1249657 1249806 1249827 1249857 1249859 1249871 1249988 1250224 1250397 1250553 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251040 1251043 1251045 1251047 1251052 1251057 1251059 1251061 1251063 1251064 1251065 1251066 1251068 1251072 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251154 1251159 1251164 1251166 1251169 1251170 1251173 1251178 1251180 1251182 1251197 1251198 1251199 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251222 1251223 1251230 1251247 1251268 1251271 1251281 1251282 1251283 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251302 1251303 1251305 1251306 1251310 1251312 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251786 1251823 1251930 1251967 1252033 1252033 1252035 1252046 1252047 1252069 1252110 1252148 1252232 1252232 1252265 1252267 1252318 1252338 1252379 1252380 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252634 1252678 1252688 1252692 1252780 1252785 1252785 1252862 1252893 1252904 1252919 1252931 1252932 1252933 1252934 1252935 1252974 1253028 1253043 1253126 1253132 1253223 1253367 1253409 1253431 1253436 1253702 1253741 1253757 1253783 1254132 1254157 1254158 1254159 1254160 1254180 1254297 1254353 1254353 1254362 1254400 1254401 1254425 1254462 1254463 1254464 1254480 1254520 1254559 1254562 1254572 1254578 1254580 1254592 1254608 1254609 1254614 1254615 1254617 1254625 1254631 1254632 1254634 1254644 1254645 1254649 1254653 1254656 1254658 1254660 1254662 1254664 1254666 1254670 1254670 1254671 1254674 1254676 1254677 1254686 1254690 1254692 1254694 1254696 1254698 1254699 1254704 1254706 1254709 1254710 1254711 1254712 1254713 1254714 1254716 1254723 1254725 1254728 1254729 1254743 1254745 1254751 1254756 1254759 1254763 1254767 1254775 1254780 1254781 1254782 1254783 1254785 1254788 1254789 1254792 1254813 1254842 1254843 1254847 1254851 1254878 1254894 1254902 1254915 1254916 1254917 1254920 1254959 1254974 1254986 1254994 1254997 1255002 1255005 1255007 1255049 1255060 1255075 1255163 1255165 1255171 1255251 1255377 1255401 1255467 1255469 1255521 1255528 1255546 1255549 1255554 1255555 1255558 1255560 1255562 1255565 1255574 1255576 1255578 1255582 1255594 1255600 1255607 1255608 1255609 1255618 1255619 1255620 1255623 1255624 1255626 1255627 1255628 1255636 1255688 1255690 1255697 1255702 1255704 1255715 1255731 1255732 1255733 1255734 1255749 1255750 1255757 1255758 1255760 1255762 1255765 1255769 1255771 1255773 1255780 1255786 1255787 1255789 1255790 1255791 1255792 1255796 1255797 1255800 1255801 1255802 1255803 1255804 1255806 1255808 1255819 1255839 1255843 1255844 1255872 1255875 1255876 1255877 1255878 1255880 1255889 1255901 1255902 1255905 1255906 1255908 1255909 1255910 1255912 1255919 1255922 1255925 1255939 1255950 1255953 1255954 1255962 1255964 1255968 1255969 1255970 1255971 1255978 1255979 1255983 1255985 1255990 1255993 1255994 1255996 1256034 1256040 1256042 1256045 1256046 1256048 1256049 1256053 1256056 1256057 1256062 1256063 1256064 1256065 1256074 1256081 1256086 1256091 1256093 1256095 1256099 1256105 1256114 1256115 1256118 1256119 1256121 1256122 1256124 1256125 1256126 1256127 1256130 1256131 1256132 1256133 1256136 1256137 1256140 1256141 1256142 1256143 1256145 1256149 1256152 1256154 1256155 1256157 1256158 1256162 1256165 1256167 1256172 1256173 1256174 1256177 1256178 1256179 1256182 1256184 1256185 1256186 1256188 1256189 1256191 1256192 1256193 1256194 1256196 1256199 1256200 1256202 1256203 1256204 1256205 1256206 1256207 1256208 1256211 1256215 1256216 1256219 1256220 1256221 1256223 1256228 1256230 1256231 1256235 1256241 1256242 1256244 1256245 1256246 1256248 1256250 1256254 1256260 1256265 1256269 1256271 1256274 1256282 1256285 1256291 1256295 1256300 1256306 1256317 1256320 1256323 1256326 1256328 1256333 1256334 1256335 1256337 1256338 1256341 1256344 1256346 1256349 1256353 1256355 1256368 1256370 1256375 1256382 1256383 1256384 1256386 1256388 1256389 1256390 1256391 1256394 1256395 1256396 1256397 1256423 1256426 1256432 1256498 1256499 1256500 1256504 1256525 1256526 1256582 1256612 1256623 1256641 1256645 1256675 1256709 1256726 1256744 1256745 1256747 1256766 1256779 1256792 1256804 1256805 1256807 1256808 1256809 1256810 1256811 1256812 1256822 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1256906 1257005 1257029 1257031 1257041 1257042 1257044 1257046 1257049 1257144 1257181 1257231 1257232 1257236 1257296 1257364 1257365 1257463 1257473 1257473 1257490 1257496 1257593 1257594 1257595 1257625 1257667 1257732 1257735 1257749 1257771 1257773 1257790 1257825 1257960 1258002 1258020 1258022 1258045 1258049 1258054 1258080 1258081 1258229 1258340 1258395 1258406 1258518 1258730 1258849 1258850 1258859 1259051 1259362 1259362 1259363 1259364 1259365 1259377 1259418 1259543 1259611 1259619 1259650 1259697 1259711 1259726 1259729 1259734 1259735 1259797 1259845 1259857 1259924 1259985 1259989 1260005 1260009 1260026 1260441 1260442 1260443 1260444 1260445 1260754 1260805 1261155 1261191 1261271 1261274 1261420 1261568 1261678 1261809 1261969 1261970 1262098 1262144 1262178 1262180 1262319 1262428 1262573 1262631 1262632 1262635 1262636 1262638 1262654 529469 837347 CVE-2022-0854 CVE-2022-43945 CVE-2022-48853 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50280 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50525 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2022-50614 CVE-2022-50615 CVE-2022-50617 CVE-2022-50618 CVE-2022-50619 CVE-2022-50622 CVE-2022-50623 CVE-2022-50625 CVE-2022-50626 CVE-2022-50629 CVE-2022-50630 CVE-2022-50633 CVE-2022-50635 CVE-2022-50636 CVE-2022-50638 CVE-2022-50640 CVE-2022-50641 CVE-2022-50643 CVE-2022-50644 CVE-2022-50646 CVE-2022-50649 CVE-2022-50652 CVE-2022-50653 CVE-2022-50656 CVE-2022-50658 CVE-2022-50660 CVE-2022-50661 CVE-2022-50662 CVE-2022-50664 CVE-2022-50666 CVE-2022-50668 CVE-2022-50669 CVE-2022-50670 CVE-2022-50671 CVE-2022-50672 CVE-2022-50673 CVE-2022-50675 CVE-2022-50677 CVE-2022-50678 CVE-2022-50679 CVE-2022-50697 CVE-2022-50698 CVE-2022-50699 CVE-2022-50700 CVE-2022-50702 CVE-2022-50703 CVE-2022-50704 CVE-2022-50709 CVE-2022-50715 CVE-2022-50716 CVE-2022-50717 CVE-2022-50718 CVE-2022-50719 CVE-2022-50722 CVE-2022-50724 CVE-2022-50726 CVE-2022-50727 CVE-2022-50728 CVE-2022-50730 CVE-2022-50731 CVE-2022-50732 CVE-2022-50733 CVE-2022-50735 CVE-2022-50736 CVE-2022-50740 CVE-2022-50742 CVE-2022-50744 CVE-2022-50745 CVE-2022-50747 CVE-2022-50749 CVE-2022-50750 CVE-2022-50751 CVE-2022-50752 CVE-2022-50754 CVE-2022-50755 CVE-2022-50756 CVE-2022-50757 CVE-2022-50758 CVE-2022-50760 CVE-2022-50761 CVE-2022-50763 CVE-2022-50767 CVE-2022-50769 CVE-2022-50770 CVE-2022-50773 CVE-2022-50774 CVE-2022-50776 CVE-2022-50777 CVE-2022-50779 CVE-2022-50781 CVE-2022-50782 CVE-2022-50809 CVE-2022-50814 CVE-2022-50819 CVE-2022-50821 CVE-2022-50822 CVE-2022-50823 CVE-2022-50824 CVE-2022-50826 CVE-2022-50827 CVE-2022-50828 CVE-2022-50829 CVE-2022-50830 CVE-2022-50832 CVE-2022-50834 CVE-2022-50835 CVE-2022-50836 CVE-2022-50839 CVE-2022-50840 CVE-2022-50842 CVE-2022-50843 CVE-2022-50844 CVE-2022-50845 CVE-2022-50846 CVE-2022-50848 CVE-2022-50849 CVE-2022-50850 CVE-2022-50851 CVE-2022-50853 CVE-2022-50856 CVE-2022-50858 CVE-2022-50859 CVE-2022-50860 CVE-2022-50861 CVE-2022-50864 CVE-2022-50866 CVE-2022-50868 CVE-2022-50870 CVE-2022-50872 CVE-2022-50876 CVE-2022-50878 CVE-2022-50880 CVE-2022-50881 CVE-2022-50882 CVE-2022-50884 CVE-2022-50885 CVE-2022-50886 CVE-2022-50887 CVE-2022-50888 CVE-2022-50889 CVE-2023-23559 CVE-2023-52433 CVE-2023-52923 CVE-2023-52923 CVE-2023-53178 CVE-2023-53215 CVE-2023-53254 CVE-2023-53365 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53541 CVE-2023-53542 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53559 CVE-2023-53560 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53576 CVE-2023-53579 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53676 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53715 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-53743 CVE-2023-53744 CVE-2023-53746 CVE-2023-53747 CVE-2023-53751 CVE-2023-53754 CVE-2023-53755 CVE-2023-53761 CVE-2023-53766 CVE-2023-53781 CVE-2023-53783 CVE-2023-53786 CVE-2023-53788 CVE-2023-53792 CVE-2023-53794 CVE-2023-53802 CVE-2023-53803 CVE-2023-53804 CVE-2023-53808 CVE-2023-53811 CVE-2023-53814 CVE-2023-53818 CVE-2023-53819 CVE-2023-53820 CVE-2023-53827 CVE-2023-53830 CVE-2023-53832 CVE-2023-53834 CVE-2023-53837 CVE-2023-53840 CVE-2023-53842 CVE-2023-53844 CVE-2023-53845 CVE-2023-53847 CVE-2023-53850 CVE-2023-53852 CVE-2023-53858 CVE-2023-53862 CVE-2023-53866 CVE-2023-53990 CVE-2023-53991 CVE-2023-53996 CVE-2023-53998 CVE-2023-54001 CVE-2023-54003 CVE-2023-54007 CVE-2023-54009 CVE-2023-54010 CVE-2023-54014 CVE-2023-54015 CVE-2023-54018 CVE-2023-54019 CVE-2023-54020 CVE-2023-54021 CVE-2023-54024 CVE-2023-54025 CVE-2023-54026 CVE-2023-54028 CVE-2023-54036 CVE-2023-54039 CVE-2023-54040 CVE-2023-54042 CVE-2023-54045 CVE-2023-54046 CVE-2023-54048 CVE-2023-54049 CVE-2023-54050 CVE-2023-54051 CVE-2023-54053 CVE-2023-54055 CVE-2023-54058 CVE-2023-54064 CVE-2023-54072 CVE-2023-54076 CVE-2023-54078 CVE-2023-54079 CVE-2023-54083 CVE-2023-54084 CVE-2023-54090 CVE-2023-54091 CVE-2023-54092 CVE-2023-54095 CVE-2023-54096 CVE-2023-54097 CVE-2023-54098 CVE-2023-54100 CVE-2023-54102 CVE-2023-54104 CVE-2023-54108 CVE-2023-54110 CVE-2023-54111 CVE-2023-54115 CVE-2023-54118 CVE-2023-54119 CVE-2023-54120 CVE-2023-54122 CVE-2023-54123 CVE-2023-54126 CVE-2023-54127 CVE-2023-54130 CVE-2023-54131 CVE-2023-54136 CVE-2023-54140 CVE-2023-54142 CVE-2023-54146 CVE-2023-54150 CVE-2023-54153 CVE-2023-54156 CVE-2023-54159 CVE-2023-54166 CVE-2023-54168 CVE-2023-54170 CVE-2023-54171 CVE-2023-54173 CVE-2023-54177 CVE-2023-54179 CVE-2023-54183 CVE-2023-54186 CVE-2023-54189 CVE-2023-54190 CVE-2023-54197 CVE-2023-54198 CVE-2023-54199 CVE-2023-54201 CVE-2023-54202 CVE-2023-54205 CVE-2023-54208 CVE-2023-54211 CVE-2023-54213 CVE-2023-54214 CVE-2023-54219 CVE-2023-54230 CVE-2023-54236 CVE-2023-54242 CVE-2023-54243 CVE-2023-54244 CVE-2023-54245 CVE-2023-54252 CVE-2023-54260 CVE-2023-54264 CVE-2023-54266 CVE-2023-54269 CVE-2023-54270 CVE-2023-54271 CVE-2023-54274 CVE-2023-54275 CVE-2023-54277 CVE-2023-54280 CVE-2023-54284 CVE-2023-54286 CVE-2023-54287 CVE-2023-54289 CVE-2023-54292 CVE-2023-54293 CVE-2023-54294 CVE-2023-54295 CVE-2023-54298 CVE-2023-54299 CVE-2023-54300 CVE-2023-54301 CVE-2023-54302 CVE-2023-54304 CVE-2023-54305 CVE-2023-54309 CVE-2023-54311 CVE-2023-54315 CVE-2023-54317 CVE-2023-54319 CVE-2023-54321 CVE-2023-54325 CVE-2023-54326 CVE-2023-7324 CVE-2024-2312 CVE-2024-25621 CVE-2024-26581 CVE-2024-26832 CVE-2024-28956 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350 CVE-2024-36357 CVE-2024-44987 CVE-2024-46854 CVE-2024-50143 CVE-2024-54031 CVE-2025-10911 CVE-2025-11468 CVE-2025-11563 CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13462 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-14831 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15282 CVE-2025-15366 CVE-2025-15367 CVE-2025-21658 CVE-2025-21738 CVE-2025-21738 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164 CVE-2025-30258 CVE-2025-31133 CVE-2025-31133 CVE-2025-38068 CVE-2025-38129 CVE-2025-38159 CVE-2025-38234 CVE-2025-38375 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39977 CVE-2025-39978 CVE-2025-40018 CVE-2025-40019 CVE-2025-40040 CVE-2025-40044 CVE-2025-40044 CVE-2025-40048 CVE-2025-40088 CVE-2025-40102 CVE-2025-40121 CVE-2025-40139 CVE-2025-40154 CVE-2025-40204 CVE-2025-40215 CVE-2025-40220 CVE-2025-40233 CVE-2025-40242 CVE-2025-40256 CVE-2025-40257 CVE-2025-40258 CVE-2025-40277 CVE-2025-40280 CVE-2025-40300 CVE-2025-40331 CVE-2025-40778 CVE-2025-40780 CVE-2025-45582 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-53906 CVE-2025-54505 CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-58150 CVE-2025-58436 CVE-2025-58436 CVE-2025-58436 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61915 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-68160 CVE-2025-68183 CVE-2025-68276 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68468 CVE-2025-68471 CVE-2025-68732 CVE-2025-68813 CVE-2025-68818 CVE-2025-68973 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-7039 CVE-2025-70873 CVE-2025-71066 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-8732 CVE-2025-9403 CVE-2025-9714 CVE-2025-9820 CVE-2026-0672 CVE-2026-0861 CVE-2026-0865 CVE-2026-0915 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1299 CVE-2026-1502 CVE-2026-1519 CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796 CVE-2026-22801 CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23054 CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23103 CVE-2026-23191 CVE-2026-23204 CVE-2026-23209 CVE-2026-23243 CVE-2026-23268 CVE-2026-23269 CVE-2026-23272 CVE-2026-23274 CVE-2026-23553 CVE-2026-23557 CVE-2026-23558 CVE-2026-24515 CVE-2026-25210 CVE-2026-25646 CVE-2026-26269 CVE-2026-27135 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-28417 CVE-2026-29111 CVE-2026-31431 CVE-2026-31789 CVE-2026-31790 CVE-2026-3184 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33412 CVE-2026-33416 CVE-2026-3446 CVE-2026-34714 CVE-2026-3479 CVE-2026-34982 CVE-2026-34990 CVE-2026-35535 CVE-2026-3644 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6019 CVE-2026-6100 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20260507-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3794-1 Released: Fri Oct 24 17:36:29 2025 Summary: Security update for chrony Type: security Severity: moderate References: 1246544 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3843-1 Released: Tue Oct 28 17:40:42 2025 Summary: Security update for xen Type: security Severity: important References: 1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3853-1 Released: Wed Oct 29 15:06:03 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750 This update for vim fixes the following issues: - Fix: vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3854-1 Released: Wed Oct 29 15:10:39 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1248816 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4107-1 Released: Fri Nov 14 16:54:13 2025 Summary: Security update for bind Type: security Severity: important References: 1252379,1252380,CVE-2025-40778,CVE-2025-40780 This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4111-1 Released: Sat Nov 15 19:38:39 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214954,1214992,1215148,1217366,1236104,1249479,1249608,1249857,1249859,1249988,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251040,1251043,1251045,1251047,1251052,1251057,1251059,1251061,1251063,1251064,1251065,1251066,1251068,1251072,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251154,1251159,1251164,1251166,1251169,1251170,1251173,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251302,1251303,1251306,1251310,1251312,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1 251737,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252069,1252265,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252634,1252688,1252785,1252893,1252904,1252919,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-50488,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50 512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50525,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE-2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53541,CVE-2023-53542,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53559,CVE-2023-53560,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53576,CVE -2023-53579,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-39742,CVE-2025-39 797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-40018,CVE-2025-40044,CVE-2025-40088,CVE-2025-40102 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). - CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). The following non security issues were fixed: - fbcon: Fix OOB access in font allocation (bsc#1252033) - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4112-1 Released: Sat Nov 15 23:38:15 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4116-1 Released: Mon Nov 17 08:26:11 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4224-1 Released: Tue Nov 25 10:53:48 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4288-1 Released: Fri Nov 28 09:25:32 2025 Summary: Security update for containerd Type: security Severity: important References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4290-1 Released: Fri Nov 28 10:04:11 2025 Summary: Security update for cups Type: security Severity: moderate References: 1234225,1244057,1253783,CVE-2025-58436,CVE-2025-61915 This update for cups fixes the following issues: - CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783) - CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4319-1 Released: Wed Dec 3 13:34:00 2025 Summary: Security update for cups Type: security Severity: important References: 1254353,CVE-2025-58436 This update for cups fixes the following issues: - The fix for CVE-2025-58436 causes a regression where GTK applications will hang. (bsc#1254353) See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4425-1 Released: Wed Dec 17 12:20:02 2025 Summary: Security update for cups Type: security Severity: moderate References: 1244057,1254353,CVE-2025-58436 This update for cups fixes the following issues: Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients (bsc#1244057). Other issues fixed: - Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4436-1 Released: Wed Dec 17 14:55:46 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4525-1 Released: Fri Dec 26 13:19:00 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:27-1 Released: Mon Jan 5 13:45:08 2026 Summary: Security update for python3 Type: security Severity: moderate References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:29-1 Released: Mon Jan 5 13:58:05 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2025-39967,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033) The following non-security bugs were fixed: - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:214-1 Released: Thu Jan 22 13:09:26 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:224-1 Released: Thu Jan 22 13:18:20 2026 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1256341,CVE-2025-13151 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:360-1 Released: Mon Feb 2 10:55:33 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:394-1 Released: Thu Feb 5 16:42:04 2026 Summary: Security update for xen Type: security Severity: moderate References: 1252692,1254180,1256745,1256747,CVE-2025-58149,CVE-2025-58150,CVE-2026-23553 This update for xen fixes the following issues: Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) - CVE-2025-58149: Fixed incorrect removal od permissions on PCI device unplug allow PV guests to access memory of devices no longer assigned to it (XSA-476) (bsc#1252692) Other fixes: - Fixed virtxend service restart. Caused by a failure to start xenstored (bsc#1254180) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:462-1 Released: Thu Feb 12 08:38:20 2026 Summary: Recommended update for google-guest-configs Type: recommended Severity: important References: 1198323,1256906 This update for google-guest-configs fixes the following issues: - Update to version 20260116.00 (bsc#1256906) * set_multiqueue: Only set XPS on 'multinic accelerator platforms' - Update to version 20260112.00 * Make c4x a 'multinic accelerator platform' * set_multiqueue xps: stop assuming 2 numa nodes * Add IDPF irq setting; improve a4x-max performance * Allow test injection of the root directory and metadata server endpoint * add nic naming support for connextx VF in baremetal * bugfix for idpf only rename got skipped. * add a4x-max to google_set_multiqueue is_multinic_accelerator_platform * remove unnecessary link up and down * fix inconsistent NIC index between smart NICs and GPU NICs. - Mark %{_modprobedir}/gce-blacklist.conf as %config(noreplace) (bsc#1198323) - Update to version 20251014.00 - Update to version 20250913.00 * Swap guest-config rule from checking the build VM OS to taking in a variable for target version - from version 20250826.00 * Moved tx/rx IRQ logging after assignment * Fix core assignment in set_irq_range * Correct IRQ tx/rx affinity core assignment - Update to version 20250807.00 * Avoid duplicate entries for the metadata server in /etc/hosts - Update to version 20250709.00 * Add comments in scripts to document the behavior in google hostname setting. * Always use primary NIC IP for NetworkManager dispatcher hook. - from version 20250626.00 * Fix spelling error: 'explicilty' to 'explicitly' - Update to version 20250605.00 * Added comment to the bitmap conversion functions * Remove IRQ affinity overwrite to XPS affinity * Update XPS affinity to assign the remaining unassigned CPUs to the last queue when populating the last queue * Fix set_xps_affinity to correctly parse cpus array * Update XPS CPU assignment logic * Update CPU assignment algorithm in XPS affinity * Remove commented code * Update XPS affinity vCPU distribution algorithm s.t. the vCPUs assigned to a queue are on the same core - fixed IRQ affinity on NUMA1 not using the correct bind_cores_index * Fixed NUMA comparison error in set_xps_affinity * Update XPS affinity setup to be NUMA aware and support 64 bit CPU mask calculation - from version 20250604.00 * Bug fix: bind_cores_begin to bind_cores_index * Name smart NICs in lexicographic order - Run %postun to modify %{_sysconfdir}/sysconfig/network/ifcfg-eth0 during uninstall only to avoid removal of POST_UP_SCRIPT on upgrade - Update to version 20250516.00 * Remove unused fset * Remove unused lines * Update google_set_multiqueue to unpack IRQ ranges before core assignment - Update to version 20250501.00 * Configure local domain as route only domain to support cloud dns local domain but avoid adding it to the search path. - from version 20250409.00 * Change RDMA test condition to ensure renaming race conditions can be detected. - from version 20250328.00 * Revert 'Include systemd-networkd hook in Ubuntu packaging' - from version 20250326.00 * Update google_set_multiqueue to check pnic_ids - from version 20250221.00 * Make google_set_multiqueue aware A4X is multinic_accelerator_platform - from version 20250207.00 * Update google_set_multiqueue to adapt A4 platform * Merge branch 'GoogleCloudPlatform:master' into master * Fix IS_A3_PLATFORM syntax * Correct IS_A3_PLATFORM to save is_a3_platform results * Remove excess empty line. * Store is_a3_platform results into a global variable to avoid redundant curl calls * Skip tx affinity binding on non-gvnic interfaces only on A3 platforms. * Update comments for get_vcpu_ranges_on_accelerator_platform to reflect the expected vcpu ranges * rename get_vcpu_ranges to get_vcpu_ranges_on_accelerator_platform * Avoid IRQ binding on vCPU 0 * Fix returned value for get_vcpu_ranges * Update get_vcpu_ranges to read from sys file instead of hardcoded value * Update google_set_multiqueue to set vCPU ranges based on platform * Add comment for handling IRQ binding on non-gvnic devices * Update is_gvnic to include gvnic driver checks * revert removed echo lines * Update google_set_multiqueue to skip set_irq if nic is not a gvnic device. * Update google_set_multiqueue to enable on A3Ultra family - from version 20250124.00 * Fix missing files. This is a no-op. * Also force virtio_scsi - from version 20250116.00 * Add GPL-2 to licensing information - from version 20250107.00 * Restore IDPF devices for renaming rules - from version 20241213.00 * Remove Pat from owners file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:463-1 Released: Thu Feb 12 08:40:25 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1256709 This update for supportutils fixes the following issues: - scplugin.rc is restored in package 3.2.12.1 for continued compatibility (bsc#1256709) - Changes to version 3.2.12: * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11: * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:510-1 Released: Fri Feb 13 15:52:36 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:575-1 Released: Wed Feb 18 10:10:36 2026 Summary: Security update for libpcap Type: security Severity: low References: 1255765,CVE-2025-11961 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:577-1 Released: Wed Feb 18 16:49:13 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:596-1 Released: Mon Feb 23 16:57:20 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:606-1 Released: Tue Feb 24 12:19:29 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:617-1 Released: Tue Feb 24 16:18:34 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1193629,1194869,1196823,1204957,1205567,1206889,1207051,1207088,1207611,1207620,1207622,1207636,1207644,1207646,1207652,1207653,1208570,1208758,1209799,1210817,1210943,1211690,1213025,1213032,1213093,1213105,1213110,1213111,1213653,1213747,1213867,1214635,1214940,1214962,1214986,1214990,1216062,1220137,1220144,1223007,1228015,1230185,1231084,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1238896,1238917,1242006,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1249871,1250397,1252046,1252678,1252785,1253028,1253409,1253702,1254462,1254463,1254464,1254520,1254559,1254562,1254572,1254578,1254580,1254592,1254608,1254609,1254614,1254615,1254617,1254625,1254631,1254632,1254634,1254644,1254645,1254649,1254653,1254656,1254658,1254660,1254664,1254671,1254674,1254676,1254677,1254686,1254690,1254692,1254694,1254696,1254698,1254699,1254704,1254706,1254709,1254710,1254711,1254712,1254713,1254714,1 254716,1254723,1254725,1254728,1254729,1254743,1254745,1254751,1254756,1254759,1254763,1254767,1254775,1254780,1254781,1254782,1254783,1254785,1254788,1254789,1254792,1254813,1254842,1254843,1254847,1254851,1254894,1254902,1254915,1254916,1254917,1254920,1254959,1254974,1254986,1254994,1255002,1255005,1255007,1255049,1255060,1255163,1255165,1255171,1255251,1255377,1255401,1255467,1255469,1255521,1255528,1255546,1255549,1255554,1255555,1255558,1255560,1255562,1255565,1255574,1255576,1255578,1255582,1255594,1255600,1255607,1255608,1255609,1255618,1255619,1255620,1255623,1255624,1255626,1255627,1255628,1255636,1255688,1255690,1255697,1255702,1255704,1255749,1255750,1255757,1255758,1255760,1255762,1255769,1255771,1255773,1255780,1255786,1255787,1255789,1255790,1255791,1255792,1255796,1255797,1255800,1255801,1255802,1255803,1255804,1255806,1255808,1255819,1255839,1255843,1255844,1255872,1255875,1255876,1255877,1255878,1255880,1255889,1255901,1255902,1255905,1255906,1255908,1255909,125591 0,1255912,1255919,1255922,1255925,1255939,1255950,1255953,1255954,1255962,1255964,1255968,1255969,1255970,1255971,1255978,1255979,1255983,1255985,1255990,1255993,1255994,1255996,1256034,1256040,1256042,1256045,1256046,1256048,1256049,1256053,1256056,1256057,1256062,1256063,1256064,1256065,1256074,1256081,1256086,1256091,1256093,1256095,1256099,1256114,1256115,1256118,1256119,1256121,1256122,1256124,1256125,1256126,1256127,1256130,1256131,1256132,1256133,1256136,1256137,1256140,1256141,1256142,1256143,1256145,1256149,1256152,1256154,1256155,1256157,1256158,1256162,1256165,1256167,1256172,1256173,1256174,1256177,1256178,1256179,1256182,1256184,1256185,1256186,1256188,1256189,1256191,1256192,1256193,1256194,1256196,1256199,1256200,1256202,1256203,1256204,1256205,1256206,1256207,1256208,1256211,1256215,1256216,1256219,1256220,1256221,1256223,1256228,1256230,1256231,1256235,1256241,1256242,1256245,1256248,1256250,1256254,1256260,1256265,1256269,1256271,1256274,1256282,1256285,1256291,125 6295,1256300,1256306,1256317,1256320,1256323,1256326,1256328,1256333,1256334,1256335,1256337,1256338,1256344,1256346,1256349,1256353,1256355,1256368,1256370,1256375,1256382,1256383,1256384,1256386,1256388,1256391,1256394,1256395,1256396,1256397,1256423,1256426,1256432,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,1257749,1257771,1257790,CVE-2022-0854,CVE-2022-48853,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50614,CVE-2022-50615,CVE-2022-50617,CVE-2022-50618,CVE-2022-50619,CVE-2022-50622,CVE-2022-50623,CVE-2022-50625,CVE-2022-50626,CVE-2022-50629,CVE-2022-50630,CVE-2022-50633,CVE-2022-50635,CVE-2022-50636,CVE-2022-50638,CVE-2022-50640,CVE-2022-50641,CVE-2022-50643,CVE-2022-50644,CVE-2022-50646,CVE-2022-50649,CVE-2022-50652,CVE-2022-50653,CVE-2022-50656,CVE-2022-50658,CVE-2022-50660,CVE-2022-50661,CVE-2022-50662,CVE-2022-50664,CVE-2022-50666,CVE-2022-50668,CVE-2022-50669,CVE-2022-50670,CVE-2022-50671,CVE-2022- 50672,CVE-2022-50673,CVE-2022-50675,CVE-2022-50677,CVE-2022-50678,CVE-2022-50679,CVE-2022-50697,CVE-2022-50698,CVE-2022-50699,CVE-2022-50700,CVE-2022-50702,CVE-2022-50703,CVE-2022-50704,CVE-2022-50709,CVE-2022-50715,CVE-2022-50716,CVE-2022-50717,CVE-2022-50718,CVE-2022-50719,CVE-2022-50722,CVE-2022-50724,CVE-2022-50726,CVE-2022-50727,CVE-2022-50728,CVE-2022-50730,CVE-2022-50731,CVE-2022-50732,CVE-2022-50733,CVE-2022-50735,CVE-2022-50736,CVE-2022-50740,CVE-2022-50742,CVE-2022-50744,CVE-2022-50745,CVE-2022-50747,CVE-2022-50749,CVE-2022-50750,CVE-2022-50751,CVE-2022-50752,CVE-2022-50754,CVE-2022-50755,CVE-2022-50756,CVE-2022-50757,CVE-2022-50758,CVE-2022-50760,CVE-2022-50761,CVE-2022-50763,CVE-2022-50767,CVE-2022-50769,CVE-2022-50770,CVE-2022-50773,CVE-2022-50774,CVE-2022-50776,CVE-2022-50777,CVE-2022-50779,CVE-2022-50781,CVE-2022-50782,CVE-2022-50809,CVE-2022-50814,CVE-2022-50819,CVE-2022-50821,CVE-2022-50822,CVE-2022-50823,CVE-2022-50824,CVE-2022-50826,CVE-2022-50827,CVE-2022-50828,C VE-2022-50829,CVE-2022-50830,CVE-2022-50832,CVE-2022-50834,CVE-2022-50835,CVE-2022-50836,CVE-2022-50839,CVE-2022-50840,CVE-2022-50842,CVE-2022-50843,CVE-2022-50844,CVE-2022-50845,CVE-2022-50846,CVE-2022-50848,CVE-2022-50849,CVE-2022-50850,CVE-2022-50851,CVE-2022-50853,CVE-2022-50856,CVE-2022-50858,CVE-2022-50859,CVE-2022-50860,CVE-2022-50861,CVE-2022-50864,CVE-2022-50866,CVE-2022-50868,CVE-2022-50870,CVE-2022-50872,CVE-2022-50876,CVE-2022-50878,CVE-2022-50880,CVE-2022-50881,CVE-2022-50882,CVE-2022-50884,CVE-2022-50885,CVE-2022-50886,CVE-2022-50887,CVE-2022-50888,CVE-2022-50889,CVE-2023-23559,CVE-2023-52433,CVE-2023-52923,CVE-2023-53178,CVE-2023-53215,CVE-2023-53254,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53743,CVE-2023-53744,CVE-2023-53746,CVE-2023-53747,CVE-2023-53751,CVE-2023-53754,CVE-2023-53755,CVE-2023-53761,CVE-2023-53766,CVE-2023-53781,CVE-2023-53783,CVE-2023-53786,CVE-2023-53788,CVE-2023-53792,CVE-2023-53794,CVE-2023-53802,CVE-2023-53803,CVE-2023 -53804,CVE-2023-53808,CVE-2023-53811,CVE-2023-53814,CVE-2023-53818,CVE-2023-53819,CVE-2023-53820,CVE-2023-53827,CVE-2023-53830,CVE-2023-53832,CVE-2023-53834,CVE-2023-53837,CVE-2023-53840,CVE-2023-53842,CVE-2023-53844,CVE-2023-53845,CVE-2023-53847,CVE-2023-53850,CVE-2023-53852,CVE-2023-53858,CVE-2023-53862,CVE-2023-53866,CVE-2023-53990,CVE-2023-53991,CVE-2023-53996,CVE-2023-53998,CVE-2023-54001,CVE-2023-54003,CVE-2023-54007,CVE-2023-54009,CVE-2023-54010,CVE-2023-54014,CVE-2023-54015,CVE-2023-54018,CVE-2023-54019,CVE-2023-54020,CVE-2023-54021,CVE-2023-54024,CVE-2023-54025,CVE-2023-54026,CVE-2023-54028,CVE-2023-54036,CVE-2023-54039,CVE-2023-54040,CVE-2023-54042,CVE-2023-54045,CVE-2023-54046,CVE-2023-54048,CVE-2023-54049,CVE-2023-54050,CVE-2023-54051,CVE-2023-54053,CVE-2023-54055,CVE-2023-54058,CVE-2023-54064,CVE-2023-54072,CVE-2023-54076,CVE-2023-54078,CVE-2023-54079,CVE-2023-54083,CVE-2023-54084,CVE-2023-54090,CVE-2023-54091,CVE-2023-54092,CVE-2023-54095,CVE-2023-54096,CVE-2023-54097, CVE-2023-54098,CVE-2023-54100,CVE-2023-54102,CVE-2023-54104,CVE-2023-54108,CVE-2023-54110,CVE-2023-54111,CVE-2023-54115,CVE-2023-54118,CVE-2023-54119,CVE-2023-54120,CVE-2023-54122,CVE-2023-54123,CVE-2023-54126,CVE-2023-54127,CVE-2023-54130,CVE-2023-54131,CVE-2023-54136,CVE-2023-54140,CVE-2023-54142,CVE-2023-54146,CVE-2023-54150,CVE-2023-54153,CVE-2023-54156,CVE-2023-54159,CVE-2023-54166,CVE-2023-54168,CVE-2023-54170,CVE-2023-54171,CVE-2023-54173,CVE-2023-54177,CVE-2023-54179,CVE-2023-54183,CVE-2023-54186,CVE-2023-54189,CVE-2023-54190,CVE-2023-54197,CVE-2023-54198,CVE-2023-54199,CVE-2023-54201,CVE-2023-54202,CVE-2023-54205,CVE-2023-54208,CVE-2023-54211,CVE-2023-54213,CVE-2023-54214,CVE-2023-54219,CVE-2023-54230,CVE-2023-54236,CVE-2023-54242,CVE-2023-54243,CVE-2023-54244,CVE-2023-54245,CVE-2023-54252,CVE-2023-54260,CVE-2023-54264,CVE-2023-54266,CVE-2023-54269,CVE-2023-54270,CVE-2023-54271,CVE-2023-54274,CVE-2023-54275,CVE-2023-54277,CVE-2023-54280,CVE-2023-54284,CVE-2023-54286,CVE-202 3-54287,CVE-2023-54289,CVE-2023-54292,CVE-2023-54293,CVE-2023-54294,CVE-2023-54295,CVE-2023-54298,CVE-2023-54299,CVE-2023-54300,CVE-2023-54301,CVE-2023-54302,CVE-2023-54304,CVE-2023-54305,CVE-2023-54309,CVE-2023-54311,CVE-2023-54315,CVE-2023-54317,CVE-2023-54319,CVE-2023-54321,CVE-2023-54325,CVE-2023-54326,CVE-2024-26581,CVE-2024-26832,CVE-2024-28956,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44987,CVE-2024-46854,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21738,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-39977,CVE-2025-40019,CVE-2025-40044,CVE-2025-40139,CVE-2025-40215,CVE-2025-40220,CVE-2025-40233,CVE-2025-40256,CVE-2025-40257,CVE-2025-40258,CVE-2025-40277,CVE-2025-40280,CVE-2025-40300,CVE-2025-40331,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68732,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089 ,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001,CVE-2026-23074,CVE-2026-23089 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785). - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576). - CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397). - CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871). - CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006). - CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678). - CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). The following non security issues were fixed: - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86/CPU/AMD: Add ZenX generations flags (bsc#1238896). - x86/its: Fix crash during dynamic its initialization (bsc#1257771). - x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771). - x86: make page fault handling disable interrupts properly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:664-1 Released: Thu Feb 26 16:15:04 2026 Summary: Security update for python3 Type: security Severity: important References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865 This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:694-1 Released: Fri Feb 27 16:14:32 2026 Summary: Security update for gpg2 Type: security Severity: moderate References: 1256389 This update for gpg2 fixes the following issues: Security fix: - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data (bsc#1256389) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:741-1 Released: Mon Mar 2 09:11:04 2026 Summary: Security update for shim Type: security Severity: moderate References: 1240871,1247432,CVE-2024-2312 This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix 'Verifiying' typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as 'vendor_db' - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:791-1 Released: Tue Mar 3 16:59:33 2026 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1257463 This update for gcc15 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:823-1 Released: Thu Mar 5 15:32:08 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1258022 This update for grub2 fixes the following issues: - Backport upstream's commit to prevent BIOS assert (bsc#1258022) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:826-1 Released: Thu Mar 5 16:16:29 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:837-1 Released: Fri Mar 6 08:30:05 2026 Summary: Recommended update for syslogd Type: recommended Severity: moderate References: This update for syslogd fixes the following issues: - Drop last sysvinit Requirement/Provide (jsc#PED-13698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:862-1 Released: Wed Mar 11 10:59:55 2026 Summary: Security update for gnutls Type: security Severity: moderate References: 1257960,CVE-2025-14831 This update for gnutls fixes the following issues: - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) (bsc#1257960). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:896-1 Released: Fri Mar 13 16:25:07 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) - CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) - CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:911-1 Released: Tue Mar 17 20:56:12 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:912-1 Released: Wed Mar 18 07:19:42 2026 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1229003,1258002 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user during install: allow rpm to properly execute %clean when completed. - Create /var/lib/ca-certificates during build to ensure rpm gives the %ghost'ed directory proper mode attributes. - Updated to 2.84 state (bsc#1258002) * Removed: + Baltimore CyberTrust Root + CommScope Public Trust ECC Root-01 + CommScope Public Trust ECC Root-02 + CommScope Public Trust RSA Root-01 + CommScope Public Trust RSA Root-02 + DigiNotar Root CA * Added: + e-Szigno TLS Root CA 2023 + OISTE Client Root ECC G1 + OISTE Client Root RSA G1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 + SwissSign RSA SMIME Root CA 2022 - 1 + SwissSign RSA TLS Root CA 2022 - 1 + TrustAsia SMIME ECC Root CA + TrustAsia SMIME RSA Root CA + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA - reenable the distrusted certs again. the distrust is only for certs issued after the distrust date, not for all certs of a CA. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:931-1 Released: Thu Mar 19 09:23:14 2026 Summary: Security update for jq Type: security Severity: low References: 1248600,CVE-2025-9403 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:949-1 Released: Fri Mar 20 19:08:19 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:982-1 Released: Mon Mar 23 17:48:23 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1258859,CVE-2026-3184 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:984-1 Released: Mon Mar 23 23:20:28 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1238917,1255075,1256645,1257231,1257473,1257732,1257735,1258340,1258395,1258518,1258849,1258850,1259857,CVE-2025-21738,CVE-2025-40242,CVE-2025-71066,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23191,CVE-2026-23204,CVE-2026-23209,CVE-2026-23268,CVE-2026-23269 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850). - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857). The following non-security bugs were fixed: - Disable CONFIG_NET_SCH_ATM (jsc#PED-12836). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1061-1 Released: Thu Mar 26 11:35:08 2026 Summary: Security update for systemd Type: security Severity: important References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - 6a38d88a42 machined: reject invalid class types when registering machines - 8c9a592e5a udev: fix review mixup - b57007a917 udev-builtin-net-id: print cescaped bad attributes - ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX - 0f63e799e6 udev: ensure tag parsing stays within bounds - 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf - 5be21460ce udev: check for invalid chars in various fields received from the kernel - 9559607b16 core/cgroup: avoid one unnecessary strjoina() - fcae348ca4 core: validate input cgroup path more prudently - a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere - 08125d6b06 units: add dep on systemd-logind.service by user at .service ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1065-1 Released: Thu Mar 26 11:38:12 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1090-1 Released: Thu Mar 26 18:44:54 2026 Summary: Security update for python3 Type: security Severity: important References: 1257181,CVE-2026-1299 This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1095-1 Released: Thu Mar 26 19:05:08 2026 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1105-1 Released: Fri Mar 27 08:03:05 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1166-1 Released: Thu Apr 2 03:08:04 2026 Summary: Security update for expat Type: security Severity: important References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1177-1 Released: Thu Apr 2 17:00:30 2026 Summary: Security update for tar Type: security Severity: important References: 1246399,CVE-2025-45582 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1247-1 Released: Fri Apr 10 12:34:39 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1259845,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1257-1 Released: Fri Apr 10 16:59:14 2026 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1309-1 Released: Tue Apr 14 12:39:22 2026 Summary: Security update for sudo Type: security Severity: important References: 1261420,CVE-2026-35535 This update for sudo fixes the following issue: - CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2026:1315-1 Released: Tue Apr 14 13:26:20 2026 Summary: Optional update for rsyslog Type: optional Severity: moderate References: This update for rsyslog fixes the following issue: - add the rsyslog-module-ossl (openssl TLS support). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1323-1 Released: Tue Apr 14 15:11:50 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1260754,CVE-2026-33416 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1383-1 Released: Thu Apr 16 11:14:40 2026 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1230861,1239439,1241002,1244550,1257490,1257625,1257667,1257825,1261155 This update for suseconnect-ng fixes the following issues: - Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). - Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) - Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) - Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library - Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1387-1 Released: Thu Apr 16 11:17:48 2026 Summary: Security update for vim Type: security Severity: important References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982 This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). - CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). - CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1399-1 Released: Thu Apr 16 12:44:14 2026 Summary: Security update for cups Type: security Severity: important References: 1261568,CVE-2026-34990 This update for cups fixes the following issue: - CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1428-1 Released: Fri Apr 17 12:00:40 2026 Summary: Security update for bind Type: security Severity: important References: 1260805,CVE-2026-1519 This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1432-1 Released: Fri Apr 17 12:12:08 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1487-1 Released: Mon Apr 20 17:52:11 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1495-1 Released: Mon Apr 20 17:59:12 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1562-1 Released: Thu Apr 23 09:05:52 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1261678,CVE-2026-28390 This update for openssl-1_1 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1563-1 Released: Thu Apr 23 09:07:39 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1246057,1256504,1256675,1257773,1259797,1260005,1260009,CVE-2025-38234,CVE-2025-68818,CVE-2026-23103,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). The following non security issue was fixed: - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1565-1 Released: Thu Apr 23 09:08:29 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1659-1 Released: Wed Apr 29 13:09:06 2026 Summary: Security update for sed Type: security Severity: moderate References: 1262144,CVE-2026-5958 This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1665-1 Released: Thu Apr 30 16:53:18 2026 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1222465,1234736 This update for util-linux fixes the following issues: - Recognize fuse 'portal' as a virtual file system (bsc#1234736). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1672-1 Released: Sat May 2 08:02:29 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one security issue. The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1692-1 Released: Tue May 5 10:03:54 2026 Summary: Security update for xen Type: security Severity: moderate References: 1262178,1262180,1262428,CVE-2025-54505,CVE-2026-23557,CVE-2026-23558 This update for xen fixes the following issues: - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 (bsc#1262428). - CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178). - CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1721-1 Released: Wed May 6 16:43:37 2026 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1253223,1258406,1258730 This update for cloud-netconfig fixes the following issues: - Update to version 1.19: * Make sure IPADDR variable is stripped of netmask - Update to version 1.18: * Fix issue with link-local address routing (bsc#1258730) - Update to version 1.17: * Do not set broadcast address explicitly (bsc#1258406) - Update to version 1.16: * Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223) * Fix variable names in the README ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1757-1 Released: Thu May 7 16:02:15 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1259543 This update for grub2 fixes the following issues: - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1758-1 Released: Thu May 7 16:03:01 2026 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1261274 This update for dracut fixes the following issues: - Update to version 055+suse.362.ge7032140: * fix: make iso-scan trigger udev events (bsc#1261274) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bind-utils-9.16.50-150400.5.59.1 updated - ca-certificates-mozilla-2.84-150200.44.1 updated - chrony-pool-suse-4.1-150400.21.8.1 updated - chrony-4.1-150400.21.8.1 updated - cifs-utils-6.15-150400.3.18.1 updated - cloud-netconfig-gce-1.19-150000.25.31.1 updated - containerd-ctr-1.7.29-150000.132.1 updated - containerd-1.7.29-150000.132.1 updated - cups-config-2.2.7-150000.3.86.1 updated - curl-8.14.1-150400.5.83.1 updated - dracut-055+suse.362.ge7032140-150400.3.43.1 updated - e2fsprogs-1.46.4-150400.3.9.2 added - elfutils-0.185-150400.5.8.3 updated - glibc-locale-base-2.31-150300.98.1 updated - glibc-locale-2.31-150300.98.1 updated - glibc-2.31-150300.98.1 updated - google-guest-configs-20260116.00-150400.13.25.1 updated - gpg2-2.2.27-150300.3.19.1 updated - grub2-i386-pc-2.06-150400.11.72.2 updated - grub2-x86_64-efi-2.06-150400.11.72.2 updated - grub2-2.06-150400.11.72.2 updated - iptables-1.8.7-1.1 added - jq-1.6-150000.3.12.1 updated - kernel-default-5.14.21-150400.24.205.1 updated - kmod-29-150300.4.18.1 updated - libasm1-0.185-150400.5.8.3 updated - libavahi-client3-0.8-150400.7.26.1 updated - libavahi-common3-0.8-150400.7.26.1 updated - libblkid1-2.37.2-150400.8.44.1 updated - libcap2-2.63-150400.3.6.1 updated - libcups2-2.2.7-150000.3.86.1 updated - libcurl4-8.14.1-150400.5.83.1 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libexpat1-2.7.1-150400.3.37.1 updated - libext2fs2-1.46.4-150400.3.9.2 added - libfdisk1-2.37.2-150400.8.44.1 updated - libfreetype6-2.10.4-150000.4.25.1 updated - libgcc_s1-15.2.0+git10201-150000.1.9.1 updated - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libgnutls30-3.7.3-150400.4.56.1 updated - libip6tc2-1.8.7-1.1 added - libjq1-1.6-150000.3.12.1 updated - libkmod2-29-150300.4.18.1 updated - libmount1-2.37.2-150400.8.44.1 updated - libncurses6-6.1-150000.5.33.1 updated - libnftnl11-1.2.0-150400.1.6 added - libnghttp2-14-1.40.0-150200.22.1 updated - libopenssl1_1-1.1.1l-150400.7.93.1 updated - libpcap1-1.10.1-150400.3.9.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libpng16-16-1.6.34-150000.3.22.1 updated - libprocps8-3.3.17-150000.7.42.1 added - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsmartcols1-2.37.2-150400.8.44.1 updated - libsqlite3-0-3.51.3-150000.3.39.1 updated - libssh-config-0.9.8-150400.3.17.1 updated - libssh4-0.9.8-150400.3.17.1 updated - libstdc++6-15.2.0+git10201-150000.1.9.1 updated - libsystemd0-249.17-150400.8.55.1 updated - libtasn1-6-4.13-150000.4.14.1 updated - libtasn1-4.13-150000.4.14.1 updated - libudev1-249.17-150400.8.55.1 updated - libuuid1-2.37.2-150400.8.44.1 updated - libxml2-2-2.9.14-150400.5.55.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - openssh-clients-8.4p1-150300.3.57.1 updated - openssh-common-8.4p1-150300.3.57.1 updated - openssh-server-8.4p1-150300.3.57.1 updated - openssh-8.4p1-150300.3.57.1 updated - openssl-1_1-1.1.1l-150400.7.93.1 updated - pciutils-3.13.0-150300.13.12.1 updated - procps-3.3.17-150000.7.42.1 added - python3-base-3.6.15-150300.10.118.1 updated - python3-bind-9.16.50-150400.5.59.1 updated - python3-3.6.15-150300.10.118.1 updated - rsyslog-module-relp-8.2306.0-150400.5.35.1 updated - rsyslog-8.2306.0-150400.5.35.1 updated - runc-1.3.4-150000.92.1 updated - sed-4.4-150300.13.6.1 updated - shim-16.1-150300.4.31.3 updated - sudo-1.9.9-150400.4.42.1 updated - supportutils-3.2.12.1-150300.7.35.39.1 updated - suseconnect-ng-1.21.1-150400.3.49.1 updated - syslog-service-2.0-150300.13.3.1 updated - systemd-sysvinit-249.17-150400.8.55.1 updated - systemd-249.17-150400.8.55.1 updated - tar-1.34-150000.3.37.1 updated - terminfo-base-6.1-150000.5.33.1 updated - terminfo-6.1-150000.5.33.1 updated - udev-249.17-150400.8.55.1 updated - util-linux-systemd-2.37.2-150400.8.44.1 updated - util-linux-2.37.2-150400.8.44.1 updated - vim-data-common-9.2.0280-150000.5.89.1 updated - vim-9.2.0280-150000.5.89.1 updated - xen-libs-4.16.7_08-150400.4.81.2 updated - xtables-plugins-1.8.7-1.1 added - iproute2-5.14-150400.3.3.1 removed From sle-container-updates at lists.suse.com Sat May 9 07:04:50 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 May 2026 09:04:50 +0200 (CEST) Subject: SUSE-IU-2026:3237-1: Security update of suse-sles-15-sp5-chost-byos-v20260507-x86_64-gen2 Message-ID: <20260509070450.86BB9FB96@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20260507-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3237-1 Image Tags : suse-sles-15-sp5-chost-byos-v20260507-x86_64-gen2:20260507 Image Release : Severity : important Type : security References : 1001888 1006827 1027519 1029961 1065729 1065729 1098094 1098228 1170554 1192862 1193629 1194869 1196823 1204957 1205128 1205567 1206451 1206798 1206843 1206843 1206889 1206893 1207051 1207088 1207315 1207611 1207612 1207619 1207620 1207622 1207636 1207644 1207646 1207652 1207653 1208570 1208758 1209799 1209980 1210644 1210763 1210817 1210943 1211162 1211690 1211692 1213025 1213032 1213093 1213098 1213105 1213110 1213111 1213114 1213653 1213747 1213747 1213867 1214635 1214754 1214940 1214954 1214962 1214986 1214990 1214992 1215148 1215492 1216062 1217366 1220137 1220144 1222323 1222465 1223007 1224138 1224573 1225049 1225832 1226797 1226846 1228015 1229003 1229655 1229750 1230861 1232351 1232526 1233038 1233640 1233640 1233655 1234736 1235038 1235905 1236104 1236104 1236208 1237236 1237240 1237241 1237242 1237563 1237885 1237906 1238414 1238491 1238754 1238763 1238917 1239119 1239439 1239566 1239938 1240788 1240871 1241002 1241284 1242960 1243794 1243991 1244003 1244011 1244050 1244550 1244758 1244904 1244937 1245110 1245199 1245210 1245498 1245499 1245667 1245723 1245751 1246011 1246025 1246057 1246211 1246399 1246544 1246602 1246965 1246974 1247177 1247317 1247432 1247483 1247850 1247858 1248306 1248377 1248586 1248600 1248754 1248807 1248816 1249055 1249156 1249158 1249375 1249479 1249608 1249657 1249806 1249827 1249857 1249859 1249871 1249988 1250224 1250237 1250553 1250593 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251037 1251040 1251043 1251045 1251046 1251047 1251052 1251054 1251057 1251059 1251060 1251061 1251063 1251065 1251066 1251068 1251072 1251079 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251105 1251106 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251153 1251154 1251159 1251162 1251164 1251166 1251167 1251169 1251170 1251173 1251174 1251178 1251180 1251182 1251197 1251198 1251199 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251221 1251222 1251223 1251230 1251247 1251268 1251271 1251281 1251282 1251283 1251284 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251301 1251302 1251303 1251305 1251306 1251307 1251310 1251312 1251315 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251738 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251786 1251823 1251930 1251967 1252033 1252033 1252035 1252046 1252047 1252060 1252069 1252110 1252148 1252232 1252232 1252265 1252267 1252318 1252338 1252379 1252380 1252473 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252494 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252534 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252632 1252634 1252678 1252688 1252692 1252780 1252785 1252785 1252862 1252893 1252931 1252932 1252933 1252934 1252935 1252974 1253001 1253028 1253043 1253087 1253126 1253132 1253223 1253367 1253409 1253409 1253431 1253436 1253702 1253741 1253757 1254132 1254157 1254158 1254159 1254160 1254180 1254297 1254362 1254392 1254400 1254401 1254425 1254447 1254462 1254463 1254464 1254465 1254480 1254520 1254559 1254562 1254572 1254578 1254580 1254592 1254601 1254608 1254609 1254614 1254615 1254617 1254623 1254625 1254626 1254631 1254632 1254634 1254644 1254645 1254649 1254651 1254653 1254656 1254658 1254660 1254662 1254664 1254666 1254670 1254670 1254671 1254674 1254676 1254677 1254681 1254684 1254685 1254686 1254690 1254692 1254694 1254696 1254698 1254699 1254704 1254706 1254709 1254710 1254711 1254712 1254713 1254714 1254716 1254723 1254725 1254728 1254729 1254743 1254745 1254751 1254753 1254754 1254756 1254759 1254763 1254767 1254775 1254780 1254781 1254782 1254783 1254785 1254786 1254788 1254789 1254792 1254813 1254842 1254843 1254847 1254851 1254866 1254867 1254867 1254878 1254894 1254902 1254910 1254911 1254915 1254916 1254917 1254920 1254922 1254958 1254959 1254974 1254979 1254986 1254994 1254997 1255002 1255005 1255007 1255049 1255060 1255075 1255107 1255163 1255165 1255171 1255245 1255251 1255377 1255401 1255467 1255469 1255521 1255528 1255532 1255546 1255549 1255554 1255555 1255558 1255560 1255561 1255562 1255565 1255574 1255576 1255578 1255582 1255594 1255596 1255600 1255605 1255607 1255608 1255609 1255618 1255619 1255620 1255623 1255624 1255626 1255627 1255628 1255635 1255636 1255688 1255690 1255697 1255702 1255704 1255715 1255731 1255732 1255733 1255734 1255745 1255747 1255749 1255750 1255757 1255758 1255760 1255761 1255762 1255763 1255765 1255769 1255771 1255773 1255780 1255786 1255787 1255789 1255790 1255791 1255792 1255796 1255797 1255800 1255801 1255802 1255803 1255804 1255806 1255808 1255819 1255839 1255841 1255843 1255844 1255872 1255875 1255876 1255877 1255878 1255880 1255881 1255888 1255889 1255890 1255899 1255901 1255902 1255905 1255906 1255908 1255909 1255910 1255912 1255916 1255919 1255920 1255922 1255924 1255925 1255939 1255946 1255950 1255953 1255954 1255955 1255962 1255964 1255968 1255969 1255970 1255971 1255974 1255978 1255979 1255983 1255985 1255990 1255993 1255994 1255996 1255998 1256034 1256040 1256042 1256045 1256046 1256048 1256049 1256050 1256053 1256056 1256057 1256062 1256063 1256064 1256065 1256071 1256074 1256081 1256084 1256086 1256088 1256091 1256093 1256095 1256099 1256101 1256103 1256105 1256106 1256111 1256112 1256114 1256115 1256118 1256119 1256121 1256122 1256124 1256125 1256126 1256127 1256128 1256130 1256131 1256132 1256133 1256136 1256137 1256140 1256141 1256142 1256143 1256144 1256145 1256149 1256150 1256152 1256154 1256155 1256157 1256158 1256162 1256164 1256165 1256166 1256167 1256172 1256173 1256174 1256177 1256178 1256179 1256182 1256184 1256185 1256186 1256188 1256189 1256191 1256192 1256193 1256194 1256196 1256198 1256199 1256200 1256202 1256203 1256204 1256205 1256206 1256207 1256208 1256211 1256214 1256215 1256216 1256218 1256219 1256220 1256221 1256223 1256228 1256230 1256231 1256235 1256239 1256241 1256242 1256244 1256245 1256246 1256248 1256250 1256254 1256260 1256265 1256269 1256271 1256274 1256282 1256285 1256291 1256294 1256295 1256300 1256302 1256306 1256309 1256317 1256320 1256323 1256326 1256328 1256331 1256333 1256334 1256335 1256337 1256338 1256341 1256344 1256346 1256349 1256352 1256353 1256355 1256358 1256359 1256363 1256364 1256368 1256370 1256375 1256381 1256382 1256383 1256384 1256386 1256388 1256389 1256390 1256391 1256394 1256395 1256396 1256397 1256398 1256423 1256426 1256432 1256498 1256499 1256500 1256525 1256526 1256582 1256612 1256623 1256641 1256645 1256675 1256709 1256726 1256744 1256745 1256747 1256766 1256779 1256792 1256805 1256807 1256808 1256809 1256811 1256812 1256822 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1256902 1257005 1257029 1257031 1257041 1257042 1257044 1257046 1257049 1257144 1257181 1257231 1257232 1257236 1257296 1257364 1257365 1257463 1257473 1257473 1257496 1257593 1257594 1257595 1257667 1257732 1257735 1257749 1257773 1257790 1257825 1257960 1258002 1258020 1258022 1258045 1258049 1258054 1258080 1258081 1258229 1258340 1258392 1258395 1258406 1258518 1258730 1258849 1258850 1258859 1259051 1259247 1259362 1259362 1259363 1259364 1259365 1259377 1259418 1259543 1259611 1259616 1259619 1259650 1259697 1259711 1259726 1259729 1259734 1259735 1259797 1259803 1259829 1259845 1259857 1259924 1259985 1259989 1260005 1260009 1260026 1260347 1260441 1260442 1260443 1260444 1260562 1260589 1260754 1260805 1261155 1261191 1261271 1261274 1261420 1261678 1261809 1261969 1261970 1262098 1262144 1262178 1262180 1262319 1262428 1262573 1262631 1262632 1262635 1262636 1262638 1262654 510058 529469 837347 CVE-2022-0854 CVE-2022-43945 CVE-2022-48853 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50280 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50479 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50515 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50524 CVE-2022-50525 CVE-2022-50526 CVE-2022-50527 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50543 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50577 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2022-50614 CVE-2022-50615 CVE-2022-50617 CVE-2022-50618 CVE-2022-50619 CVE-2022-50621 CVE-2022-50622 CVE-2022-50623 CVE-2022-50625 CVE-2022-50626 CVE-2022-50629 CVE-2022-50630 CVE-2022-50633 CVE-2022-50635 CVE-2022-50636 CVE-2022-50638 CVE-2022-50640 CVE-2022-50641 CVE-2022-50643 CVE-2022-50644 CVE-2022-50646 CVE-2022-50649 CVE-2022-50652 CVE-2022-50653 CVE-2022-50656 CVE-2022-50658 CVE-2022-50660 CVE-2022-50661 CVE-2022-50662 CVE-2022-50664 CVE-2022-50665 CVE-2022-50666 CVE-2022-50667 CVE-2022-50668 CVE-2022-50669 CVE-2022-50670 CVE-2022-50671 CVE-2022-50672 CVE-2022-50673 CVE-2022-50675 CVE-2022-50677 CVE-2022-50678 CVE-2022-50679 CVE-2022-50697 CVE-2022-50698 CVE-2022-50699 CVE-2022-50700 CVE-2022-50701 CVE-2022-50702 CVE-2022-50703 CVE-2022-50704 CVE-2022-50705 CVE-2022-50709 CVE-2022-50710 CVE-2022-50712 CVE-2022-50714 CVE-2022-50715 CVE-2022-50716 CVE-2022-50717 CVE-2022-50718 CVE-2022-50719 CVE-2022-50722 CVE-2022-50723 CVE-2022-50724 CVE-2022-50726 CVE-2022-50727 CVE-2022-50728 CVE-2022-50730 CVE-2022-50731 CVE-2022-50732 CVE-2022-50733 CVE-2022-50735 CVE-2022-50736 CVE-2022-50738 CVE-2022-50740 CVE-2022-50742 CVE-2022-50744 CVE-2022-50745 CVE-2022-50747 CVE-2022-50749 CVE-2022-50750 CVE-2022-50751 CVE-2022-50752 CVE-2022-50754 CVE-2022-50755 CVE-2022-50756 CVE-2022-50757 CVE-2022-50758 CVE-2022-50760 CVE-2022-50761 CVE-2022-50763 CVE-2022-50767 CVE-2022-50768 CVE-2022-50769 CVE-2022-50770 CVE-2022-50773 CVE-2022-50774 CVE-2022-50776 CVE-2022-50777 CVE-2022-50779 CVE-2022-50781 CVE-2022-50782 CVE-2022-50809 CVE-2022-50814 CVE-2022-50818 CVE-2022-50819 CVE-2022-50821 CVE-2022-50822 CVE-2022-50823 CVE-2022-50824 CVE-2022-50826 CVE-2022-50827 CVE-2022-50828 CVE-2022-50829 CVE-2022-50830 CVE-2022-50832 CVE-2022-50833 CVE-2022-50834 CVE-2022-50835 CVE-2022-50836 CVE-2022-50838 CVE-2022-50839 CVE-2022-50840 CVE-2022-50842 CVE-2022-50843 CVE-2022-50844 CVE-2022-50845 CVE-2022-50846 CVE-2022-50847 CVE-2022-50848 CVE-2022-50849 CVE-2022-50850 CVE-2022-50851 CVE-2022-50853 CVE-2022-50856 CVE-2022-50858 CVE-2022-50859 CVE-2022-50860 CVE-2022-50861 CVE-2022-50862 CVE-2022-50864 CVE-2022-50866 CVE-2022-50867 CVE-2022-50868 CVE-2022-50870 CVE-2022-50872 CVE-2022-50873 CVE-2022-50876 CVE-2022-50878 CVE-2022-50880 CVE-2022-50881 CVE-2022-50882 CVE-2022-50883 CVE-2022-50884 CVE-2022-50885 CVE-2022-50886 CVE-2022-50887 CVE-2022-50888 CVE-2022-50889 CVE-2023-23559 CVE-2023-52433 CVE-2023-52874 CVE-2023-52923 CVE-2023-52923 CVE-2023-53178 CVE-2023-53254 CVE-2023-53365 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53539 CVE-2023-53541 CVE-2023-53542 CVE-2023-53546 CVE-2023-53547 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53557 CVE-2023-53559 CVE-2023-53560 CVE-2023-53562 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53578 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53591 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53598 CVE-2023-53601 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53676 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53697 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53707 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53714 CVE-2023-53715 CVE-2023-53716 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-53743 CVE-2023-53744 CVE-2023-53746 CVE-2023-53747 CVE-2023-53751 CVE-2023-53753 CVE-2023-53754 CVE-2023-53755 CVE-2023-53761 CVE-2023-53766 CVE-2023-53769 CVE-2023-53780 CVE-2023-53781 CVE-2023-53783 CVE-2023-53786 CVE-2023-53788 CVE-2023-53792 CVE-2023-53794 CVE-2023-53801 CVE-2023-53802 CVE-2023-53803 CVE-2023-53804 CVE-2023-53806 CVE-2023-53808 CVE-2023-53811 CVE-2023-53814 CVE-2023-53816 CVE-2023-53818 CVE-2023-53819 CVE-2023-53820 CVE-2023-53827 CVE-2023-53828 CVE-2023-53830 CVE-2023-53832 CVE-2023-53833 CVE-2023-53834 CVE-2023-53837 CVE-2023-53840 CVE-2023-53842 CVE-2023-53844 CVE-2023-53845 CVE-2023-53847 CVE-2023-53848 CVE-2023-53849 CVE-2023-53850 CVE-2023-53852 CVE-2023-53858 CVE-2023-53860 CVE-2023-53862 CVE-2023-53864 CVE-2023-53866 CVE-2023-53989 CVE-2023-53990 CVE-2023-53991 CVE-2023-53996 CVE-2023-53998 CVE-2023-54001 CVE-2023-54003 CVE-2023-54007 CVE-2023-54009 CVE-2023-54010 CVE-2023-54014 CVE-2023-54015 CVE-2023-54017 CVE-2023-54018 CVE-2023-54019 CVE-2023-54020 CVE-2023-54021 CVE-2023-54024 CVE-2023-54025 CVE-2023-54026 CVE-2023-54028 CVE-2023-54036 CVE-2023-54039 CVE-2023-54040 CVE-2023-54041 CVE-2023-54042 CVE-2023-54044 CVE-2023-54045 CVE-2023-54046 CVE-2023-54047 CVE-2023-54048 CVE-2023-54049 CVE-2023-54050 CVE-2023-54051 CVE-2023-54053 CVE-2023-54055 CVE-2023-54057 CVE-2023-54058 CVE-2023-54064 CVE-2023-54070 CVE-2023-54072 CVE-2023-54074 CVE-2023-54076 CVE-2023-54078 CVE-2023-54079 CVE-2023-54083 CVE-2023-54084 CVE-2023-54090 CVE-2023-54091 CVE-2023-54092 CVE-2023-54095 CVE-2023-54096 CVE-2023-54097 CVE-2023-54098 CVE-2023-54100 CVE-2023-54102 CVE-2023-54104 CVE-2023-54106 CVE-2023-54107 CVE-2023-54108 CVE-2023-54110 CVE-2023-54111 CVE-2023-54114 CVE-2023-54115 CVE-2023-54116 CVE-2023-54118 CVE-2023-54119 CVE-2023-54120 CVE-2023-54122 CVE-2023-54123 CVE-2023-54126 CVE-2023-54127 CVE-2023-54128 CVE-2023-54130 CVE-2023-54131 CVE-2023-54132 CVE-2023-54134 CVE-2023-54136 CVE-2023-54138 CVE-2023-54140 CVE-2023-54142 CVE-2023-54144 CVE-2023-54146 CVE-2023-54148 CVE-2023-54150 CVE-2023-54153 CVE-2023-54156 CVE-2023-54159 CVE-2023-54164 CVE-2023-54166 CVE-2023-54168 CVE-2023-54169 CVE-2023-54170 CVE-2023-54171 CVE-2023-54173 CVE-2023-54175 CVE-2023-54177 CVE-2023-54179 CVE-2023-54183 CVE-2023-54186 CVE-2023-54189 CVE-2023-54190 CVE-2023-54194 CVE-2023-54197 CVE-2023-54198 CVE-2023-54199 CVE-2023-54201 CVE-2023-54202 CVE-2023-54205 CVE-2023-54208 CVE-2023-54210 CVE-2023-54211 CVE-2023-54213 CVE-2023-54214 CVE-2023-54219 CVE-2023-54226 CVE-2023-54229 CVE-2023-54230 CVE-2023-54234 CVE-2023-54236 CVE-2023-54238 CVE-2023-54242 CVE-2023-54243 CVE-2023-54244 CVE-2023-54245 CVE-2023-54251 CVE-2023-54252 CVE-2023-54254 CVE-2023-54260 CVE-2023-54262 CVE-2023-54264 CVE-2023-54266 CVE-2023-54267 CVE-2023-54269 CVE-2023-54270 CVE-2023-54271 CVE-2023-54274 CVE-2023-54275 CVE-2023-54277 CVE-2023-54280 CVE-2023-54284 CVE-2023-54286 CVE-2023-54287 CVE-2023-54289 CVE-2023-54292 CVE-2023-54293 CVE-2023-54294 CVE-2023-54295 CVE-2023-54298 CVE-2023-54299 CVE-2023-54300 CVE-2023-54301 CVE-2023-54302 CVE-2023-54304 CVE-2023-54305 CVE-2023-54309 CVE-2023-54311 CVE-2023-54315 CVE-2023-54317 CVE-2023-54319 CVE-2023-54320 CVE-2023-54321 CVE-2023-54322 CVE-2023-54325 CVE-2023-54326 CVE-2023-7324 CVE-2024-2312 CVE-2024-25621 CVE-2024-26581 CVE-2024-26661 CVE-2024-26832 CVE-2024-36933 CVE-2024-50143 CVE-2024-53093 CVE-2024-53093 CVE-2024-54031 CVE-2024-56590 CVE-2025-10911 CVE-2025-11468 CVE-2025-11563 CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13462 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-14831 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15282 CVE-2025-15366 CVE-2025-15367 CVE-2025-21658 CVE-2025-21738 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164 CVE-2025-30258 CVE-2025-31133 CVE-2025-31133 CVE-2025-37885 CVE-2025-38068 CVE-2025-38084 CVE-2025-38085 CVE-2025-38129 CVE-2025-38159 CVE-2025-38234 CVE-2025-38375 CVE-2025-38476 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39977 CVE-2025-39978 CVE-2025-39981 CVE-2025-40018 CVE-2025-40019 CVE-2025-40040 CVE-2025-40044 CVE-2025-40044 CVE-2025-40048 CVE-2025-40121 CVE-2025-40139 CVE-2025-40139 CVE-2025-40154 CVE-2025-40204 CVE-2025-40215 CVE-2025-40220 CVE-2025-40233 CVE-2025-40242 CVE-2025-40256 CVE-2025-40257 CVE-2025-40258 CVE-2025-40277 CVE-2025-40280 CVE-2025-40300 CVE-2025-40331 CVE-2025-40778 CVE-2025-40780 CVE-2025-45582 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-53906 CVE-2025-54505 CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-58150 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-66418 CVE-2025-66471 CVE-2025-66471 CVE-2025-68160 CVE-2025-68183 CVE-2025-68218 CVE-2025-68276 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68468 CVE-2025-68471 CVE-2025-68732 CVE-2025-68771 CVE-2025-68813 CVE-2025-68818 CVE-2025-68973 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-7039 CVE-2025-70873 CVE-2025-71066 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-8732 CVE-2025-9403 CVE-2025-9820 CVE-2026-0672 CVE-2026-0861 CVE-2026-0865 CVE-2026-0915 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1299 CVE-2026-1502 CVE-2026-1519 CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-21441 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796 CVE-2026-22801 CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23054 CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23103 CVE-2026-23191 CVE-2026-23204 CVE-2026-23209 CVE-2026-23243 CVE-2026-23268 CVE-2026-23269 CVE-2026-23272 CVE-2026-23274 CVE-2026-23317 CVE-2026-23490 CVE-2026-23553 CVE-2026-23554 CVE-2026-23557 CVE-2026-23558 CVE-2026-24515 CVE-2026-25210 CVE-2026-25645 CVE-2026-25646 CVE-2026-26269 CVE-2026-27135 CVE-2026-27171 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-28417 CVE-2026-29111 CVE-2026-30922 CVE-2026-31431 CVE-2026-31789 CVE-2026-3184 CVE-2026-32597 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33412 CVE-2026-33416 CVE-2026-3446 CVE-2026-34714 CVE-2026-3479 CVE-2026-34982 CVE-2026-35535 CVE-2026-3644 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6019 CVE-2026-6100 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20260507-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3794-1 Released: Fri Oct 24 17:36:29 2025 Summary: Security update for chrony Type: security Severity: moderate References: 1246544 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3797-1 Released: Mon Oct 27 08:58:05 2025 Summary: Security update for xen Type: security Severity: important References: 1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3854-1 Released: Wed Oct 29 15:10:39 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1248816 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4108-1 Released: Fri Nov 14 16:54:51 2025 Summary: Security update for bind Type: security Severity: important References: 1252379,1252380,CVE-2025-40778,CVE-2025-40780 This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4112-1 Released: Sat Nov 15 23:38:15 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4152-1 Released: Fri Nov 21 10:10:35 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) Other fixes: - Bump upstream SBAT generation to 6 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4177-1 Released: Mon Nov 24 08:25:42 2025 Summary: Recommended update for python-azure-agent Type: recommended Severity: important References: 1253001 This update for python-azure-agent fixes the following issues: - Update to version 2.14.0.1 (bsc#1253001) * FIPS 140-3 support * Block extensions disallowed by policy * Report ext policy errors in heartbeat * Implement signature validation helper functions * Prevent ssh public key override * Use proper filesystem creation flag for btrfs * Enable resource monitoring in cgroup v2 machines * Update agent cgroup cleanup * Add cgroupv2 distros to supported list * Clean old agent cgroup setup * Redact sas tokens in telemetry events and agent log * Add conf option to use hardcoded wireserver ip instead of dhcp request to discover wireserver ip * Support for python 3.12 * Update telemetry message for agent updates and send new telemetry for ext resource governance * Disable rsm downgrade * Add community support for Chainguard OS * Swap out legacycrypt for crypt-r for Python 3.13+ * Pin setuptools version * Set the agent config file path for FreeBSD * Handle errors importing crypt module - From 2.13.1.1 * Setup: Fix install_requires list syntax * Pickup latest goal state on tenant certificate rotation + Avoid infinite loop when the tenant certificate is missing * Fix unsupported syntax in py2.6 * Cgroup rewrite: uses systemctl for expressing desired configuration instead drop-in files * Remove usages of tempfile.mktemp * Use random time for attempting new Agent update * Enable logcollector in v2 machines * Clean history files * Missing firewall rules reason * Add support for nftables (+ refactoring of firewall code) * Create walinuxagent nftable atomically ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4279-1 Released: Thu Nov 27 14:16:36 2025 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: hyper-v was updated to fix the following issue: - hyper-v is shipped on Aarch64. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4288-1 Released: Fri Nov 28 09:25:32 2025 Summary: Security update for containerd Type: security Severity: important References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4320-1 Released: Thu Dec 4 11:04:15 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206843,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214754,1214954,1214992,1215148,1217366,1236104,1242960,1245498,1245499,1246211,1247317,1248754,1249479,1249608,1249857,1249859,1249988,1250237,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251037,1251040,1251043,1251045,1251046,1251047,1251052,1251054,1251057,1251059,1251060,1251061,1251063,1251065,1251066,1251068,1251072,1251079,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251105,1251106,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251153,1251154,1251159,1251162,1251164,1251166,1251167,1251169,1251170,1251173,1251174,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251221,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251284,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251301,1251302,1251303,1 251306,1251307,1251310,1251312,1251315,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1251737,1251738,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252060,1252069,1252265,1252473,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252494,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252534,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252632,1252634,1252688,1252785,1252893,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50479,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-504 88,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50515,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50524,CVE-2022-50525,CVE-2022-50526,CVE-2022-50527,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50543,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50577,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE- 2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53539,CVE-2023-53541,CVE-2023-53542,CVE-2023-53546,CVE-2023-53547,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53557,CVE-2023-53559,CVE-2023-53560,CVE-2023-53562,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53578,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53591,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53598,CVE-2023-53601,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53 668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53697,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53707,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53716,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-37885,CVE-2025-38084,CVE-2025-38085,CVE-2025-38476,CVE-2025-39742,CVE-2025-39797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-40018,CVE-2025-40044 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38084: hugetlb: unshare some PMDs when splitting VMAs (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39797: xfrm: Duplicate SPI Handling (bsc#1249608). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39981: Bluetooth: MGMT: Fix possible UAFs (bsc#1252060). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). The following non security issues were fixed: - NFS: remove revoked delegation from server's delegation list (bsc#1246211). - NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - fbcon: Fix OOB access in font allocation (bsc#1252033) - kabi fix for NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). - net: mana: Switch to page pool for jumbo frames (bsc#1248754). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4377-1 Released: Fri Dec 12 10:37:09 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4436-1 Released: Wed Dec 17 14:55:46 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4490-1 Released: Fri Dec 19 12:17:11 2025 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1252692,1254180,CVE-2025-58149 This update for xen fixes the following issues: Update to Xen 4.17.6. Security issues fixed: - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to them (bsc#1252692). Other issues fixed: - Several upstream bug fixes (bsc#1027519). - Failure to restart xenstored (bsc#1254180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4506-1 Released: Mon Dec 22 17:38:35 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1233640,1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2024-53093,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - Fix type signess in fbcon_set_font() (bsc#1252033). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4525-1 Released: Fri Dec 26 13:19:00 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:27-1 Released: Mon Jan 5 13:45:08 2026 Summary: Security update for python3 Type: security Severity: moderate References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:117-1 Released: Tue Jan 13 05:33:38 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:214-1 Released: Thu Jan 22 13:09:26 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:224-1 Released: Thu Jan 22 13:18:20 2026 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1256341,CVE-2025-13151 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:304-1 Released: Tue Jan 27 17:14:50 2026 Summary: Security update for xen Type: security Severity: moderate References: 1256745,1256747,CVE-2025-58150,CVE-2026-23553 This update for xen fixes the following issues: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:317-1 Released: Wed Jan 28 15:36:48 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1193629,1194869,1196823,1204957,1205567,1206451,1206843,1206889,1207051,1207088,1207315,1207611,1207620,1207622,1207636,1207644,1207646,1207652,1207653,1208570,1208758,1209799,1209980,1210644,1210817,1210943,1211690,1213025,1213032,1213093,1213105,1213110,1213111,1213653,1213747,1213867,1214635,1214940,1214962,1214986,1214990,1216062,1224573,1225832,1226797,1226846,1228015,1233640,1235038,1237563,1249871,1252046,1252678,1253409,1254392,1254520,1254559,1254562,1254572,1254578,1254580,1254592,1254601,1254608,1254609,1254614,1254615,1254617,1254623,1254625,1254626,1254631,1254632,1254634,1254644,1254645,1254649,1254651,1254653,1254656,1254658,1254660,1254664,1254671,1254674,1254676,1254677,1254681,1254684,1254685,1254686,1254690,1254692,1254694,1254696,1254698,1254699,1254704,1254706,1254709,1254710,1254711,1254712,1254713,1254714,1254716,1254723,1254725,1254728,1254729,1254743,1254745,1254751,1254753,1254754,1254756,1254759,1254763,1254775,1254780,1254781,1254782,1 254783,1254785,1254786,1254788,1254789,1254792,1254813,1254843,1254847,1254851,1254894,1254902,1254910,1254911,1254915,1254916,1254917,1254920,1254922,1254958,1254959,1254974,1254979,1254986,1254994,1255002,1255005,1255007,1255049,1255060,1255107,1255163,1255165,1255245,1255467,1255469,1255521,1255528,1255532,1255546,1255549,1255554,1255555,1255558,1255560,1255561,1255562,1255565,1255574,1255576,1255578,1255582,1255596,1255600,1255605,1255607,1255608,1255609,1255618,1255619,1255620,1255623,1255624,1255626,1255627,1255628,1255635,1255636,1255688,1255690,1255697,1255702,1255704,1255745,1255747,1255749,1255750,1255757,1255758,1255760,1255761,1255762,1255763,1255769,1255771,1255773,1255780,1255786,1255787,1255789,1255790,1255791,1255792,1255796,1255797,1255800,1255801,1255802,1255803,1255804,1255806,1255808,1255819,1255839,1255841,1255843,1255844,1255872,1255875,1255876,1255877,1255878,1255880,1255881,1255888,1255889,1255890,1255899,1255901,1255902,1255905,1255906,1255909,1255910,125591 2,1255916,1255919,1255920,1255922,1255924,1255925,1255939,1255946,1255950,1255953,1255954,1255955,1255962,1255964,1255968,1255969,1255970,1255971,1255974,1255978,1255979,1255983,1255985,1255990,1255993,1255994,1255996,1255998,1256034,1256040,1256042,1256045,1256046,1256048,1256049,1256050,1256053,1256056,1256057,1256062,1256063,1256064,1256065,1256071,1256074,1256081,1256084,1256086,1256088,1256091,1256093,1256099,1256101,1256103,1256106,1256111,1256112,1256114,1256115,1256118,1256119,1256121,1256122,1256124,1256125,1256126,1256127,1256128,1256130,1256131,1256132,1256133,1256136,1256137,1256140,1256141,1256142,1256143,1256144,1256145,1256149,1256150,1256152,1256154,1256155,1256157,1256158,1256162,1256164,1256165,1256166,1256167,1256172,1256173,1256174,1256177,1256178,1256179,1256182,1256184,1256185,1256186,1256188,1256189,1256191,1256192,1256193,1256194,1256196,1256198,1256199,1256200,1256202,1256203,1256204,1256205,1256206,1256207,1256208,1256211,1256214,1256215,1256216,1256218,125 6219,1256220,1256221,1256223,1256228,1256230,1256231,1256235,1256239,1256241,1256242,1256245,1256248,1256250,1256254,1256260,1256265,1256269,1256271,1256274,1256282,1256285,1256291,1256294,1256295,1256300,1256302,1256306,1256309,1256317,1256320,1256323,1256326,1256328,1256333,1256334,1256335,1256337,1256338,1256344,1256346,1256349,1256352,1256353,1256355,1256358,1256359,1256363,1256364,1256368,1256370,1256375,1256381,1256382,1256383,1256384,1256386,1256388,1256391,1256394,1256395,1256396,1256397,1256398,1256423,1256426,1256432,CVE-2022-0854,CVE-2022-48853,CVE-2022-50614,CVE-2022-50615,CVE-2022-50617,CVE-2022-50618,CVE-2022-50619,CVE-2022-50621,CVE-2022-50622,CVE-2022-50623,CVE-2022-50625,CVE-2022-50626,CVE-2022-50629,CVE-2022-50630,CVE-2022-50633,CVE-2022-50635,CVE-2022-50636,CVE-2022-50638,CVE-2022-50640,CVE-2022-50641,CVE-2022-50643,CVE-2022-50644,CVE-2022-50646,CVE-2022-50649,CVE-2022-50652,CVE-2022-50653,CVE-2022-50656,CVE-2022-50658,CVE-2022-50660,CVE-2022-50661,CVE-2022-50662, CVE-2022-50664,CVE-2022-50665,CVE-2022-50666,CVE-2022-50667,CVE-2022-50668,CVE-2022-50669,CVE-2022-50670,CVE-2022-50671,CVE-2022-50672,CVE-2022-50673,CVE-2022-50675,CVE-2022-50677,CVE-2022-50678,CVE-2022-50679,CVE-2022-50698,CVE-2022-50699,CVE-2022-50700,CVE-2022-50701,CVE-2022-50702,CVE-2022-50703,CVE-2022-50704,CVE-2022-50705,CVE-2022-50709,CVE-2022-50710,CVE-2022-50712,CVE-2022-50714,CVE-2022-50715,CVE-2022-50716,CVE-2022-50717,CVE-2022-50718,CVE-2022-50719,CVE-2022-50722,CVE-2022-50723,CVE-2022-50724,CVE-2022-50726,CVE-2022-50727,CVE-2022-50728,CVE-2022-50730,CVE-2022-50731,CVE-2022-50732,CVE-2022-50733,CVE-2022-50735,CVE-2022-50736,CVE-2022-50738,CVE-2022-50740,CVE-2022-50742,CVE-2022-50744,CVE-2022-50745,CVE-2022-50747,CVE-2022-50749,CVE-2022-50750,CVE-2022-50751,CVE-2022-50752,CVE-2022-50754,CVE-2022-50755,CVE-2022-50756,CVE-2022-50757,CVE-2022-50758,CVE-2022-50760,CVE-2022-50761,CVE-2022-50763,CVE-2022-50767,CVE-2022-50768,CVE-2022-50769,CVE-2022-50770,CVE-2022-50773,CVE-202 2-50774,CVE-2022-50776,CVE-2022-50777,CVE-2022-50779,CVE-2022-50781,CVE-2022-50782,CVE-2022-50809,CVE-2022-50814,CVE-2022-50818,CVE-2022-50819,CVE-2022-50821,CVE-2022-50822,CVE-2022-50823,CVE-2022-50824,CVE-2022-50826,CVE-2022-50827,CVE-2022-50828,CVE-2022-50829,CVE-2022-50830,CVE-2022-50832,CVE-2022-50833,CVE-2022-50834,CVE-2022-50835,CVE-2022-50836,CVE-2022-50838,CVE-2022-50839,CVE-2022-50840,CVE-2022-50842,CVE-2022-50843,CVE-2022-50844,CVE-2022-50845,CVE-2022-50846,CVE-2022-50847,CVE-2022-50848,CVE-2022-50849,CVE-2022-50850,CVE-2022-50851,CVE-2022-50853,CVE-2022-50856,CVE-2022-50858,CVE-2022-50859,CVE-2022-50860,CVE-2022-50861,CVE-2022-50862,CVE-2022-50864,CVE-2022-50866,CVE-2022-50867,CVE-2022-50868,CVE-2022-50870,CVE-2022-50872,CVE-2022-50873,CVE-2022-50876,CVE-2022-50878,CVE-2022-50880,CVE-2022-50881,CVE-2022-50882,CVE-2022-50883,CVE-2022-50884,CVE-2022-50885,CVE-2022-50886,CVE-2022-50887,CVE-2022-50888,CVE-2022-50889,CVE-2023-23559,CVE-2023-53254,CVE-2023-53743,CVE-2023-53744 ,CVE-2023-53746,CVE-2023-53747,CVE-2023-53751,CVE-2023-53753,CVE-2023-53754,CVE-2023-53755,CVE-2023-53761,CVE-2023-53766,CVE-2023-53769,CVE-2023-53780,CVE-2023-53781,CVE-2023-53783,CVE-2023-53786,CVE-2023-53788,CVE-2023-53792,CVE-2023-53794,CVE-2023-53801,CVE-2023-53802,CVE-2023-53803,CVE-2023-53804,CVE-2023-53806,CVE-2023-53808,CVE-2023-53811,CVE-2023-53814,CVE-2023-53816,CVE-2023-53818,CVE-2023-53819,CVE-2023-53820,CVE-2023-53827,CVE-2023-53828,CVE-2023-53830,CVE-2023-53832,CVE-2023-53833,CVE-2023-53834,CVE-2023-53837,CVE-2023-53840,CVE-2023-53842,CVE-2023-53844,CVE-2023-53845,CVE-2023-53847,CVE-2023-53848,CVE-2023-53849,CVE-2023-53850,CVE-2023-53852,CVE-2023-53858,CVE-2023-53860,CVE-2023-53862,CVE-2023-53864,CVE-2023-53866,CVE-2023-53989,CVE-2023-53990,CVE-2023-53991,CVE-2023-53996,CVE-2023-53998,CVE-2023-54001,CVE-2023-54003,CVE-2023-54007,CVE-2023-54009,CVE-2023-54010,CVE-2023-54014,CVE-2023-54015,CVE-2023-54017,CVE-2023-54018,CVE-2023-54019,CVE-2023-54020,CVE-2023-54021,CVE-20 23-54024,CVE-2023-54025,CVE-2023-54026,CVE-2023-54028,CVE-2023-54036,CVE-2023-54039,CVE-2023-54040,CVE-2023-54041,CVE-2023-54042,CVE-2023-54044,CVE-2023-54045,CVE-2023-54046,CVE-2023-54047,CVE-2023-54048,CVE-2023-54049,CVE-2023-54050,CVE-2023-54051,CVE-2023-54053,CVE-2023-54055,CVE-2023-54057,CVE-2023-54058,CVE-2023-54064,CVE-2023-54070,CVE-2023-54072,CVE-2023-54074,CVE-2023-54076,CVE-2023-54078,CVE-2023-54079,CVE-2023-54083,CVE-2023-54084,CVE-2023-54090,CVE-2023-54091,CVE-2023-54092,CVE-2023-54095,CVE-2023-54096,CVE-2023-54097,CVE-2023-54098,CVE-2023-54100,CVE-2023-54102,CVE-2023-54104,CVE-2023-54106,CVE-2023-54107,CVE-2023-54108,CVE-2023-54110,CVE-2023-54111,CVE-2023-54114,CVE-2023-54115,CVE-2023-54116,CVE-2023-54118,CVE-2023-54119,CVE-2023-54120,CVE-2023-54122,CVE-2023-54123,CVE-2023-54126,CVE-2023-54127,CVE-2023-54128,CVE-2023-54130,CVE-2023-54131,CVE-2023-54132,CVE-2023-54134,CVE-2023-54136,CVE-2023-54138,CVE-2023-54140,CVE-2023-54144,CVE-2023-54146,CVE-2023-54148,CVE-2023-5415 0,CVE-2023-54153,CVE-2023-54156,CVE-2023-54159,CVE-2023-54164,CVE-2023-54166,CVE-2023-54168,CVE-2023-54169,CVE-2023-54170,CVE-2023-54171,CVE-2023-54173,CVE-2023-54175,CVE-2023-54177,CVE-2023-54179,CVE-2023-54183,CVE-2023-54186,CVE-2023-54189,CVE-2023-54190,CVE-2023-54194,CVE-2023-54197,CVE-2023-54198,CVE-2023-54199,CVE-2023-54201,CVE-2023-54202,CVE-2023-54205,CVE-2023-54208,CVE-2023-54210,CVE-2023-54211,CVE-2023-54213,CVE-2023-54214,CVE-2023-54219,CVE-2023-54226,CVE-2023-54229,CVE-2023-54230,CVE-2023-54234,CVE-2023-54236,CVE-2023-54238,CVE-2023-54242,CVE-2023-54244,CVE-2023-54245,CVE-2023-54251,CVE-2023-54252,CVE-2023-54254,CVE-2023-54260,CVE-2023-54262,CVE-2023-54264,CVE-2023-54266,CVE-2023-54267,CVE-2023-54269,CVE-2023-54270,CVE-2023-54271,CVE-2023-54274,CVE-2023-54275,CVE-2023-54277,CVE-2023-54280,CVE-2023-54284,CVE-2023-54286,CVE-2023-54287,CVE-2023-54289,CVE-2023-54292,CVE-2023-54293,CVE-2023-54294,CVE-2023-54295,CVE-2023-54298,CVE-2023-54299,CVE-2023-54300,CVE-2023-54301,CVE-2 023-54302,CVE-2023-54304,CVE-2023-54305,CVE-2023-54309,CVE-2023-54311,CVE-2023-54315,CVE-2023-54317,CVE-2023-54319,CVE-2023-54320,CVE-2023-54321,CVE-2023-54322,CVE-2023-54325,CVE-2023-54326,CVE-2024-36933,CVE-2024-53093,CVE-2024-56590,CVE-2025-39977,CVE-2025-40019,CVE-2025-40139,CVE-2025-40215,CVE-2025-40220,CVE-2025-40233,CVE-2025-40256,CVE-2025-40258,CVE-2025-40277,CVE-2025-40280,CVE-2025-40331,CVE-2025-68218,CVE-2025-68732 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785). - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576). - CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871). - CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751). - CVE-2024-56590: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (bsc#1235038). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688). The following non security issues were fixed: - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Do not pass NULL handles to acpi_attach_data() (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - KVM: SVM: Fix TSC_AUX virtualization setup (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes). - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes). - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes). - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes). - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes). - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes). - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes). - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes). - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes). - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes). - arch/idle: Change arch_cpu_idle() behavior: always exit with IRQs disabled (git-fixes). - cpuidle/poll: Ensure IRQs stay disabled after cpuidle_state::enter() calls (git-fixes). - cpuidle: Move IRQ state validation (git-fixes). - cpuidle: haltpoll: Do not enable interrupts when entering idle (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Drop flags from __tdx_hypercall() (git-fixes). - x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Extend TDX_MODULE_CALL to support more TDCALL/SEAMCALL leafs (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes). - x86/tdx: Make TDX_HYPERCALL asm similar to TDX_MODULE_CALL (git-fixes). - x86/tdx: Make macros of TDCALLs consistent with the spec (git-fixes). - x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure (git-fixes). - x86/tdx: Reimplement __tdx_hypercall() using TDX_MODULE_CALL asm (git-fixes). - x86/tdx: Remove 'struct tdx_hypercall_args' (git-fixes). - x86/tdx: Remove TDX_HCALL_ISSUE_STI (git-fixes). - x86/tdx: Rename __tdx_module_call() to __tdcall() (git-fixes). - x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes). - x86/tdx: Retry partially-completed page conversion hypercalls (git-fixes). - x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid (git-fixes). - x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (git-fixes). - x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP (git-fixes). - x86/virt/tdx: Wire up basic SEAMCALL functions (git-fixes). - xfs: fix sparse inode limits on runt AG (bsc#1254392). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:359-1 Released: Mon Feb 2 10:54:54 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:430-1 Released: Wed Feb 11 09:43:42 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1256902,CVE-2026-23490 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service (bsc#1256902) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:443-1 Released: Wed Feb 11 10:46:43 2026 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1254866,1254867,1256331,CVE-2025-66418,CVE-2025-66471,CVE-2026-21441 This update for python-urllib3_1 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). - CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:463-1 Released: Thu Feb 12 08:40:25 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1256709 This update for supportutils fixes the following issues: - scplugin.rc is restored in package 3.2.12.1 for continued compatibility (bsc#1256709) - Changes to version 3.2.12: * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11: * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:474-1 Released: Thu Feb 12 12:28:33 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1220137,1220144,1222323,1223007,1225049,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1252785,1253028,1253087,1253409,1253702,1254447,1254462,1254463,1254464,1254465,1254767,1254842,1255171,1255251,1255377,1255401,1255594,1255908,1256095,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50697,CVE-2023-52433,CVE-2023-52874,CVE-2023-52923,CVE-2023-53178,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53714,CVE-2023-54142,CVE-2023-54243,CVE-2024-26581,CVE-2024-26661,CVE-2024-26832,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-40044,CVE-2025-40 139,CVE-2025-40257,CVE-2025-40300,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68771,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483). - CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). The following non security issues were fixed: - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86: make page fault handling disable interrupts properly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:570-1 Released: Tue Feb 17 17:38:47 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1247858,1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:575-1 Released: Wed Feb 18 10:10:36 2026 Summary: Security update for libpcap Type: security Severity: low References: 1255765,CVE-2025-11961 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:577-1 Released: Wed Feb 18 16:49:13 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:596-1 Released: Mon Feb 23 16:57:20 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:664-1 Released: Thu Feb 26 16:15:04 2026 Summary: Security update for python3 Type: security Severity: important References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865 This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:694-1 Released: Fri Feb 27 16:14:32 2026 Summary: Security update for gpg2 Type: security Severity: moderate References: 1256389 This update for gpg2 fixes the following issues: Security fix: - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data (bsc#1256389) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:741-1 Released: Mon Mar 2 09:11:04 2026 Summary: Security update for shim Type: security Severity: moderate References: 1240871,1247432,CVE-2024-2312 This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix 'Verifiying' typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as 'vendor_db' - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:783-1 Released: Tue Mar 3 14:36:14 2026 Summary: Security update for zlib Type: security Severity: moderate References: 1258392,CVE-2026-27171 This update for zlib fixes the following issue: - CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing checks for negative lengths (bsc#1258392). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:791-1 Released: Tue Mar 3 16:59:33 2026 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1257463 This update for gcc15 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:818-1 Released: Thu Mar 5 11:26:09 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1258022 This update for grub2 fixes the following issues: - Backport upstream's commit to prevent BIOS assert (bsc#1258022) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:826-1 Released: Thu Mar 5 16:16:29 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:837-1 Released: Fri Mar 6 08:30:05 2026 Summary: Recommended update for syslogd Type: recommended Severity: moderate References: This update for syslogd fixes the following issues: - Drop last sysvinit Requirement/Provide (jsc#PED-13698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:856-1 Released: Tue Mar 10 09:35:24 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1258859,CVE-2026-3184 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:862-1 Released: Wed Mar 11 10:59:55 2026 Summary: Security update for gnutls Type: security Severity: moderate References: 1257960,CVE-2025-14831 This update for gnutls fixes the following issues: - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) (bsc#1257960). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:896-1 Released: Fri Mar 13 16:25:07 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) - CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) - CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:899-1 Released: Fri Mar 13 16:32:57 2026 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1230861,1239439,1241002,1244550 This update for suseconnect-ng fixes the following issues: - Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) - Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library - Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:910-1 Released: Tue Mar 17 20:34:12 2026 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:911-1 Released: Tue Mar 17 20:56:12 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:912-1 Released: Wed Mar 18 07:19:42 2026 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1229003,1258002 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user during install: allow rpm to properly execute %clean when completed. - Create /var/lib/ca-certificates during build to ensure rpm gives the %ghost'ed directory proper mode attributes. - Updated to 2.84 state (bsc#1258002) * Removed: + Baltimore CyberTrust Root + CommScope Public Trust ECC Root-01 + CommScope Public Trust ECC Root-02 + CommScope Public Trust RSA Root-01 + CommScope Public Trust RSA Root-02 + DigiNotar Root CA * Added: + e-Szigno TLS Root CA 2023 + OISTE Client Root ECC G1 + OISTE Client Root RSA G1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 + SwissSign RSA SMIME Root CA 2022 - 1 + SwissSign RSA TLS Root CA 2022 - 1 + TrustAsia SMIME ECC Root CA + TrustAsia SMIME RSA Root CA + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA - reenable the distrusted certs again. the distrust is only for certs issued after the distrust date, not for all certs of a CA. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:931-1 Released: Thu Mar 19 09:23:14 2026 Summary: Security update for jq Type: security Severity: low References: 1248600,CVE-2025-9403 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:949-1 Released: Fri Mar 20 19:08:19 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1003-1 Released: Wed Mar 25 10:25:34 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1238917,1255075,1256645,1257231,1257473,1257732,1257735,1257749,1257790,1258340,1258395,1258518,1258849,1258850,1259857,CVE-2025-21738,CVE-2025-40242,CVE-2025-71066,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23074,CVE-2026-23089,CVE-2026-23191,CVE-2026-23204,CVE-2026-23209,CVE-2026-23268,CVE-2026-23269 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850). - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857). The following non-security bugs were fixed: - Disable CONFIG_NET_SCH_ATM (jsc#PED-12836). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1061-1 Released: Thu Mar 26 11:35:08 2026 Summary: Security update for systemd Type: security Severity: important References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - 6a38d88a42 machined: reject invalid class types when registering machines - 8c9a592e5a udev: fix review mixup - b57007a917 udev-builtin-net-id: print cescaped bad attributes - ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX - 0f63e799e6 udev: ensure tag parsing stays within bounds - 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf - 5be21460ce udev: check for invalid chars in various fields received from the kernel - 9559607b16 core/cgroup: avoid one unnecessary strjoina() - fcae348ca4 core: validate input cgroup path more prudently - a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere - 08125d6b06 units: add dep on systemd-logind.service by user at .service ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1065-1 Released: Thu Mar 26 11:38:12 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1067-1 Released: Thu Mar 26 11:39:01 2026 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1254867,1259829,CVE-2025-66471 This update for python-urllib3 fixes the following issue: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1087-1 Released: Thu Mar 26 16:20:57 2026 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1222465,1234736 This update for util-linux fixes the following issues: - recognize fuse 'portal' as a virtual file system (bsc#1234736). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1090-1 Released: Thu Mar 26 18:44:54 2026 Summary: Security update for python3 Type: security Severity: important References: 1257181,CVE-2026-1299 This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1092-1 Released: Thu Mar 26 18:51:45 2026 Summary: Security update for xen Type: security Severity: important References: 1259247,CVE-2026-23554 This update for xen fixes the following issues: - CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1105-1 Released: Fri Mar 27 08:03:05 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1158-1 Released: Tue Mar 31 13:55:47 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1259803,CVE-2026-30922 This update for python-pyasn1 fixes the following issues: - CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1166-1 Released: Thu Apr 2 03:08:04 2026 Summary: Security update for expat Type: security Severity: important References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1177-1 Released: Thu Apr 2 17:00:30 2026 Summary: Security update for tar Type: security Severity: important References: 1246399,CVE-2025-45582 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1230-1 Released: Thu Apr 9 10:58:22 2026 Summary: Security update for bind Type: security Severity: important References: 1260805,CVE-2026-1519 This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1247-1 Released: Fri Apr 10 12:34:39 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1259845,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1290-1 Released: Mon Apr 13 10:08:34 2026 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1260441,1260442,1260443,1260444,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1308-1 Released: Tue Apr 14 12:37:49 2026 Summary: Security update for sudo Type: security Severity: important References: 1261420,CVE-2026-35535 This update for sudo fixes the following issue: - CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2026:1315-1 Released: Tue Apr 14 13:26:20 2026 Summary: Optional update for rsyslog Type: optional Severity: moderate References: This update for rsyslog fixes the following issue: - add the rsyslog-module-ossl (openssl TLS support). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1323-1 Released: Tue Apr 14 15:11:50 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1260754,CVE-2026-33416 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1380-1 Released: Thu Apr 16 11:13:40 2026 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1257667,1257825,1261155 This update for suseconnect-ng fixes the following issues: - Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). - Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1400-1 Released: Thu Apr 16 12:47:09 2026 Summary: Security update for python-PyJWT Type: security Severity: important References: 1259616,CVE-2026-32597 This update for python-PyJWT fixes the following issues: - CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1403-1 Released: Thu Apr 16 13:34:01 2026 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1432-1 Released: Fri Apr 17 12:12:08 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1472-1 Released: Mon Apr 20 11:31:54 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1259543 This update for grub2 fixes the following issues: - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1487-1 Released: Mon Apr 20 17:52:11 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1495-1 Released: Mon Apr 20 17:59:12 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1550-1 Released: Wed Apr 22 11:41:14 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1261678,CVE-2026-28390 This update for openssl-1_1 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1565-1 Released: Thu Apr 23 09:08:29 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1606-1 Released: Fri Apr 24 13:50:09 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215492,1246057,1256675,1257773,1259797,1260005,1260009,1260347,1260562,CVE-2025-38234,CVE-2025-68818,CVE-2026-23103,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274,CVE-2026-23317 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). - CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). The following non security issues were fixed: - nvme-fc: use ctrl state getter (git-fixes bsc#1215492). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1607-1 Released: Fri Apr 24 13:50:52 2026 Summary: Security update for vim Type: security Severity: important References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982 This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). - CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). - CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1644-1 Released: Tue Apr 28 15:31:39 2026 Summary: Security update for python-requests Type: security Severity: moderate References: 1260589,CVE-2026-25645 This update for python-requests fixes the following issues: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1657-1 Released: Wed Apr 29 13:06:49 2026 Summary: Security update for xen Type: security Severity: important References: 1262178,1262180,1262428,CVE-2025-54505,CVE-2026-23557,CVE-2026-23558 This update for xen fixes the following issues: - CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD-SN-7053 (bsc#1262428). - CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178). - CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1659-1 Released: Wed Apr 29 13:09:06 2026 Summary: Security update for sed Type: security Severity: moderate References: 1262144,CVE-2026-5958 This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1670-1 Released: Sat May 2 07:53:26 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1721-1 Released: Wed May 6 16:43:37 2026 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1253223,1258406,1258730 This update for cloud-netconfig fixes the following issues: - Update to version 1.19: * Make sure IPADDR variable is stripped of netmask - Update to version 1.18: * Fix issue with link-local address routing (bsc#1258730) - Update to version 1.17: * Do not set broadcast address explicitly (bsc#1258406) - Update to version 1.16: * Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223) * Fix variable names in the README ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1759-1 Released: Thu May 7 16:03:37 2026 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1261274 This update for dracut fixes the following issues: - Update to version 055+suse.399.g9aa7e567: * fix: make iso-scan trigger udev events (bsc#1261274) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bind-utils-9.16.50-150500.8.35.1 updated - ca-certificates-mozilla-2.84-150200.44.1 updated - chrony-pool-suse-4.1-150400.21.8.1 updated - chrony-4.1-150400.21.8.1 updated - cifs-utils-6.15-150400.3.18.1 updated - cloud-netconfig-azure-1.19-150000.25.31.1 updated - containerd-ctr-1.7.29-150000.132.1 updated - containerd-1.7.29-150000.132.1 updated - curl-8.14.1-150400.5.83.1 updated - dracut-055+suse.399.g9aa7e567-150500.3.35.1 updated - elfutils-0.185-150400.5.8.3 updated - glibc-locale-base-2.31-150300.98.1 updated - glibc-locale-2.31-150300.98.1 updated - glibc-2.31-150300.98.1 updated - gpg2-2.2.27-150300.3.19.1 updated - grub2-i386-pc-2.06-150500.29.65.1 updated - grub2-x86_64-efi-2.06-150500.29.65.1 updated - grub2-2.06-150500.29.65.1 updated - hyper-v-9-150200.14.14.1 updated - jq-1.6-150000.3.12.1 updated - kernel-default-5.14.21-150500.55.149.1 updated - kmod-29-150300.4.18.1 updated - libasm1-0.185-150400.5.8.3 updated - libavahi-client3-0.8-150400.7.26.1 updated - libavahi-common3-0.8-150400.7.26.1 updated - libblkid1-2.37.4-150500.9.26.1 updated - libcap2-2.63-150400.3.6.1 updated - libcurl4-8.14.1-150400.5.83.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.18.4 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libexpat1-2.7.1-150400.3.37.1 updated - libfdisk1-2.37.4-150500.9.26.1 updated - libfreetype6-2.10.4-150000.4.25.1 updated - libgcc_s1-15.2.0+git10201-150000.1.9.1 updated - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libgnutls30-3.7.3-150400.4.56.1 updated - libjq1-1.6-150000.3.12.1 updated - libkmod2-29-150300.4.18.1 updated - libmount1-2.37.4-150500.9.26.1 updated - libncurses6-6.1-150000.5.33.1 updated - libnghttp2-14-1.40.0-150200.22.1 updated - libopenssl1_1-1.1.1l-150500.17.54.1 updated - libpcap1-1.10.1-150400.3.9.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libpng16-16-1.6.34-150000.3.22.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsasl2-3-2.1.28-150500.3.3.1 updated - libsmartcols1-2.37.4-150500.9.26.1 updated - libsqlite3-0-3.51.3-150000.3.39.1 updated - libssh-config-0.9.8-150400.3.17.1 updated - libssh4-0.9.8-150400.3.17.1 updated - libstdc++6-15.2.0+git10201-150000.1.9.1 updated - libsystemd0-249.17-150400.8.55.1 updated - libtasn1-6-4.13-150000.4.14.1 updated - libtasn1-4.13-150000.4.14.1 updated - libudev1-249.17-150400.8.55.1 updated - libuuid1-2.37.4-150500.9.26.1 updated - libxml2-2-2.10.3-150500.5.38.1 updated - libz1-1.2.13-150500.4.6.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - openssh-clients-8.4p1-150300.3.57.1 updated - openssh-common-8.4p1-150300.3.57.1 updated - openssh-server-8.4p1-150300.3.57.1 updated - openssh-8.4p1-150300.3.57.1 updated - openssl-1_1-1.1.1l-150500.17.54.1 updated - pciutils-3.13.0-150300.13.12.1 updated - python-azure-agent-config-server-2.14.0.1-150100.3.53.1 updated - python-azure-agent-2.14.0.1-150100.3.53.1 updated - python3-PyJWT-2.4.0-150200.3.11.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-bind-9.16.50-150500.8.35.1 updated - python3-pyasn1-0.4.2-150000.3.16.1 updated - python3-requests-2.25.1-150300.3.21.1 updated - python3-urllib3-1.25.10-150300.4.24.1 updated - python3-3.6.15-150300.10.118.1 updated - rsyslog-module-relp-8.2306.0-150400.5.35.1 updated - rsyslog-8.2306.0-150400.5.35.1 updated - runc-1.3.4-150000.92.1 updated - sed-4.4-150300.13.6.1 updated - shim-16.1-150300.4.31.3 updated - sudo-1.9.12p1-150500.7.16.1 updated - supportutils-3.2.12.1-150300.7.35.39.1 updated - suseconnect-ng-1.21.1-150500.3.40.1 updated - syslog-service-2.0-150300.13.3.1 updated - systemd-sysvinit-249.17-150400.8.55.1 updated - systemd-249.17-150400.8.55.1 updated - tar-1.34-150000.3.37.1 updated - terminfo-base-6.1-150000.5.33.1 updated - terminfo-6.1-150000.5.33.1 updated - udev-249.17-150400.8.55.1 updated - util-linux-systemd-2.37.4-150500.9.26.1 updated - util-linux-2.37.4-150500.9.26.1 updated - vim-data-common-9.2.0280-150500.20.46.1 updated - vim-9.2.0280-150500.20.46.1 updated - xen-libs-4.17.6_08-150500.3.65.1 updated - libwayland-client0-1.21.0-150500.1.1 removed From sle-container-updates at lists.suse.com Sat May 9 07:05:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 May 2026 09:05:38 +0200 (CEST) Subject: SUSE-IU-2026:3239-1: Security update of sles-15-sp5-chost-byos-v20260507-arm64 Message-ID: <20260509070538.869ADFB96@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20260507-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3239-1 Image Tags : sles-15-sp5-chost-byos-v20260507-arm64:20260507 Image Release : Severity : important Type : security References : 1001888 1006827 1027519 1029961 1065729 1065729 1098094 1098228 1170554 1192862 1193629 1194869 1196823 1198323 1204957 1205128 1205567 1206451 1206798 1206843 1206843 1206889 1206893 1207051 1207088 1207315 1207611 1207612 1207619 1207620 1207622 1207636 1207644 1207646 1207652 1207653 1208570 1208758 1209799 1209980 1210644 1210763 1210817 1210943 1211162 1211690 1211692 1213025 1213032 1213093 1213098 1213105 1213110 1213111 1213114 1213653 1213747 1213747 1213867 1214635 1214754 1214940 1214954 1214962 1214986 1214990 1214992 1215148 1215492 1216062 1217366 1220137 1220144 1222323 1222465 1223007 1224138 1224573 1225049 1225832 1226797 1226846 1228015 1229003 1229655 1229750 1230861 1232351 1232526 1233038 1233640 1233640 1233655 1234736 1235038 1235905 1236104 1236104 1236208 1237236 1237240 1237241 1237242 1237563 1237885 1237906 1238414 1238491 1238754 1238763 1238917 1239119 1239439 1239566 1239938 1240788 1240871 1241002 1241284 1242960 1243794 1243991 1244003 1244011 1244050 1244550 1244758 1244904 1244937 1245110 1245199 1245210 1245498 1245499 1245667 1245723 1245751 1246011 1246025 1246057 1246211 1246399 1246544 1246602 1246965 1246974 1247177 1247317 1247432 1247483 1247850 1247858 1248306 1248377 1248586 1248600 1248754 1248807 1248816 1249055 1249156 1249158 1249375 1249479 1249608 1249657 1249806 1249827 1249857 1249859 1249871 1249988 1250224 1250237 1250553 1250593 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251037 1251040 1251043 1251045 1251046 1251047 1251052 1251054 1251057 1251059 1251060 1251061 1251063 1251065 1251066 1251068 1251072 1251079 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251105 1251106 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251153 1251154 1251159 1251162 1251164 1251166 1251167 1251169 1251170 1251173 1251174 1251178 1251180 1251182 1251197 1251198 1251199 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251221 1251222 1251223 1251230 1251247 1251268 1251271 1251281 1251282 1251283 1251284 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251301 1251302 1251303 1251305 1251306 1251307 1251310 1251312 1251315 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251738 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251786 1251823 1251930 1251967 1252033 1252033 1252035 1252046 1252047 1252060 1252069 1252110 1252148 1252232 1252232 1252265 1252267 1252318 1252338 1252379 1252380 1252473 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252494 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252534 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252632 1252634 1252678 1252688 1252692 1252780 1252785 1252785 1252862 1252893 1252931 1252932 1252933 1252934 1252935 1252974 1253028 1253043 1253087 1253126 1253132 1253223 1253367 1253409 1253409 1253431 1253436 1253702 1253741 1253757 1254132 1254157 1254158 1254159 1254160 1254180 1254297 1254362 1254392 1254400 1254401 1254425 1254447 1254462 1254463 1254464 1254465 1254480 1254520 1254559 1254562 1254572 1254578 1254580 1254592 1254601 1254608 1254609 1254614 1254615 1254617 1254623 1254625 1254626 1254631 1254632 1254634 1254644 1254645 1254649 1254651 1254653 1254656 1254658 1254660 1254662 1254664 1254666 1254670 1254670 1254671 1254674 1254676 1254677 1254681 1254684 1254685 1254686 1254690 1254692 1254694 1254696 1254698 1254699 1254704 1254706 1254709 1254710 1254711 1254712 1254713 1254714 1254716 1254723 1254725 1254728 1254729 1254743 1254745 1254751 1254753 1254754 1254756 1254759 1254763 1254767 1254775 1254780 1254781 1254782 1254783 1254785 1254786 1254788 1254789 1254792 1254813 1254842 1254843 1254847 1254851 1254878 1254894 1254902 1254910 1254911 1254915 1254916 1254917 1254920 1254922 1254958 1254959 1254974 1254979 1254986 1254994 1254997 1255002 1255005 1255007 1255049 1255060 1255075 1255107 1255163 1255165 1255171 1255245 1255251 1255377 1255401 1255467 1255469 1255521 1255528 1255532 1255546 1255549 1255554 1255555 1255558 1255560 1255561 1255562 1255565 1255574 1255576 1255578 1255582 1255594 1255596 1255600 1255605 1255607 1255608 1255609 1255618 1255619 1255620 1255623 1255624 1255626 1255627 1255628 1255635 1255636 1255688 1255690 1255697 1255702 1255704 1255715 1255731 1255732 1255733 1255734 1255745 1255747 1255749 1255750 1255757 1255758 1255760 1255761 1255762 1255763 1255765 1255769 1255771 1255773 1255780 1255786 1255787 1255789 1255790 1255791 1255792 1255796 1255797 1255800 1255801 1255802 1255803 1255804 1255806 1255808 1255819 1255839 1255841 1255843 1255844 1255872 1255875 1255876 1255877 1255878 1255880 1255881 1255888 1255889 1255890 1255899 1255901 1255902 1255905 1255906 1255908 1255909 1255910 1255912 1255916 1255919 1255920 1255922 1255924 1255925 1255939 1255946 1255950 1255953 1255954 1255955 1255962 1255964 1255968 1255969 1255970 1255971 1255974 1255978 1255979 1255983 1255985 1255990 1255993 1255994 1255996 1255998 1256034 1256040 1256042 1256045 1256046 1256048 1256049 1256050 1256053 1256056 1256057 1256062 1256063 1256064 1256065 1256071 1256074 1256081 1256084 1256086 1256088 1256091 1256093 1256095 1256099 1256101 1256103 1256105 1256106 1256111 1256112 1256114 1256115 1256118 1256119 1256121 1256122 1256124 1256125 1256126 1256127 1256128 1256130 1256131 1256132 1256133 1256136 1256137 1256140 1256141 1256142 1256143 1256144 1256145 1256149 1256150 1256152 1256154 1256155 1256157 1256158 1256162 1256164 1256165 1256166 1256167 1256172 1256173 1256174 1256177 1256178 1256179 1256182 1256184 1256185 1256186 1256188 1256189 1256191 1256192 1256193 1256194 1256196 1256198 1256199 1256200 1256202 1256203 1256204 1256205 1256206 1256207 1256208 1256211 1256214 1256215 1256216 1256218 1256219 1256220 1256221 1256223 1256228 1256230 1256231 1256235 1256239 1256241 1256242 1256244 1256245 1256246 1256248 1256250 1256254 1256260 1256265 1256269 1256271 1256274 1256282 1256285 1256291 1256294 1256295 1256300 1256302 1256306 1256309 1256317 1256320 1256323 1256326 1256328 1256333 1256334 1256335 1256337 1256338 1256341 1256344 1256346 1256349 1256352 1256353 1256355 1256358 1256359 1256363 1256364 1256368 1256370 1256375 1256381 1256382 1256383 1256384 1256386 1256388 1256389 1256390 1256391 1256394 1256395 1256396 1256397 1256398 1256423 1256426 1256432 1256498 1256499 1256500 1256525 1256526 1256582 1256612 1256623 1256641 1256645 1256675 1256709 1256726 1256744 1256745 1256747 1256766 1256779 1256792 1256805 1256807 1256808 1256809 1256811 1256812 1256822 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1256906 1257005 1257029 1257031 1257041 1257042 1257044 1257046 1257049 1257144 1257181 1257231 1257232 1257236 1257296 1257364 1257365 1257463 1257473 1257473 1257496 1257593 1257594 1257595 1257667 1257732 1257735 1257749 1257773 1257790 1257825 1257960 1258002 1258020 1258022 1258045 1258049 1258054 1258080 1258081 1258229 1258340 1258392 1258395 1258406 1258518 1258730 1258849 1258850 1258859 1259051 1259247 1259362 1259362 1259363 1259364 1259365 1259377 1259418 1259543 1259611 1259619 1259650 1259697 1259711 1259726 1259729 1259734 1259735 1259797 1259845 1259857 1259924 1259985 1259989 1260005 1260009 1260026 1260347 1260441 1260442 1260443 1260444 1260562 1260754 1260805 1261155 1261191 1261271 1261274 1261420 1261678 1261809 1261969 1261970 1262098 1262144 1262178 1262180 1262319 1262428 1262573 1262631 1262632 1262635 1262636 1262638 1262654 510058 529469 837347 CVE-2022-0854 CVE-2022-43945 CVE-2022-48853 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50280 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50479 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50515 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50524 CVE-2022-50525 CVE-2022-50526 CVE-2022-50527 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50543 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50577 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2022-50614 CVE-2022-50615 CVE-2022-50617 CVE-2022-50618 CVE-2022-50619 CVE-2022-50621 CVE-2022-50622 CVE-2022-50623 CVE-2022-50625 CVE-2022-50626 CVE-2022-50629 CVE-2022-50630 CVE-2022-50633 CVE-2022-50635 CVE-2022-50636 CVE-2022-50638 CVE-2022-50640 CVE-2022-50641 CVE-2022-50643 CVE-2022-50644 CVE-2022-50646 CVE-2022-50649 CVE-2022-50652 CVE-2022-50653 CVE-2022-50656 CVE-2022-50658 CVE-2022-50660 CVE-2022-50661 CVE-2022-50662 CVE-2022-50664 CVE-2022-50665 CVE-2022-50666 CVE-2022-50667 CVE-2022-50668 CVE-2022-50669 CVE-2022-50670 CVE-2022-50671 CVE-2022-50672 CVE-2022-50673 CVE-2022-50675 CVE-2022-50677 CVE-2022-50678 CVE-2022-50679 CVE-2022-50697 CVE-2022-50698 CVE-2022-50699 CVE-2022-50700 CVE-2022-50701 CVE-2022-50702 CVE-2022-50703 CVE-2022-50704 CVE-2022-50705 CVE-2022-50709 CVE-2022-50710 CVE-2022-50712 CVE-2022-50714 CVE-2022-50715 CVE-2022-50716 CVE-2022-50717 CVE-2022-50718 CVE-2022-50719 CVE-2022-50722 CVE-2022-50723 CVE-2022-50724 CVE-2022-50726 CVE-2022-50727 CVE-2022-50728 CVE-2022-50730 CVE-2022-50731 CVE-2022-50732 CVE-2022-50733 CVE-2022-50735 CVE-2022-50736 CVE-2022-50738 CVE-2022-50740 CVE-2022-50742 CVE-2022-50744 CVE-2022-50745 CVE-2022-50747 CVE-2022-50749 CVE-2022-50750 CVE-2022-50751 CVE-2022-50752 CVE-2022-50754 CVE-2022-50755 CVE-2022-50756 CVE-2022-50757 CVE-2022-50758 CVE-2022-50760 CVE-2022-50761 CVE-2022-50763 CVE-2022-50767 CVE-2022-50768 CVE-2022-50769 CVE-2022-50770 CVE-2022-50773 CVE-2022-50774 CVE-2022-50776 CVE-2022-50777 CVE-2022-50779 CVE-2022-50781 CVE-2022-50782 CVE-2022-50809 CVE-2022-50814 CVE-2022-50818 CVE-2022-50819 CVE-2022-50821 CVE-2022-50822 CVE-2022-50823 CVE-2022-50824 CVE-2022-50826 CVE-2022-50827 CVE-2022-50828 CVE-2022-50829 CVE-2022-50830 CVE-2022-50832 CVE-2022-50833 CVE-2022-50834 CVE-2022-50835 CVE-2022-50836 CVE-2022-50838 CVE-2022-50839 CVE-2022-50840 CVE-2022-50842 CVE-2022-50843 CVE-2022-50844 CVE-2022-50845 CVE-2022-50846 CVE-2022-50847 CVE-2022-50848 CVE-2022-50849 CVE-2022-50850 CVE-2022-50851 CVE-2022-50853 CVE-2022-50856 CVE-2022-50858 CVE-2022-50859 CVE-2022-50860 CVE-2022-50861 CVE-2022-50862 CVE-2022-50864 CVE-2022-50866 CVE-2022-50867 CVE-2022-50868 CVE-2022-50870 CVE-2022-50872 CVE-2022-50873 CVE-2022-50876 CVE-2022-50878 CVE-2022-50880 CVE-2022-50881 CVE-2022-50882 CVE-2022-50883 CVE-2022-50884 CVE-2022-50885 CVE-2022-50886 CVE-2022-50887 CVE-2022-50888 CVE-2022-50889 CVE-2023-23559 CVE-2023-52433 CVE-2023-52874 CVE-2023-52923 CVE-2023-52923 CVE-2023-53178 CVE-2023-53254 CVE-2023-53365 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53539 CVE-2023-53541 CVE-2023-53542 CVE-2023-53546 CVE-2023-53547 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53557 CVE-2023-53559 CVE-2023-53560 CVE-2023-53562 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53578 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53591 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53598 CVE-2023-53601 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53676 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53697 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53707 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53714 CVE-2023-53715 CVE-2023-53716 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-53743 CVE-2023-53744 CVE-2023-53746 CVE-2023-53747 CVE-2023-53751 CVE-2023-53753 CVE-2023-53754 CVE-2023-53755 CVE-2023-53761 CVE-2023-53766 CVE-2023-53769 CVE-2023-53780 CVE-2023-53781 CVE-2023-53783 CVE-2023-53786 CVE-2023-53788 CVE-2023-53792 CVE-2023-53794 CVE-2023-53801 CVE-2023-53802 CVE-2023-53803 CVE-2023-53804 CVE-2023-53806 CVE-2023-53808 CVE-2023-53811 CVE-2023-53814 CVE-2023-53816 CVE-2023-53818 CVE-2023-53819 CVE-2023-53820 CVE-2023-53827 CVE-2023-53828 CVE-2023-53830 CVE-2023-53832 CVE-2023-53833 CVE-2023-53834 CVE-2023-53837 CVE-2023-53840 CVE-2023-53842 CVE-2023-53844 CVE-2023-53845 CVE-2023-53847 CVE-2023-53848 CVE-2023-53849 CVE-2023-53850 CVE-2023-53852 CVE-2023-53858 CVE-2023-53860 CVE-2023-53862 CVE-2023-53864 CVE-2023-53866 CVE-2023-53989 CVE-2023-53990 CVE-2023-53991 CVE-2023-53996 CVE-2023-53998 CVE-2023-54001 CVE-2023-54003 CVE-2023-54007 CVE-2023-54009 CVE-2023-54010 CVE-2023-54014 CVE-2023-54015 CVE-2023-54017 CVE-2023-54018 CVE-2023-54019 CVE-2023-54020 CVE-2023-54021 CVE-2023-54024 CVE-2023-54025 CVE-2023-54026 CVE-2023-54028 CVE-2023-54036 CVE-2023-54039 CVE-2023-54040 CVE-2023-54041 CVE-2023-54042 CVE-2023-54044 CVE-2023-54045 CVE-2023-54046 CVE-2023-54047 CVE-2023-54048 CVE-2023-54049 CVE-2023-54050 CVE-2023-54051 CVE-2023-54053 CVE-2023-54055 CVE-2023-54057 CVE-2023-54058 CVE-2023-54064 CVE-2023-54070 CVE-2023-54072 CVE-2023-54074 CVE-2023-54076 CVE-2023-54078 CVE-2023-54079 CVE-2023-54083 CVE-2023-54084 CVE-2023-54090 CVE-2023-54091 CVE-2023-54092 CVE-2023-54095 CVE-2023-54096 CVE-2023-54097 CVE-2023-54098 CVE-2023-54100 CVE-2023-54102 CVE-2023-54104 CVE-2023-54106 CVE-2023-54107 CVE-2023-54108 CVE-2023-54110 CVE-2023-54111 CVE-2023-54114 CVE-2023-54115 CVE-2023-54116 CVE-2023-54118 CVE-2023-54119 CVE-2023-54120 CVE-2023-54122 CVE-2023-54123 CVE-2023-54126 CVE-2023-54127 CVE-2023-54128 CVE-2023-54130 CVE-2023-54131 CVE-2023-54132 CVE-2023-54134 CVE-2023-54136 CVE-2023-54138 CVE-2023-54140 CVE-2023-54142 CVE-2023-54144 CVE-2023-54146 CVE-2023-54148 CVE-2023-54150 CVE-2023-54153 CVE-2023-54156 CVE-2023-54159 CVE-2023-54164 CVE-2023-54166 CVE-2023-54168 CVE-2023-54169 CVE-2023-54170 CVE-2023-54171 CVE-2023-54173 CVE-2023-54175 CVE-2023-54177 CVE-2023-54179 CVE-2023-54183 CVE-2023-54186 CVE-2023-54189 CVE-2023-54190 CVE-2023-54194 CVE-2023-54197 CVE-2023-54198 CVE-2023-54199 CVE-2023-54201 CVE-2023-54202 CVE-2023-54205 CVE-2023-54208 CVE-2023-54210 CVE-2023-54211 CVE-2023-54213 CVE-2023-54214 CVE-2023-54219 CVE-2023-54226 CVE-2023-54229 CVE-2023-54230 CVE-2023-54234 CVE-2023-54236 CVE-2023-54238 CVE-2023-54242 CVE-2023-54243 CVE-2023-54244 CVE-2023-54245 CVE-2023-54251 CVE-2023-54252 CVE-2023-54254 CVE-2023-54260 CVE-2023-54262 CVE-2023-54264 CVE-2023-54266 CVE-2023-54267 CVE-2023-54269 CVE-2023-54270 CVE-2023-54271 CVE-2023-54274 CVE-2023-54275 CVE-2023-54277 CVE-2023-54280 CVE-2023-54284 CVE-2023-54286 CVE-2023-54287 CVE-2023-54289 CVE-2023-54292 CVE-2023-54293 CVE-2023-54294 CVE-2023-54295 CVE-2023-54298 CVE-2023-54299 CVE-2023-54300 CVE-2023-54301 CVE-2023-54302 CVE-2023-54304 CVE-2023-54305 CVE-2023-54309 CVE-2023-54311 CVE-2023-54315 CVE-2023-54317 CVE-2023-54319 CVE-2023-54320 CVE-2023-54321 CVE-2023-54322 CVE-2023-54325 CVE-2023-54326 CVE-2023-7324 CVE-2024-2312 CVE-2024-25621 CVE-2024-26581 CVE-2024-26661 CVE-2024-26832 CVE-2024-36933 CVE-2024-50143 CVE-2024-53093 CVE-2024-53093 CVE-2024-54031 CVE-2024-56590 CVE-2025-10911 CVE-2025-11468 CVE-2025-11563 CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13462 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-14831 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15282 CVE-2025-15366 CVE-2025-15367 CVE-2025-21658 CVE-2025-21738 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164 CVE-2025-30258 CVE-2025-31133 CVE-2025-31133 CVE-2025-37885 CVE-2025-38068 CVE-2025-38084 CVE-2025-38085 CVE-2025-38129 CVE-2025-38159 CVE-2025-38234 CVE-2025-38375 CVE-2025-38476 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39977 CVE-2025-39978 CVE-2025-39981 CVE-2025-40018 CVE-2025-40019 CVE-2025-40040 CVE-2025-40044 CVE-2025-40044 CVE-2025-40048 CVE-2025-40121 CVE-2025-40139 CVE-2025-40139 CVE-2025-40154 CVE-2025-40204 CVE-2025-40215 CVE-2025-40220 CVE-2025-40233 CVE-2025-40242 CVE-2025-40256 CVE-2025-40257 CVE-2025-40258 CVE-2025-40277 CVE-2025-40280 CVE-2025-40300 CVE-2025-40331 CVE-2025-40778 CVE-2025-40780 CVE-2025-45582 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-53906 CVE-2025-54505 CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-58150 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-68160 CVE-2025-68183 CVE-2025-68218 CVE-2025-68276 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68468 CVE-2025-68471 CVE-2025-68732 CVE-2025-68771 CVE-2025-68813 CVE-2025-68818 CVE-2025-68973 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-7039 CVE-2025-70873 CVE-2025-71066 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-8732 CVE-2025-9403 CVE-2025-9820 CVE-2026-0672 CVE-2026-0861 CVE-2026-0865 CVE-2026-0915 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1299 CVE-2026-1502 CVE-2026-1519 CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796 CVE-2026-22801 CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23054 CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23103 CVE-2026-23191 CVE-2026-23204 CVE-2026-23209 CVE-2026-23243 CVE-2026-23268 CVE-2026-23269 CVE-2026-23272 CVE-2026-23274 CVE-2026-23317 CVE-2026-23553 CVE-2026-23554 CVE-2026-23557 CVE-2026-23558 CVE-2026-24515 CVE-2026-25210 CVE-2026-25646 CVE-2026-26269 CVE-2026-27135 CVE-2026-27171 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-28417 CVE-2026-29111 CVE-2026-31431 CVE-2026-31789 CVE-2026-3184 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33412 CVE-2026-33416 CVE-2026-3446 CVE-2026-34714 CVE-2026-3479 CVE-2026-34982 CVE-2026-35535 CVE-2026-3644 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6019 CVE-2026-6100 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20260507-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3794-1 Released: Fri Oct 24 17:36:29 2025 Summary: Security update for chrony Type: security Severity: moderate References: 1246544 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3797-1 Released: Mon Oct 27 08:58:05 2025 Summary: Security update for xen Type: security Severity: important References: 1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3854-1 Released: Wed Oct 29 15:10:39 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1248816 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4108-1 Released: Fri Nov 14 16:54:51 2025 Summary: Security update for bind Type: security Severity: important References: 1252379,1252380,CVE-2025-40778,CVE-2025-40780 This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4112-1 Released: Sat Nov 15 23:38:15 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4152-1 Released: Fri Nov 21 10:10:35 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) Other fixes: - Bump upstream SBAT generation to 6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4288-1 Released: Fri Nov 28 09:25:32 2025 Summary: Security update for containerd Type: security Severity: important References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4320-1 Released: Thu Dec 4 11:04:15 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206843,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214754,1214954,1214992,1215148,1217366,1236104,1242960,1245498,1245499,1246211,1247317,1248754,1249479,1249608,1249857,1249859,1249988,1250237,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251037,1251040,1251043,1251045,1251046,1251047,1251052,1251054,1251057,1251059,1251060,1251061,1251063,1251065,1251066,1251068,1251072,1251079,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251105,1251106,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251153,1251154,1251159,1251162,1251164,1251166,1251167,1251169,1251170,1251173,1251174,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251221,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251284,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251301,1251302,1251303,1 251306,1251307,1251310,1251312,1251315,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1251737,1251738,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252060,1252069,1252265,1252473,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252494,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252534,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252632,1252634,1252688,1252785,1252893,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50479,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-504 88,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50515,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50524,CVE-2022-50525,CVE-2022-50526,CVE-2022-50527,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50543,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50577,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE- 2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53539,CVE-2023-53541,CVE-2023-53542,CVE-2023-53546,CVE-2023-53547,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53557,CVE-2023-53559,CVE-2023-53560,CVE-2023-53562,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53578,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53591,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53598,CVE-2023-53601,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53 668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53697,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53707,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53716,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-37885,CVE-2025-38084,CVE-2025-38085,CVE-2025-38476,CVE-2025-39742,CVE-2025-39797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-40018,CVE-2025-40044 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38084: hugetlb: unshare some PMDs when splitting VMAs (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39797: xfrm: Duplicate SPI Handling (bsc#1249608). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39981: Bluetooth: MGMT: Fix possible UAFs (bsc#1252060). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). The following non security issues were fixed: - NFS: remove revoked delegation from server's delegation list (bsc#1246211). - NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - fbcon: Fix OOB access in font allocation (bsc#1252033) - kabi fix for NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). - net: mana: Switch to page pool for jumbo frames (bsc#1248754). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4377-1 Released: Fri Dec 12 10:37:09 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4436-1 Released: Wed Dec 17 14:55:46 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4490-1 Released: Fri Dec 19 12:17:11 2025 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1252692,1254180,CVE-2025-58149 This update for xen fixes the following issues: Update to Xen 4.17.6. Security issues fixed: - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to them (bsc#1252692). Other issues fixed: - Several upstream bug fixes (bsc#1027519). - Failure to restart xenstored (bsc#1254180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4506-1 Released: Mon Dec 22 17:38:35 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1233640,1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2024-53093,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - Fix type signess in fbcon_set_font() (bsc#1252033). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4525-1 Released: Fri Dec 26 13:19:00 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:27-1 Released: Mon Jan 5 13:45:08 2026 Summary: Security update for python3 Type: security Severity: moderate References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:117-1 Released: Tue Jan 13 05:33:38 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:214-1 Released: Thu Jan 22 13:09:26 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:224-1 Released: Thu Jan 22 13:18:20 2026 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1256341,CVE-2025-13151 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:304-1 Released: Tue Jan 27 17:14:50 2026 Summary: Security update for xen Type: security Severity: moderate References: 1256745,1256747,CVE-2025-58150,CVE-2026-23553 This update for xen fixes the following issues: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:317-1 Released: Wed Jan 28 15:36:48 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1193629,1194869,1196823,1204957,1205567,1206451,1206843,1206889,1207051,1207088,1207315,1207611,1207620,1207622,1207636,1207644,1207646,1207652,1207653,1208570,1208758,1209799,1209980,1210644,1210817,1210943,1211690,1213025,1213032,1213093,1213105,1213110,1213111,1213653,1213747,1213867,1214635,1214940,1214962,1214986,1214990,1216062,1224573,1225832,1226797,1226846,1228015,1233640,1235038,1237563,1249871,1252046,1252678,1253409,1254392,1254520,1254559,1254562,1254572,1254578,1254580,1254592,1254601,1254608,1254609,1254614,1254615,1254617,1254623,1254625,1254626,1254631,1254632,1254634,1254644,1254645,1254649,1254651,1254653,1254656,1254658,1254660,1254664,1254671,1254674,1254676,1254677,1254681,1254684,1254685,1254686,1254690,1254692,1254694,1254696,1254698,1254699,1254704,1254706,1254709,1254710,1254711,1254712,1254713,1254714,1254716,1254723,1254725,1254728,1254729,1254743,1254745,1254751,1254753,1254754,1254756,1254759,1254763,1254775,1254780,1254781,1254782,1 254783,1254785,1254786,1254788,1254789,1254792,1254813,1254843,1254847,1254851,1254894,1254902,1254910,1254911,1254915,1254916,1254917,1254920,1254922,1254958,1254959,1254974,1254979,1254986,1254994,1255002,1255005,1255007,1255049,1255060,1255107,1255163,1255165,1255245,1255467,1255469,1255521,1255528,1255532,1255546,1255549,1255554,1255555,1255558,1255560,1255561,1255562,1255565,1255574,1255576,1255578,1255582,1255596,1255600,1255605,1255607,1255608,1255609,1255618,1255619,1255620,1255623,1255624,1255626,1255627,1255628,1255635,1255636,1255688,1255690,1255697,1255702,1255704,1255745,1255747,1255749,1255750,1255757,1255758,1255760,1255761,1255762,1255763,1255769,1255771,1255773,1255780,1255786,1255787,1255789,1255790,1255791,1255792,1255796,1255797,1255800,1255801,1255802,1255803,1255804,1255806,1255808,1255819,1255839,1255841,1255843,1255844,1255872,1255875,1255876,1255877,1255878,1255880,1255881,1255888,1255889,1255890,1255899,1255901,1255902,1255905,1255906,1255909,1255910,125591 2,1255916,1255919,1255920,1255922,1255924,1255925,1255939,1255946,1255950,1255953,1255954,1255955,1255962,1255964,1255968,1255969,1255970,1255971,1255974,1255978,1255979,1255983,1255985,1255990,1255993,1255994,1255996,1255998,1256034,1256040,1256042,1256045,1256046,1256048,1256049,1256050,1256053,1256056,1256057,1256062,1256063,1256064,1256065,1256071,1256074,1256081,1256084,1256086,1256088,1256091,1256093,1256099,1256101,1256103,1256106,1256111,1256112,1256114,1256115,1256118,1256119,1256121,1256122,1256124,1256125,1256126,1256127,1256128,1256130,1256131,1256132,1256133,1256136,1256137,1256140,1256141,1256142,1256143,1256144,1256145,1256149,1256150,1256152,1256154,1256155,1256157,1256158,1256162,1256164,1256165,1256166,1256167,1256172,1256173,1256174,1256177,1256178,1256179,1256182,1256184,1256185,1256186,1256188,1256189,1256191,1256192,1256193,1256194,1256196,1256198,1256199,1256200,1256202,1256203,1256204,1256205,1256206,1256207,1256208,1256211,1256214,1256215,1256216,1256218,125 6219,1256220,1256221,1256223,1256228,1256230,1256231,1256235,1256239,1256241,1256242,1256245,1256248,1256250,1256254,1256260,1256265,1256269,1256271,1256274,1256282,1256285,1256291,1256294,1256295,1256300,1256302,1256306,1256309,1256317,1256320,1256323,1256326,1256328,1256333,1256334,1256335,1256337,1256338,1256344,1256346,1256349,1256352,1256353,1256355,1256358,1256359,1256363,1256364,1256368,1256370,1256375,1256381,1256382,1256383,1256384,1256386,1256388,1256391,1256394,1256395,1256396,1256397,1256398,1256423,1256426,1256432,CVE-2022-0854,CVE-2022-48853,CVE-2022-50614,CVE-2022-50615,CVE-2022-50617,CVE-2022-50618,CVE-2022-50619,CVE-2022-50621,CVE-2022-50622,CVE-2022-50623,CVE-2022-50625,CVE-2022-50626,CVE-2022-50629,CVE-2022-50630,CVE-2022-50633,CVE-2022-50635,CVE-2022-50636,CVE-2022-50638,CVE-2022-50640,CVE-2022-50641,CVE-2022-50643,CVE-2022-50644,CVE-2022-50646,CVE-2022-50649,CVE-2022-50652,CVE-2022-50653,CVE-2022-50656,CVE-2022-50658,CVE-2022-50660,CVE-2022-50661,CVE-2022-50662, CVE-2022-50664,CVE-2022-50665,CVE-2022-50666,CVE-2022-50667,CVE-2022-50668,CVE-2022-50669,CVE-2022-50670,CVE-2022-50671,CVE-2022-50672,CVE-2022-50673,CVE-2022-50675,CVE-2022-50677,CVE-2022-50678,CVE-2022-50679,CVE-2022-50698,CVE-2022-50699,CVE-2022-50700,CVE-2022-50701,CVE-2022-50702,CVE-2022-50703,CVE-2022-50704,CVE-2022-50705,CVE-2022-50709,CVE-2022-50710,CVE-2022-50712,CVE-2022-50714,CVE-2022-50715,CVE-2022-50716,CVE-2022-50717,CVE-2022-50718,CVE-2022-50719,CVE-2022-50722,CVE-2022-50723,CVE-2022-50724,CVE-2022-50726,CVE-2022-50727,CVE-2022-50728,CVE-2022-50730,CVE-2022-50731,CVE-2022-50732,CVE-2022-50733,CVE-2022-50735,CVE-2022-50736,CVE-2022-50738,CVE-2022-50740,CVE-2022-50742,CVE-2022-50744,CVE-2022-50745,CVE-2022-50747,CVE-2022-50749,CVE-2022-50750,CVE-2022-50751,CVE-2022-50752,CVE-2022-50754,CVE-2022-50755,CVE-2022-50756,CVE-2022-50757,CVE-2022-50758,CVE-2022-50760,CVE-2022-50761,CVE-2022-50763,CVE-2022-50767,CVE-2022-50768,CVE-2022-50769,CVE-2022-50770,CVE-2022-50773,CVE-202 2-50774,CVE-2022-50776,CVE-2022-50777,CVE-2022-50779,CVE-2022-50781,CVE-2022-50782,CVE-2022-50809,CVE-2022-50814,CVE-2022-50818,CVE-2022-50819,CVE-2022-50821,CVE-2022-50822,CVE-2022-50823,CVE-2022-50824,CVE-2022-50826,CVE-2022-50827,CVE-2022-50828,CVE-2022-50829,CVE-2022-50830,CVE-2022-50832,CVE-2022-50833,CVE-2022-50834,CVE-2022-50835,CVE-2022-50836,CVE-2022-50838,CVE-2022-50839,CVE-2022-50840,CVE-2022-50842,CVE-2022-50843,CVE-2022-50844,CVE-2022-50845,CVE-2022-50846,CVE-2022-50847,CVE-2022-50848,CVE-2022-50849,CVE-2022-50850,CVE-2022-50851,CVE-2022-50853,CVE-2022-50856,CVE-2022-50858,CVE-2022-50859,CVE-2022-50860,CVE-2022-50861,CVE-2022-50862,CVE-2022-50864,CVE-2022-50866,CVE-2022-50867,CVE-2022-50868,CVE-2022-50870,CVE-2022-50872,CVE-2022-50873,CVE-2022-50876,CVE-2022-50878,CVE-2022-50880,CVE-2022-50881,CVE-2022-50882,CVE-2022-50883,CVE-2022-50884,CVE-2022-50885,CVE-2022-50886,CVE-2022-50887,CVE-2022-50888,CVE-2022-50889,CVE-2023-23559,CVE-2023-53254,CVE-2023-53743,CVE-2023-53744 ,CVE-2023-53746,CVE-2023-53747,CVE-2023-53751,CVE-2023-53753,CVE-2023-53754,CVE-2023-53755,CVE-2023-53761,CVE-2023-53766,CVE-2023-53769,CVE-2023-53780,CVE-2023-53781,CVE-2023-53783,CVE-2023-53786,CVE-2023-53788,CVE-2023-53792,CVE-2023-53794,CVE-2023-53801,CVE-2023-53802,CVE-2023-53803,CVE-2023-53804,CVE-2023-53806,CVE-2023-53808,CVE-2023-53811,CVE-2023-53814,CVE-2023-53816,CVE-2023-53818,CVE-2023-53819,CVE-2023-53820,CVE-2023-53827,CVE-2023-53828,CVE-2023-53830,CVE-2023-53832,CVE-2023-53833,CVE-2023-53834,CVE-2023-53837,CVE-2023-53840,CVE-2023-53842,CVE-2023-53844,CVE-2023-53845,CVE-2023-53847,CVE-2023-53848,CVE-2023-53849,CVE-2023-53850,CVE-2023-53852,CVE-2023-53858,CVE-2023-53860,CVE-2023-53862,CVE-2023-53864,CVE-2023-53866,CVE-2023-53989,CVE-2023-53990,CVE-2023-53991,CVE-2023-53996,CVE-2023-53998,CVE-2023-54001,CVE-2023-54003,CVE-2023-54007,CVE-2023-54009,CVE-2023-54010,CVE-2023-54014,CVE-2023-54015,CVE-2023-54017,CVE-2023-54018,CVE-2023-54019,CVE-2023-54020,CVE-2023-54021,CVE-20 23-54024,CVE-2023-54025,CVE-2023-54026,CVE-2023-54028,CVE-2023-54036,CVE-2023-54039,CVE-2023-54040,CVE-2023-54041,CVE-2023-54042,CVE-2023-54044,CVE-2023-54045,CVE-2023-54046,CVE-2023-54047,CVE-2023-54048,CVE-2023-54049,CVE-2023-54050,CVE-2023-54051,CVE-2023-54053,CVE-2023-54055,CVE-2023-54057,CVE-2023-54058,CVE-2023-54064,CVE-2023-54070,CVE-2023-54072,CVE-2023-54074,CVE-2023-54076,CVE-2023-54078,CVE-2023-54079,CVE-2023-54083,CVE-2023-54084,CVE-2023-54090,CVE-2023-54091,CVE-2023-54092,CVE-2023-54095,CVE-2023-54096,CVE-2023-54097,CVE-2023-54098,CVE-2023-54100,CVE-2023-54102,CVE-2023-54104,CVE-2023-54106,CVE-2023-54107,CVE-2023-54108,CVE-2023-54110,CVE-2023-54111,CVE-2023-54114,CVE-2023-54115,CVE-2023-54116,CVE-2023-54118,CVE-2023-54119,CVE-2023-54120,CVE-2023-54122,CVE-2023-54123,CVE-2023-54126,CVE-2023-54127,CVE-2023-54128,CVE-2023-54130,CVE-2023-54131,CVE-2023-54132,CVE-2023-54134,CVE-2023-54136,CVE-2023-54138,CVE-2023-54140,CVE-2023-54144,CVE-2023-54146,CVE-2023-54148,CVE-2023-5415 0,CVE-2023-54153,CVE-2023-54156,CVE-2023-54159,CVE-2023-54164,CVE-2023-54166,CVE-2023-54168,CVE-2023-54169,CVE-2023-54170,CVE-2023-54171,CVE-2023-54173,CVE-2023-54175,CVE-2023-54177,CVE-2023-54179,CVE-2023-54183,CVE-2023-54186,CVE-2023-54189,CVE-2023-54190,CVE-2023-54194,CVE-2023-54197,CVE-2023-54198,CVE-2023-54199,CVE-2023-54201,CVE-2023-54202,CVE-2023-54205,CVE-2023-54208,CVE-2023-54210,CVE-2023-54211,CVE-2023-54213,CVE-2023-54214,CVE-2023-54219,CVE-2023-54226,CVE-2023-54229,CVE-2023-54230,CVE-2023-54234,CVE-2023-54236,CVE-2023-54238,CVE-2023-54242,CVE-2023-54244,CVE-2023-54245,CVE-2023-54251,CVE-2023-54252,CVE-2023-54254,CVE-2023-54260,CVE-2023-54262,CVE-2023-54264,CVE-2023-54266,CVE-2023-54267,CVE-2023-54269,CVE-2023-54270,CVE-2023-54271,CVE-2023-54274,CVE-2023-54275,CVE-2023-54277,CVE-2023-54280,CVE-2023-54284,CVE-2023-54286,CVE-2023-54287,CVE-2023-54289,CVE-2023-54292,CVE-2023-54293,CVE-2023-54294,CVE-2023-54295,CVE-2023-54298,CVE-2023-54299,CVE-2023-54300,CVE-2023-54301,CVE-2 023-54302,CVE-2023-54304,CVE-2023-54305,CVE-2023-54309,CVE-2023-54311,CVE-2023-54315,CVE-2023-54317,CVE-2023-54319,CVE-2023-54320,CVE-2023-54321,CVE-2023-54322,CVE-2023-54325,CVE-2023-54326,CVE-2024-36933,CVE-2024-53093,CVE-2024-56590,CVE-2025-39977,CVE-2025-40019,CVE-2025-40139,CVE-2025-40215,CVE-2025-40220,CVE-2025-40233,CVE-2025-40256,CVE-2025-40258,CVE-2025-40277,CVE-2025-40280,CVE-2025-40331,CVE-2025-68218,CVE-2025-68732 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785). - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576). - CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871). - CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751). - CVE-2024-56590: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (bsc#1235038). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688). The following non security issues were fixed: - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Do not pass NULL handles to acpi_attach_data() (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - KVM: SVM: Fix TSC_AUX virtualization setup (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes). - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes). - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes). - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes). - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes). - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes). - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes). - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes). - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes). - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes). - arch/idle: Change arch_cpu_idle() behavior: always exit with IRQs disabled (git-fixes). - cpuidle/poll: Ensure IRQs stay disabled after cpuidle_state::enter() calls (git-fixes). - cpuidle: Move IRQ state validation (git-fixes). - cpuidle: haltpoll: Do not enable interrupts when entering idle (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Drop flags from __tdx_hypercall() (git-fixes). - x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Extend TDX_MODULE_CALL to support more TDCALL/SEAMCALL leafs (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes). - x86/tdx: Make TDX_HYPERCALL asm similar to TDX_MODULE_CALL (git-fixes). - x86/tdx: Make macros of TDCALLs consistent with the spec (git-fixes). - x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure (git-fixes). - x86/tdx: Reimplement __tdx_hypercall() using TDX_MODULE_CALL asm (git-fixes). - x86/tdx: Remove 'struct tdx_hypercall_args' (git-fixes). - x86/tdx: Remove TDX_HCALL_ISSUE_STI (git-fixes). - x86/tdx: Rename __tdx_module_call() to __tdcall() (git-fixes). - x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes). - x86/tdx: Retry partially-completed page conversion hypercalls (git-fixes). - x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid (git-fixes). - x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (git-fixes). - x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP (git-fixes). - x86/virt/tdx: Wire up basic SEAMCALL functions (git-fixes). - xfs: fix sparse inode limits on runt AG (bsc#1254392). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:359-1 Released: Mon Feb 2 10:54:54 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:462-1 Released: Thu Feb 12 08:38:20 2026 Summary: Recommended update for google-guest-configs Type: recommended Severity: important References: 1198323,1256906 This update for google-guest-configs fixes the following issues: - Update to version 20260116.00 (bsc#1256906) * set_multiqueue: Only set XPS on 'multinic accelerator platforms' - Update to version 20260112.00 * Make c4x a 'multinic accelerator platform' * set_multiqueue xps: stop assuming 2 numa nodes * Add IDPF irq setting; improve a4x-max performance * Allow test injection of the root directory and metadata server endpoint * add nic naming support for connextx VF in baremetal * bugfix for idpf only rename got skipped. * add a4x-max to google_set_multiqueue is_multinic_accelerator_platform * remove unnecessary link up and down * fix inconsistent NIC index between smart NICs and GPU NICs. - Mark %{_modprobedir}/gce-blacklist.conf as %config(noreplace) (bsc#1198323) - Update to version 20251014.00 - Update to version 20250913.00 * Swap guest-config rule from checking the build VM OS to taking in a variable for target version - from version 20250826.00 * Moved tx/rx IRQ logging after assignment * Fix core assignment in set_irq_range * Correct IRQ tx/rx affinity core assignment - Update to version 20250807.00 * Avoid duplicate entries for the metadata server in /etc/hosts - Update to version 20250709.00 * Add comments in scripts to document the behavior in google hostname setting. * Always use primary NIC IP for NetworkManager dispatcher hook. - from version 20250626.00 * Fix spelling error: 'explicilty' to 'explicitly' - Update to version 20250605.00 * Added comment to the bitmap conversion functions * Remove IRQ affinity overwrite to XPS affinity * Update XPS affinity to assign the remaining unassigned CPUs to the last queue when populating the last queue * Fix set_xps_affinity to correctly parse cpus array * Update XPS CPU assignment logic * Update CPU assignment algorithm in XPS affinity * Remove commented code * Update XPS affinity vCPU distribution algorithm s.t. the vCPUs assigned to a queue are on the same core - fixed IRQ affinity on NUMA1 not using the correct bind_cores_index * Fixed NUMA comparison error in set_xps_affinity * Update XPS affinity setup to be NUMA aware and support 64 bit CPU mask calculation - from version 20250604.00 * Bug fix: bind_cores_begin to bind_cores_index * Name smart NICs in lexicographic order - Run %postun to modify %{_sysconfdir}/sysconfig/network/ifcfg-eth0 during uninstall only to avoid removal of POST_UP_SCRIPT on upgrade - Update to version 20250516.00 * Remove unused fset * Remove unused lines * Update google_set_multiqueue to unpack IRQ ranges before core assignment - Update to version 20250501.00 * Configure local domain as route only domain to support cloud dns local domain but avoid adding it to the search path. - from version 20250409.00 * Change RDMA test condition to ensure renaming race conditions can be detected. - from version 20250328.00 * Revert 'Include systemd-networkd hook in Ubuntu packaging' - from version 20250326.00 * Update google_set_multiqueue to check pnic_ids - from version 20250221.00 * Make google_set_multiqueue aware A4X is multinic_accelerator_platform - from version 20250207.00 * Update google_set_multiqueue to adapt A4 platform * Merge branch 'GoogleCloudPlatform:master' into master * Fix IS_A3_PLATFORM syntax * Correct IS_A3_PLATFORM to save is_a3_platform results * Remove excess empty line. * Store is_a3_platform results into a global variable to avoid redundant curl calls * Skip tx affinity binding on non-gvnic interfaces only on A3 platforms. * Update comments for get_vcpu_ranges_on_accelerator_platform to reflect the expected vcpu ranges * rename get_vcpu_ranges to get_vcpu_ranges_on_accelerator_platform * Avoid IRQ binding on vCPU 0 * Fix returned value for get_vcpu_ranges * Update get_vcpu_ranges to read from sys file instead of hardcoded value * Update google_set_multiqueue to set vCPU ranges based on platform * Add comment for handling IRQ binding on non-gvnic devices * Update is_gvnic to include gvnic driver checks * revert removed echo lines * Update google_set_multiqueue to skip set_irq if nic is not a gvnic device. * Update google_set_multiqueue to enable on A3Ultra family - from version 20250124.00 * Fix missing files. This is a no-op. * Also force virtio_scsi - from version 20250116.00 * Add GPL-2 to licensing information - from version 20250107.00 * Restore IDPF devices for renaming rules - from version 20241213.00 * Remove Pat from owners file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:463-1 Released: Thu Feb 12 08:40:25 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1256709 This update for supportutils fixes the following issues: - scplugin.rc is restored in package 3.2.12.1 for continued compatibility (bsc#1256709) - Changes to version 3.2.12: * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11: * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:474-1 Released: Thu Feb 12 12:28:33 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1220137,1220144,1222323,1223007,1225049,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1252785,1253028,1253087,1253409,1253702,1254447,1254462,1254463,1254464,1254465,1254767,1254842,1255171,1255251,1255377,1255401,1255594,1255908,1256095,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50697,CVE-2023-52433,CVE-2023-52874,CVE-2023-52923,CVE-2023-53178,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53714,CVE-2023-54142,CVE-2023-54243,CVE-2024-26581,CVE-2024-26661,CVE-2024-26832,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-40044,CVE-2025-40 139,CVE-2025-40257,CVE-2025-40300,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68771,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483). - CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). The following non security issues were fixed: - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86: make page fault handling disable interrupts properly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:570-1 Released: Tue Feb 17 17:38:47 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1247858,1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:575-1 Released: Wed Feb 18 10:10:36 2026 Summary: Security update for libpcap Type: security Severity: low References: 1255765,CVE-2025-11961 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:577-1 Released: Wed Feb 18 16:49:13 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:596-1 Released: Mon Feb 23 16:57:20 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:664-1 Released: Thu Feb 26 16:15:04 2026 Summary: Security update for python3 Type: security Severity: important References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865 This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:694-1 Released: Fri Feb 27 16:14:32 2026 Summary: Security update for gpg2 Type: security Severity: moderate References: 1256389 This update for gpg2 fixes the following issues: Security fix: - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data (bsc#1256389) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:741-1 Released: Mon Mar 2 09:11:04 2026 Summary: Security update for shim Type: security Severity: moderate References: 1240871,1247432,CVE-2024-2312 This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix 'Verifiying' typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as 'vendor_db' - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:783-1 Released: Tue Mar 3 14:36:14 2026 Summary: Security update for zlib Type: security Severity: moderate References: 1258392,CVE-2026-27171 This update for zlib fixes the following issue: - CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing checks for negative lengths (bsc#1258392). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:791-1 Released: Tue Mar 3 16:59:33 2026 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1257463 This update for gcc15 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:818-1 Released: Thu Mar 5 11:26:09 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1258022 This update for grub2 fixes the following issues: - Backport upstream's commit to prevent BIOS assert (bsc#1258022) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:826-1 Released: Thu Mar 5 16:16:29 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:837-1 Released: Fri Mar 6 08:30:05 2026 Summary: Recommended update for syslogd Type: recommended Severity: moderate References: This update for syslogd fixes the following issues: - Drop last sysvinit Requirement/Provide (jsc#PED-13698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:856-1 Released: Tue Mar 10 09:35:24 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1258859,CVE-2026-3184 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:862-1 Released: Wed Mar 11 10:59:55 2026 Summary: Security update for gnutls Type: security Severity: moderate References: 1257960,CVE-2025-14831 This update for gnutls fixes the following issues: - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) (bsc#1257960). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:896-1 Released: Fri Mar 13 16:25:07 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) - CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) - CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:899-1 Released: Fri Mar 13 16:32:57 2026 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1230861,1239439,1241002,1244550 This update for suseconnect-ng fixes the following issues: - Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) - Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library - Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:910-1 Released: Tue Mar 17 20:34:12 2026 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:911-1 Released: Tue Mar 17 20:56:12 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:912-1 Released: Wed Mar 18 07:19:42 2026 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1229003,1258002 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user during install: allow rpm to properly execute %clean when completed. - Create /var/lib/ca-certificates during build to ensure rpm gives the %ghost'ed directory proper mode attributes. - Updated to 2.84 state (bsc#1258002) * Removed: + Baltimore CyberTrust Root + CommScope Public Trust ECC Root-01 + CommScope Public Trust ECC Root-02 + CommScope Public Trust RSA Root-01 + CommScope Public Trust RSA Root-02 + DigiNotar Root CA * Added: + e-Szigno TLS Root CA 2023 + OISTE Client Root ECC G1 + OISTE Client Root RSA G1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 + SwissSign RSA SMIME Root CA 2022 - 1 + SwissSign RSA TLS Root CA 2022 - 1 + TrustAsia SMIME ECC Root CA + TrustAsia SMIME RSA Root CA + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA - reenable the distrusted certs again. the distrust is only for certs issued after the distrust date, not for all certs of a CA. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:931-1 Released: Thu Mar 19 09:23:14 2026 Summary: Security update for jq Type: security Severity: low References: 1248600,CVE-2025-9403 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:949-1 Released: Fri Mar 20 19:08:19 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1003-1 Released: Wed Mar 25 10:25:34 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1238917,1255075,1256645,1257231,1257473,1257732,1257735,1257749,1257790,1258340,1258395,1258518,1258849,1258850,1259857,CVE-2025-21738,CVE-2025-40242,CVE-2025-71066,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23074,CVE-2026-23089,CVE-2026-23191,CVE-2026-23204,CVE-2026-23209,CVE-2026-23268,CVE-2026-23269 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850). - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857). The following non-security bugs were fixed: - Disable CONFIG_NET_SCH_ATM (jsc#PED-12836). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1061-1 Released: Thu Mar 26 11:35:08 2026 Summary: Security update for systemd Type: security Severity: important References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - 6a38d88a42 machined: reject invalid class types when registering machines - 8c9a592e5a udev: fix review mixup - b57007a917 udev-builtin-net-id: print cescaped bad attributes - ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX - 0f63e799e6 udev: ensure tag parsing stays within bounds - 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf - 5be21460ce udev: check for invalid chars in various fields received from the kernel - 9559607b16 core/cgroup: avoid one unnecessary strjoina() - fcae348ca4 core: validate input cgroup path more prudently - a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere - 08125d6b06 units: add dep on systemd-logind.service by user at .service ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1065-1 Released: Thu Mar 26 11:38:12 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1087-1 Released: Thu Mar 26 16:20:57 2026 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1222465,1234736 This update for util-linux fixes the following issues: - recognize fuse 'portal' as a virtual file system (bsc#1234736). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1090-1 Released: Thu Mar 26 18:44:54 2026 Summary: Security update for python3 Type: security Severity: important References: 1257181,CVE-2026-1299 This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1092-1 Released: Thu Mar 26 18:51:45 2026 Summary: Security update for xen Type: security Severity: important References: 1259247,CVE-2026-23554 This update for xen fixes the following issues: - CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1105-1 Released: Fri Mar 27 08:03:05 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1166-1 Released: Thu Apr 2 03:08:04 2026 Summary: Security update for expat Type: security Severity: important References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1177-1 Released: Thu Apr 2 17:00:30 2026 Summary: Security update for tar Type: security Severity: important References: 1246399,CVE-2025-45582 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1230-1 Released: Thu Apr 9 10:58:22 2026 Summary: Security update for bind Type: security Severity: important References: 1260805,CVE-2026-1519 This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1247-1 Released: Fri Apr 10 12:34:39 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1259845,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1290-1 Released: Mon Apr 13 10:08:34 2026 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1260441,1260442,1260443,1260444,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1308-1 Released: Tue Apr 14 12:37:49 2026 Summary: Security update for sudo Type: security Severity: important References: 1261420,CVE-2026-35535 This update for sudo fixes the following issue: - CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2026:1315-1 Released: Tue Apr 14 13:26:20 2026 Summary: Optional update for rsyslog Type: optional Severity: moderate References: This update for rsyslog fixes the following issue: - add the rsyslog-module-ossl (openssl TLS support). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1323-1 Released: Tue Apr 14 15:11:50 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1260754,CVE-2026-33416 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1380-1 Released: Thu Apr 16 11:13:40 2026 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1257667,1257825,1261155 This update for suseconnect-ng fixes the following issues: - Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). - Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1403-1 Released: Thu Apr 16 13:34:01 2026 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1432-1 Released: Fri Apr 17 12:12:08 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1472-1 Released: Mon Apr 20 11:31:54 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1259543 This update for grub2 fixes the following issues: - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1487-1 Released: Mon Apr 20 17:52:11 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1495-1 Released: Mon Apr 20 17:59:12 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1550-1 Released: Wed Apr 22 11:41:14 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1261678,CVE-2026-28390 This update for openssl-1_1 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1565-1 Released: Thu Apr 23 09:08:29 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1606-1 Released: Fri Apr 24 13:50:09 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215492,1246057,1256675,1257773,1259797,1260005,1260009,1260347,1260562,CVE-2025-38234,CVE-2025-68818,CVE-2026-23103,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274,CVE-2026-23317 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). - CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). The following non security issues were fixed: - nvme-fc: use ctrl state getter (git-fixes bsc#1215492). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1607-1 Released: Fri Apr 24 13:50:52 2026 Summary: Security update for vim Type: security Severity: important References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982 This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). - CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). - CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1657-1 Released: Wed Apr 29 13:06:49 2026 Summary: Security update for xen Type: security Severity: important References: 1262178,1262180,1262428,CVE-2025-54505,CVE-2026-23557,CVE-2026-23558 This update for xen fixes the following issues: - CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD-SN-7053 (bsc#1262428). - CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178). - CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1659-1 Released: Wed Apr 29 13:09:06 2026 Summary: Security update for sed Type: security Severity: moderate References: 1262144,CVE-2026-5958 This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1670-1 Released: Sat May 2 07:53:26 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1721-1 Released: Wed May 6 16:43:37 2026 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1253223,1258406,1258730 This update for cloud-netconfig fixes the following issues: - Update to version 1.19: * Make sure IPADDR variable is stripped of netmask - Update to version 1.18: * Fix issue with link-local address routing (bsc#1258730) - Update to version 1.17: * Do not set broadcast address explicitly (bsc#1258406) - Update to version 1.16: * Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223) * Fix variable names in the README ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1759-1 Released: Thu May 7 16:03:37 2026 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1261274 This update for dracut fixes the following issues: - Update to version 055+suse.399.g9aa7e567: * fix: make iso-scan trigger udev events (bsc#1261274) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bind-utils-9.16.50-150500.8.35.1 updated - ca-certificates-mozilla-2.84-150200.44.1 updated - chrony-pool-suse-4.1-150400.21.8.1 updated - chrony-4.1-150400.21.8.1 updated - cifs-utils-6.15-150400.3.18.1 updated - cloud-netconfig-gce-1.19-150000.25.31.1 updated - containerd-ctr-1.7.29-150000.132.1 updated - containerd-1.7.29-150000.132.1 updated - curl-8.14.1-150400.5.83.1 updated - dracut-055+suse.399.g9aa7e567-150500.3.35.1 updated - e2fsprogs-1.46.4-150400.3.9.2 added - elfutils-0.185-150400.5.8.3 updated - glibc-locale-base-2.31-150300.98.1 updated - glibc-locale-2.31-150300.98.1 updated - glibc-2.31-150300.98.1 updated - google-guest-configs-20260116.00-150400.13.25.1 updated - gpg2-2.2.27-150300.3.19.1 updated - grub2-i386-pc-2.06-150500.29.65.1 updated - grub2-x86_64-efi-2.06-150500.29.65.1 updated - grub2-2.06-150500.29.65.1 updated - iptables-1.8.7-1.1 added - jq-1.6-150000.3.12.1 updated - kernel-default-5.14.21-150500.55.149.1 updated - kmod-29-150300.4.18.1 updated - libasm1-0.185-150400.5.8.3 updated - libavahi-client3-0.8-150400.7.26.1 updated - libavahi-common3-0.8-150400.7.26.1 updated - libblkid1-2.37.4-150500.9.26.1 updated - libcap2-2.63-150400.3.6.1 updated - libcurl4-8.14.1-150400.5.83.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.18.4 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libexpat1-2.7.1-150400.3.37.1 updated - libext2fs2-1.46.4-150400.3.9.2 added - libfdisk1-2.37.4-150500.9.26.1 updated - libfreetype6-2.10.4-150000.4.25.1 updated - libgcc_s1-15.2.0+git10201-150000.1.9.1 updated - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libgnutls30-3.7.3-150400.4.56.1 updated - libip6tc2-1.8.7-1.1 added - libjq1-1.6-150000.3.12.1 updated - libkmod2-29-150300.4.18.1 updated - libmount1-2.37.4-150500.9.26.1 updated - libncurses6-6.1-150000.5.33.1 updated - libnftnl11-1.2.0-150400.1.6 added - libnghttp2-14-1.40.0-150200.22.1 updated - libopenssl1_1-1.1.1l-150500.17.54.1 updated - libpcap1-1.10.1-150400.3.9.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libpng16-16-1.6.34-150000.3.22.1 updated - libprocps8-3.3.17-150000.7.42.1 added - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsasl2-3-2.1.28-150500.3.3.1 updated - libsmartcols1-2.37.4-150500.9.26.1 updated - libsqlite3-0-3.51.3-150000.3.39.1 updated - libssh-config-0.9.8-150400.3.17.1 updated - libssh4-0.9.8-150400.3.17.1 updated - libstdc++6-15.2.0+git10201-150000.1.9.1 updated - libsystemd0-249.17-150400.8.55.1 updated - libtasn1-6-4.13-150000.4.14.1 updated - libtasn1-4.13-150000.4.14.1 updated - libudev1-249.17-150400.8.55.1 updated - libuuid1-2.37.4-150500.9.26.1 updated - libxml2-2-2.10.3-150500.5.38.1 updated - libz1-1.2.13-150500.4.6.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - openssh-clients-8.4p1-150300.3.57.1 updated - openssh-common-8.4p1-150300.3.57.1 updated - openssh-server-8.4p1-150300.3.57.1 updated - openssh-8.4p1-150300.3.57.1 updated - openssl-1_1-1.1.1l-150500.17.54.1 updated - pciutils-3.13.0-150300.13.12.1 updated - procps-3.3.17-150000.7.42.1 added - python3-base-3.6.15-150300.10.118.1 updated - python3-bind-9.16.50-150500.8.35.1 updated - python3-3.6.15-150300.10.118.1 updated - rsyslog-module-relp-8.2306.0-150400.5.35.1 updated - rsyslog-8.2306.0-150400.5.35.1 updated - runc-1.3.4-150000.92.1 updated - sed-4.4-150300.13.6.1 updated - shim-16.1-150300.4.31.3 updated - sudo-1.9.12p1-150500.7.16.1 updated - supportutils-3.2.12.1-150300.7.35.39.1 updated - suseconnect-ng-1.21.1-150500.3.40.1 updated - syslog-service-2.0-150300.13.3.1 updated - systemd-sysvinit-249.17-150400.8.55.1 updated - systemd-249.17-150400.8.55.1 updated - tar-1.34-150000.3.37.1 updated - terminfo-base-6.1-150000.5.33.1 updated - terminfo-6.1-150000.5.33.1 updated - udev-249.17-150400.8.55.1 updated - util-linux-systemd-2.37.4-150500.9.26.1 updated - util-linux-2.37.4-150500.9.26.1 updated - vim-data-common-9.2.0280-150500.20.46.1 updated - vim-9.2.0280-150500.20.46.1 updated - xen-libs-4.17.6_08-150500.3.65.1 updated - xtables-plugins-1.8.7-1.1 added - iproute2-5.14-150400.3.3.1 removed - libwayland-client0-1.21.0-150500.1.1 removed From sle-container-updates at lists.suse.com Sat May 9 07:04:05 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 May 2026 09:04:05 +0200 (CEST) Subject: SUSE-IU-2026:3234-1: Security update of suse-sles-15-sp4-chost-byos-v20260507-hvm-ssd-x86_64 Message-ID: <20260509070405.3D37DFB96@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20260507-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3234-1 Image Tags : suse-sles-15-sp4-chost-byos-v20260507-hvm-ssd-x86_64:20260507 Image Release : Severity : important Type : security References : 1001888 1006827 1029961 1065729 1065729 1098094 1098228 1170554 1192862 1193629 1194869 1196823 1204957 1205128 1205567 1206798 1206889 1206893 1207051 1207088 1207611 1207612 1207619 1207620 1207622 1207636 1207644 1207646 1207652 1207653 1208570 1208758 1209799 1210763 1210817 1210943 1211162 1211690 1211692 1213025 1213032 1213093 1213098 1213105 1213110 1213111 1213114 1213653 1213747 1213747 1213867 1214635 1214940 1214954 1214962 1214986 1214990 1214992 1215148 1216062 1217366 1220137 1220144 1222465 1223007 1224138 1228015 1229003 1229750 1230185 1230861 1231084 1232351 1232526 1233038 1234225 1234736 1235905 1236104 1236104 1236208 1237236 1237240 1237241 1237242 1237885 1237906 1238414 1238491 1238754 1238763 1238896 1238917 1238917 1239119 1239439 1239566 1239938 1240788 1240871 1241002 1241284 1242006 1243794 1243991 1244003 1244011 1244050 1244057 1244057 1244550 1244758 1244904 1244937 1245110 1245199 1245210 1245667 1245723 1245751 1246011 1246025 1246057 1246399 1246544 1246602 1246965 1246974 1247177 1247432 1247483 1247850 1248306 1248377 1248586 1248600 1248807 1248816 1249055 1249076 1249156 1249158 1249375 1249479 1249608 1249657 1249806 1249827 1249857 1249859 1249871 1249988 1250224 1250397 1250553 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251040 1251043 1251045 1251047 1251052 1251057 1251059 1251061 1251063 1251064 1251065 1251066 1251068 1251072 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251154 1251159 1251164 1251166 1251169 1251170 1251173 1251178 1251180 1251182 1251197 1251198 1251199 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251222 1251223 1251230 1251247 1251268 1251271 1251281 1251282 1251283 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251302 1251303 1251305 1251306 1251310 1251312 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251786 1251823 1251930 1251967 1252033 1252033 1252035 1252046 1252047 1252069 1252110 1252148 1252232 1252232 1252265 1252267 1252318 1252338 1252379 1252380 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252634 1252678 1252688 1252692 1252780 1252785 1252785 1252862 1252893 1252904 1252919 1252931 1252932 1252933 1252934 1252935 1252974 1253028 1253043 1253126 1253132 1253223 1253367 1253409 1253431 1253436 1253702 1253741 1253757 1253783 1254132 1254157 1254158 1254159 1254160 1254180 1254297 1254353 1254353 1254362 1254400 1254401 1254425 1254462 1254463 1254464 1254480 1254520 1254559 1254562 1254572 1254578 1254580 1254592 1254608 1254609 1254614 1254615 1254617 1254625 1254631 1254632 1254634 1254644 1254645 1254649 1254653 1254656 1254658 1254660 1254662 1254664 1254666 1254670 1254670 1254671 1254674 1254676 1254677 1254686 1254690 1254692 1254694 1254696 1254698 1254699 1254704 1254706 1254709 1254710 1254711 1254712 1254713 1254714 1254716 1254723 1254725 1254728 1254729 1254743 1254745 1254751 1254756 1254759 1254763 1254767 1254775 1254780 1254781 1254782 1254783 1254785 1254788 1254789 1254792 1254813 1254842 1254843 1254847 1254851 1254866 1254867 1254867 1254878 1254894 1254902 1254915 1254916 1254917 1254920 1254959 1254974 1254986 1254994 1254997 1255002 1255005 1255007 1255049 1255060 1255075 1255163 1255165 1255171 1255251 1255377 1255401 1255467 1255469 1255521 1255528 1255546 1255549 1255554 1255555 1255558 1255560 1255562 1255565 1255574 1255576 1255578 1255582 1255594 1255600 1255607 1255608 1255609 1255618 1255619 1255620 1255623 1255624 1255626 1255627 1255628 1255636 1255688 1255690 1255697 1255702 1255704 1255715 1255731 1255732 1255733 1255734 1255749 1255750 1255757 1255758 1255760 1255762 1255765 1255769 1255771 1255773 1255780 1255786 1255787 1255789 1255790 1255791 1255792 1255796 1255797 1255800 1255801 1255802 1255803 1255804 1255806 1255808 1255819 1255839 1255843 1255844 1255872 1255875 1255876 1255877 1255878 1255880 1255889 1255901 1255902 1255905 1255906 1255908 1255909 1255910 1255912 1255919 1255922 1255925 1255939 1255950 1255953 1255954 1255962 1255964 1255968 1255969 1255970 1255971 1255978 1255979 1255983 1255985 1255990 1255993 1255994 1255996 1256034 1256040 1256042 1256045 1256046 1256048 1256049 1256053 1256056 1256057 1256062 1256063 1256064 1256065 1256074 1256081 1256086 1256091 1256093 1256095 1256099 1256105 1256114 1256115 1256118 1256119 1256121 1256122 1256124 1256125 1256126 1256127 1256130 1256131 1256132 1256133 1256136 1256137 1256140 1256141 1256142 1256143 1256145 1256149 1256152 1256154 1256155 1256157 1256158 1256162 1256165 1256167 1256172 1256173 1256174 1256177 1256178 1256179 1256182 1256184 1256185 1256186 1256188 1256189 1256191 1256192 1256193 1256194 1256196 1256199 1256200 1256202 1256203 1256204 1256205 1256206 1256207 1256208 1256211 1256215 1256216 1256219 1256220 1256221 1256223 1256228 1256230 1256231 1256235 1256241 1256242 1256244 1256245 1256246 1256248 1256250 1256254 1256260 1256265 1256269 1256271 1256274 1256282 1256285 1256291 1256295 1256300 1256306 1256317 1256320 1256323 1256326 1256328 1256331 1256333 1256334 1256335 1256337 1256338 1256341 1256344 1256346 1256349 1256353 1256355 1256368 1256370 1256375 1256382 1256383 1256384 1256386 1256388 1256389 1256390 1256391 1256394 1256395 1256396 1256397 1256423 1256426 1256432 1256498 1256499 1256500 1256504 1256525 1256526 1256582 1256612 1256623 1256641 1256645 1256675 1256709 1256726 1256744 1256745 1256747 1256766 1256779 1256792 1256804 1256805 1256807 1256808 1256809 1256810 1256811 1256812 1256822 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1256902 1257005 1257029 1257031 1257041 1257042 1257044 1257046 1257049 1257144 1257181 1257231 1257232 1257236 1257296 1257364 1257365 1257463 1257473 1257473 1257490 1257496 1257593 1257594 1257595 1257625 1257667 1257732 1257735 1257749 1257771 1257773 1257790 1257825 1257960 1258002 1258020 1258022 1258045 1258049 1258054 1258080 1258081 1258229 1258340 1258395 1258406 1258518 1258730 1258849 1258850 1258859 1259051 1259362 1259362 1259363 1259364 1259365 1259377 1259418 1259543 1259611 1259616 1259619 1259650 1259697 1259711 1259726 1259729 1259734 1259735 1259797 1259803 1259829 1259845 1259857 1259924 1259985 1259989 1260005 1260009 1260026 1260441 1260442 1260443 1260444 1260445 1260589 1260754 1260805 1261155 1261191 1261271 1261274 1261420 1261568 1261678 1261809 1261969 1261970 1262098 1262144 1262178 1262180 1262319 1262428 1262573 1262631 1262632 1262635 1262636 1262638 1262654 529469 837347 CVE-2022-0854 CVE-2022-43945 CVE-2022-48853 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50280 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50525 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2022-50614 CVE-2022-50615 CVE-2022-50617 CVE-2022-50618 CVE-2022-50619 CVE-2022-50622 CVE-2022-50623 CVE-2022-50625 CVE-2022-50626 CVE-2022-50629 CVE-2022-50630 CVE-2022-50633 CVE-2022-50635 CVE-2022-50636 CVE-2022-50638 CVE-2022-50640 CVE-2022-50641 CVE-2022-50643 CVE-2022-50644 CVE-2022-50646 CVE-2022-50649 CVE-2022-50652 CVE-2022-50653 CVE-2022-50656 CVE-2022-50658 CVE-2022-50660 CVE-2022-50661 CVE-2022-50662 CVE-2022-50664 CVE-2022-50666 CVE-2022-50668 CVE-2022-50669 CVE-2022-50670 CVE-2022-50671 CVE-2022-50672 CVE-2022-50673 CVE-2022-50675 CVE-2022-50677 CVE-2022-50678 CVE-2022-50679 CVE-2022-50697 CVE-2022-50698 CVE-2022-50699 CVE-2022-50700 CVE-2022-50702 CVE-2022-50703 CVE-2022-50704 CVE-2022-50709 CVE-2022-50715 CVE-2022-50716 CVE-2022-50717 CVE-2022-50718 CVE-2022-50719 CVE-2022-50722 CVE-2022-50724 CVE-2022-50726 CVE-2022-50727 CVE-2022-50728 CVE-2022-50730 CVE-2022-50731 CVE-2022-50732 CVE-2022-50733 CVE-2022-50735 CVE-2022-50736 CVE-2022-50740 CVE-2022-50742 CVE-2022-50744 CVE-2022-50745 CVE-2022-50747 CVE-2022-50749 CVE-2022-50750 CVE-2022-50751 CVE-2022-50752 CVE-2022-50754 CVE-2022-50755 CVE-2022-50756 CVE-2022-50757 CVE-2022-50758 CVE-2022-50760 CVE-2022-50761 CVE-2022-50763 CVE-2022-50767 CVE-2022-50769 CVE-2022-50770 CVE-2022-50773 CVE-2022-50774 CVE-2022-50776 CVE-2022-50777 CVE-2022-50779 CVE-2022-50781 CVE-2022-50782 CVE-2022-50809 CVE-2022-50814 CVE-2022-50819 CVE-2022-50821 CVE-2022-50822 CVE-2022-50823 CVE-2022-50824 CVE-2022-50826 CVE-2022-50827 CVE-2022-50828 CVE-2022-50829 CVE-2022-50830 CVE-2022-50832 CVE-2022-50834 CVE-2022-50835 CVE-2022-50836 CVE-2022-50839 CVE-2022-50840 CVE-2022-50842 CVE-2022-50843 CVE-2022-50844 CVE-2022-50845 CVE-2022-50846 CVE-2022-50848 CVE-2022-50849 CVE-2022-50850 CVE-2022-50851 CVE-2022-50853 CVE-2022-50856 CVE-2022-50858 CVE-2022-50859 CVE-2022-50860 CVE-2022-50861 CVE-2022-50864 CVE-2022-50866 CVE-2022-50868 CVE-2022-50870 CVE-2022-50872 CVE-2022-50876 CVE-2022-50878 CVE-2022-50880 CVE-2022-50881 CVE-2022-50882 CVE-2022-50884 CVE-2022-50885 CVE-2022-50886 CVE-2022-50887 CVE-2022-50888 CVE-2022-50889 CVE-2023-23559 CVE-2023-52433 CVE-2023-52923 CVE-2023-52923 CVE-2023-53178 CVE-2023-53215 CVE-2023-53254 CVE-2023-53365 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53541 CVE-2023-53542 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53559 CVE-2023-53560 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53576 CVE-2023-53579 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53676 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53715 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-53743 CVE-2023-53744 CVE-2023-53746 CVE-2023-53747 CVE-2023-53751 CVE-2023-53754 CVE-2023-53755 CVE-2023-53761 CVE-2023-53766 CVE-2023-53781 CVE-2023-53783 CVE-2023-53786 CVE-2023-53788 CVE-2023-53792 CVE-2023-53794 CVE-2023-53802 CVE-2023-53803 CVE-2023-53804 CVE-2023-53808 CVE-2023-53811 CVE-2023-53814 CVE-2023-53818 CVE-2023-53819 CVE-2023-53820 CVE-2023-53827 CVE-2023-53830 CVE-2023-53832 CVE-2023-53834 CVE-2023-53837 CVE-2023-53840 CVE-2023-53842 CVE-2023-53844 CVE-2023-53845 CVE-2023-53847 CVE-2023-53850 CVE-2023-53852 CVE-2023-53858 CVE-2023-53862 CVE-2023-53866 CVE-2023-53990 CVE-2023-53991 CVE-2023-53996 CVE-2023-53998 CVE-2023-54001 CVE-2023-54003 CVE-2023-54007 CVE-2023-54009 CVE-2023-54010 CVE-2023-54014 CVE-2023-54015 CVE-2023-54018 CVE-2023-54019 CVE-2023-54020 CVE-2023-54021 CVE-2023-54024 CVE-2023-54025 CVE-2023-54026 CVE-2023-54028 CVE-2023-54036 CVE-2023-54039 CVE-2023-54040 CVE-2023-54042 CVE-2023-54045 CVE-2023-54046 CVE-2023-54048 CVE-2023-54049 CVE-2023-54050 CVE-2023-54051 CVE-2023-54053 CVE-2023-54055 CVE-2023-54058 CVE-2023-54064 CVE-2023-54072 CVE-2023-54076 CVE-2023-54078 CVE-2023-54079 CVE-2023-54083 CVE-2023-54084 CVE-2023-54090 CVE-2023-54091 CVE-2023-54092 CVE-2023-54095 CVE-2023-54096 CVE-2023-54097 CVE-2023-54098 CVE-2023-54100 CVE-2023-54102 CVE-2023-54104 CVE-2023-54108 CVE-2023-54110 CVE-2023-54111 CVE-2023-54115 CVE-2023-54118 CVE-2023-54119 CVE-2023-54120 CVE-2023-54122 CVE-2023-54123 CVE-2023-54126 CVE-2023-54127 CVE-2023-54130 CVE-2023-54131 CVE-2023-54136 CVE-2023-54140 CVE-2023-54142 CVE-2023-54146 CVE-2023-54150 CVE-2023-54153 CVE-2023-54156 CVE-2023-54159 CVE-2023-54166 CVE-2023-54168 CVE-2023-54170 CVE-2023-54171 CVE-2023-54173 CVE-2023-54177 CVE-2023-54179 CVE-2023-54183 CVE-2023-54186 CVE-2023-54189 CVE-2023-54190 CVE-2023-54197 CVE-2023-54198 CVE-2023-54199 CVE-2023-54201 CVE-2023-54202 CVE-2023-54205 CVE-2023-54208 CVE-2023-54211 CVE-2023-54213 CVE-2023-54214 CVE-2023-54219 CVE-2023-54230 CVE-2023-54236 CVE-2023-54242 CVE-2023-54243 CVE-2023-54244 CVE-2023-54245 CVE-2023-54252 CVE-2023-54260 CVE-2023-54264 CVE-2023-54266 CVE-2023-54269 CVE-2023-54270 CVE-2023-54271 CVE-2023-54274 CVE-2023-54275 CVE-2023-54277 CVE-2023-54280 CVE-2023-54284 CVE-2023-54286 CVE-2023-54287 CVE-2023-54289 CVE-2023-54292 CVE-2023-54293 CVE-2023-54294 CVE-2023-54295 CVE-2023-54298 CVE-2023-54299 CVE-2023-54300 CVE-2023-54301 CVE-2023-54302 CVE-2023-54304 CVE-2023-54305 CVE-2023-54309 CVE-2023-54311 CVE-2023-54315 CVE-2023-54317 CVE-2023-54319 CVE-2023-54321 CVE-2023-54325 CVE-2023-54326 CVE-2023-7324 CVE-2024-2312 CVE-2024-25621 CVE-2024-26581 CVE-2024-26832 CVE-2024-28956 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350 CVE-2024-36357 CVE-2024-44987 CVE-2024-46854 CVE-2024-50143 CVE-2024-54031 CVE-2025-10911 CVE-2025-11468 CVE-2025-11563 CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13462 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-14831 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15282 CVE-2025-15366 CVE-2025-15367 CVE-2025-21658 CVE-2025-21738 CVE-2025-21738 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164 CVE-2025-30258 CVE-2025-31133 CVE-2025-31133 CVE-2025-38068 CVE-2025-38129 CVE-2025-38159 CVE-2025-38234 CVE-2025-38375 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39977 CVE-2025-39978 CVE-2025-40018 CVE-2025-40019 CVE-2025-40040 CVE-2025-40044 CVE-2025-40044 CVE-2025-40048 CVE-2025-40088 CVE-2025-40102 CVE-2025-40121 CVE-2025-40139 CVE-2025-40154 CVE-2025-40204 CVE-2025-40215 CVE-2025-40220 CVE-2025-40233 CVE-2025-40242 CVE-2025-40256 CVE-2025-40257 CVE-2025-40258 CVE-2025-40277 CVE-2025-40280 CVE-2025-40300 CVE-2025-40331 CVE-2025-40778 CVE-2025-40780 CVE-2025-45582 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-53906 CVE-2025-54505 CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-58150 CVE-2025-58436 CVE-2025-58436 CVE-2025-58436 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61915 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-66418 CVE-2025-66471 CVE-2025-66471 CVE-2025-68160 CVE-2025-68183 CVE-2025-68276 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68468 CVE-2025-68471 CVE-2025-68732 CVE-2025-68813 CVE-2025-68818 CVE-2025-68973 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-7039 CVE-2025-70873 CVE-2025-71066 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-8732 CVE-2025-9403 CVE-2025-9714 CVE-2025-9820 CVE-2026-0672 CVE-2026-0861 CVE-2026-0865 CVE-2026-0915 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1299 CVE-2026-1502 CVE-2026-1519 CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-21441 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796 CVE-2026-22801 CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23054 CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23103 CVE-2026-23191 CVE-2026-23204 CVE-2026-23209 CVE-2026-23243 CVE-2026-23268 CVE-2026-23269 CVE-2026-23272 CVE-2026-23274 CVE-2026-23490 CVE-2026-23553 CVE-2026-23557 CVE-2026-23558 CVE-2026-24515 CVE-2026-25210 CVE-2026-25645 CVE-2026-25646 CVE-2026-26269 CVE-2026-27135 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-28417 CVE-2026-29111 CVE-2026-30922 CVE-2026-31431 CVE-2026-31789 CVE-2026-31790 CVE-2026-3184 CVE-2026-32597 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33412 CVE-2026-33416 CVE-2026-3446 CVE-2026-34714 CVE-2026-3479 CVE-2026-34982 CVE-2026-34990 CVE-2026-35535 CVE-2026-3644 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6019 CVE-2026-6100 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20260507-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3794-1 Released: Fri Oct 24 17:36:29 2025 Summary: Security update for chrony Type: security Severity: moderate References: 1246544 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3843-1 Released: Tue Oct 28 17:40:42 2025 Summary: Security update for xen Type: security Severity: important References: 1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3853-1 Released: Wed Oct 29 15:06:03 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750 This update for vim fixes the following issues: - Fix: vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3854-1 Released: Wed Oct 29 15:10:39 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1248816 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4107-1 Released: Fri Nov 14 16:54:13 2025 Summary: Security update for bind Type: security Severity: important References: 1252379,1252380,CVE-2025-40778,CVE-2025-40780 This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4111-1 Released: Sat Nov 15 19:38:39 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214954,1214992,1215148,1217366,1236104,1249479,1249608,1249857,1249859,1249988,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251040,1251043,1251045,1251047,1251052,1251057,1251059,1251061,1251063,1251064,1251065,1251066,1251068,1251072,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251154,1251159,1251164,1251166,1251169,1251170,1251173,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251302,1251303,1251306,1251310,1251312,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1 251737,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252069,1252265,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252634,1252688,1252785,1252893,1252904,1252919,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-50488,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50 512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50525,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE-2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53541,CVE-2023-53542,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53559,CVE-2023-53560,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53576,CVE -2023-53579,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-39742,CVE-2025-39 797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-40018,CVE-2025-40044,CVE-2025-40088,CVE-2025-40102 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). - CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). The following non security issues were fixed: - fbcon: Fix OOB access in font allocation (bsc#1252033) - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4112-1 Released: Sat Nov 15 23:38:15 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4116-1 Released: Mon Nov 17 08:26:11 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4224-1 Released: Tue Nov 25 10:53:48 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4288-1 Released: Fri Nov 28 09:25:32 2025 Summary: Security update for containerd Type: security Severity: important References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4290-1 Released: Fri Nov 28 10:04:11 2025 Summary: Security update for cups Type: security Severity: moderate References: 1234225,1244057,1253783,CVE-2025-58436,CVE-2025-61915 This update for cups fixes the following issues: - CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783) - CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4319-1 Released: Wed Dec 3 13:34:00 2025 Summary: Security update for cups Type: security Severity: important References: 1254353,CVE-2025-58436 This update for cups fixes the following issues: - The fix for CVE-2025-58436 causes a regression where GTK applications will hang. (bsc#1254353) See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4425-1 Released: Wed Dec 17 12:20:02 2025 Summary: Security update for cups Type: security Severity: moderate References: 1244057,1254353,CVE-2025-58436 This update for cups fixes the following issues: Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients (bsc#1244057). Other issues fixed: - Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4436-1 Released: Wed Dec 17 14:55:46 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4525-1 Released: Fri Dec 26 13:19:00 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:27-1 Released: Mon Jan 5 13:45:08 2026 Summary: Security update for python3 Type: security Severity: moderate References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:29-1 Released: Mon Jan 5 13:58:05 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2025-39967,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033) The following non-security bugs were fixed: - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:214-1 Released: Thu Jan 22 13:09:26 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:224-1 Released: Thu Jan 22 13:18:20 2026 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1256341,CVE-2025-13151 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:360-1 Released: Mon Feb 2 10:55:33 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:394-1 Released: Thu Feb 5 16:42:04 2026 Summary: Security update for xen Type: security Severity: moderate References: 1252692,1254180,1256745,1256747,CVE-2025-58149,CVE-2025-58150,CVE-2026-23553 This update for xen fixes the following issues: Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) - CVE-2025-58149: Fixed incorrect removal od permissions on PCI device unplug allow PV guests to access memory of devices no longer assigned to it (XSA-476) (bsc#1252692) Other fixes: - Fixed virtxend service restart. Caused by a failure to start xenstored (bsc#1254180) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:430-1 Released: Wed Feb 11 09:43:42 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1256902,CVE-2026-23490 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service (bsc#1256902) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:443-1 Released: Wed Feb 11 10:46:43 2026 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1254866,1254867,1256331,CVE-2025-66418,CVE-2025-66471,CVE-2026-21441 This update for python-urllib3_1 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). - CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:463-1 Released: Thu Feb 12 08:40:25 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1256709 This update for supportutils fixes the following issues: - scplugin.rc is restored in package 3.2.12.1 for continued compatibility (bsc#1256709) - Changes to version 3.2.12: * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11: * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:510-1 Released: Fri Feb 13 15:52:36 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:575-1 Released: Wed Feb 18 10:10:36 2026 Summary: Security update for libpcap Type: security Severity: low References: 1255765,CVE-2025-11961 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:577-1 Released: Wed Feb 18 16:49:13 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:596-1 Released: Mon Feb 23 16:57:20 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:606-1 Released: Tue Feb 24 12:19:29 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:617-1 Released: Tue Feb 24 16:18:34 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1193629,1194869,1196823,1204957,1205567,1206889,1207051,1207088,1207611,1207620,1207622,1207636,1207644,1207646,1207652,1207653,1208570,1208758,1209799,1210817,1210943,1211690,1213025,1213032,1213093,1213105,1213110,1213111,1213653,1213747,1213867,1214635,1214940,1214962,1214986,1214990,1216062,1220137,1220144,1223007,1228015,1230185,1231084,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1238896,1238917,1242006,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1249871,1250397,1252046,1252678,1252785,1253028,1253409,1253702,1254462,1254463,1254464,1254520,1254559,1254562,1254572,1254578,1254580,1254592,1254608,1254609,1254614,1254615,1254617,1254625,1254631,1254632,1254634,1254644,1254645,1254649,1254653,1254656,1254658,1254660,1254664,1254671,1254674,1254676,1254677,1254686,1254690,1254692,1254694,1254696,1254698,1254699,1254704,1254706,1254709,1254710,1254711,1254712,1254713,1254714,1 254716,1254723,1254725,1254728,1254729,1254743,1254745,1254751,1254756,1254759,1254763,1254767,1254775,1254780,1254781,1254782,1254783,1254785,1254788,1254789,1254792,1254813,1254842,1254843,1254847,1254851,1254894,1254902,1254915,1254916,1254917,1254920,1254959,1254974,1254986,1254994,1255002,1255005,1255007,1255049,1255060,1255163,1255165,1255171,1255251,1255377,1255401,1255467,1255469,1255521,1255528,1255546,1255549,1255554,1255555,1255558,1255560,1255562,1255565,1255574,1255576,1255578,1255582,1255594,1255600,1255607,1255608,1255609,1255618,1255619,1255620,1255623,1255624,1255626,1255627,1255628,1255636,1255688,1255690,1255697,1255702,1255704,1255749,1255750,1255757,1255758,1255760,1255762,1255769,1255771,1255773,1255780,1255786,1255787,1255789,1255790,1255791,1255792,1255796,1255797,1255800,1255801,1255802,1255803,1255804,1255806,1255808,1255819,1255839,1255843,1255844,1255872,1255875,1255876,1255877,1255878,1255880,1255889,1255901,1255902,1255905,1255906,1255908,1255909,125591 0,1255912,1255919,1255922,1255925,1255939,1255950,1255953,1255954,1255962,1255964,1255968,1255969,1255970,1255971,1255978,1255979,1255983,1255985,1255990,1255993,1255994,1255996,1256034,1256040,1256042,1256045,1256046,1256048,1256049,1256053,1256056,1256057,1256062,1256063,1256064,1256065,1256074,1256081,1256086,1256091,1256093,1256095,1256099,1256114,1256115,1256118,1256119,1256121,1256122,1256124,1256125,1256126,1256127,1256130,1256131,1256132,1256133,1256136,1256137,1256140,1256141,1256142,1256143,1256145,1256149,1256152,1256154,1256155,1256157,1256158,1256162,1256165,1256167,1256172,1256173,1256174,1256177,1256178,1256179,1256182,1256184,1256185,1256186,1256188,1256189,1256191,1256192,1256193,1256194,1256196,1256199,1256200,1256202,1256203,1256204,1256205,1256206,1256207,1256208,1256211,1256215,1256216,1256219,1256220,1256221,1256223,1256228,1256230,1256231,1256235,1256241,1256242,1256245,1256248,1256250,1256254,1256260,1256265,1256269,1256271,1256274,1256282,1256285,1256291,125 6295,1256300,1256306,1256317,1256320,1256323,1256326,1256328,1256333,1256334,1256335,1256337,1256338,1256344,1256346,1256349,1256353,1256355,1256368,1256370,1256375,1256382,1256383,1256384,1256386,1256388,1256391,1256394,1256395,1256396,1256397,1256423,1256426,1256432,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,1257749,1257771,1257790,CVE-2022-0854,CVE-2022-48853,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50614,CVE-2022-50615,CVE-2022-50617,CVE-2022-50618,CVE-2022-50619,CVE-2022-50622,CVE-2022-50623,CVE-2022-50625,CVE-2022-50626,CVE-2022-50629,CVE-2022-50630,CVE-2022-50633,CVE-2022-50635,CVE-2022-50636,CVE-2022-50638,CVE-2022-50640,CVE-2022-50641,CVE-2022-50643,CVE-2022-50644,CVE-2022-50646,CVE-2022-50649,CVE-2022-50652,CVE-2022-50653,CVE-2022-50656,CVE-2022-50658,CVE-2022-50660,CVE-2022-50661,CVE-2022-50662,CVE-2022-50664,CVE-2022-50666,CVE-2022-50668,CVE-2022-50669,CVE-2022-50670,CVE-2022-50671,CVE-2022- 50672,CVE-2022-50673,CVE-2022-50675,CVE-2022-50677,CVE-2022-50678,CVE-2022-50679,CVE-2022-50697,CVE-2022-50698,CVE-2022-50699,CVE-2022-50700,CVE-2022-50702,CVE-2022-50703,CVE-2022-50704,CVE-2022-50709,CVE-2022-50715,CVE-2022-50716,CVE-2022-50717,CVE-2022-50718,CVE-2022-50719,CVE-2022-50722,CVE-2022-50724,CVE-2022-50726,CVE-2022-50727,CVE-2022-50728,CVE-2022-50730,CVE-2022-50731,CVE-2022-50732,CVE-2022-50733,CVE-2022-50735,CVE-2022-50736,CVE-2022-50740,CVE-2022-50742,CVE-2022-50744,CVE-2022-50745,CVE-2022-50747,CVE-2022-50749,CVE-2022-50750,CVE-2022-50751,CVE-2022-50752,CVE-2022-50754,CVE-2022-50755,CVE-2022-50756,CVE-2022-50757,CVE-2022-50758,CVE-2022-50760,CVE-2022-50761,CVE-2022-50763,CVE-2022-50767,CVE-2022-50769,CVE-2022-50770,CVE-2022-50773,CVE-2022-50774,CVE-2022-50776,CVE-2022-50777,CVE-2022-50779,CVE-2022-50781,CVE-2022-50782,CVE-2022-50809,CVE-2022-50814,CVE-2022-50819,CVE-2022-50821,CVE-2022-50822,CVE-2022-50823,CVE-2022-50824,CVE-2022-50826,CVE-2022-50827,CVE-2022-50828,C VE-2022-50829,CVE-2022-50830,CVE-2022-50832,CVE-2022-50834,CVE-2022-50835,CVE-2022-50836,CVE-2022-50839,CVE-2022-50840,CVE-2022-50842,CVE-2022-50843,CVE-2022-50844,CVE-2022-50845,CVE-2022-50846,CVE-2022-50848,CVE-2022-50849,CVE-2022-50850,CVE-2022-50851,CVE-2022-50853,CVE-2022-50856,CVE-2022-50858,CVE-2022-50859,CVE-2022-50860,CVE-2022-50861,CVE-2022-50864,CVE-2022-50866,CVE-2022-50868,CVE-2022-50870,CVE-2022-50872,CVE-2022-50876,CVE-2022-50878,CVE-2022-50880,CVE-2022-50881,CVE-2022-50882,CVE-2022-50884,CVE-2022-50885,CVE-2022-50886,CVE-2022-50887,CVE-2022-50888,CVE-2022-50889,CVE-2023-23559,CVE-2023-52433,CVE-2023-52923,CVE-2023-53178,CVE-2023-53215,CVE-2023-53254,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53743,CVE-2023-53744,CVE-2023-53746,CVE-2023-53747,CVE-2023-53751,CVE-2023-53754,CVE-2023-53755,CVE-2023-53761,CVE-2023-53766,CVE-2023-53781,CVE-2023-53783,CVE-2023-53786,CVE-2023-53788,CVE-2023-53792,CVE-2023-53794,CVE-2023-53802,CVE-2023-53803,CVE-2023 -53804,CVE-2023-53808,CVE-2023-53811,CVE-2023-53814,CVE-2023-53818,CVE-2023-53819,CVE-2023-53820,CVE-2023-53827,CVE-2023-53830,CVE-2023-53832,CVE-2023-53834,CVE-2023-53837,CVE-2023-53840,CVE-2023-53842,CVE-2023-53844,CVE-2023-53845,CVE-2023-53847,CVE-2023-53850,CVE-2023-53852,CVE-2023-53858,CVE-2023-53862,CVE-2023-53866,CVE-2023-53990,CVE-2023-53991,CVE-2023-53996,CVE-2023-53998,CVE-2023-54001,CVE-2023-54003,CVE-2023-54007,CVE-2023-54009,CVE-2023-54010,CVE-2023-54014,CVE-2023-54015,CVE-2023-54018,CVE-2023-54019,CVE-2023-54020,CVE-2023-54021,CVE-2023-54024,CVE-2023-54025,CVE-2023-54026,CVE-2023-54028,CVE-2023-54036,CVE-2023-54039,CVE-2023-54040,CVE-2023-54042,CVE-2023-54045,CVE-2023-54046,CVE-2023-54048,CVE-2023-54049,CVE-2023-54050,CVE-2023-54051,CVE-2023-54053,CVE-2023-54055,CVE-2023-54058,CVE-2023-54064,CVE-2023-54072,CVE-2023-54076,CVE-2023-54078,CVE-2023-54079,CVE-2023-54083,CVE-2023-54084,CVE-2023-54090,CVE-2023-54091,CVE-2023-54092,CVE-2023-54095,CVE-2023-54096,CVE-2023-54097, CVE-2023-54098,CVE-2023-54100,CVE-2023-54102,CVE-2023-54104,CVE-2023-54108,CVE-2023-54110,CVE-2023-54111,CVE-2023-54115,CVE-2023-54118,CVE-2023-54119,CVE-2023-54120,CVE-2023-54122,CVE-2023-54123,CVE-2023-54126,CVE-2023-54127,CVE-2023-54130,CVE-2023-54131,CVE-2023-54136,CVE-2023-54140,CVE-2023-54142,CVE-2023-54146,CVE-2023-54150,CVE-2023-54153,CVE-2023-54156,CVE-2023-54159,CVE-2023-54166,CVE-2023-54168,CVE-2023-54170,CVE-2023-54171,CVE-2023-54173,CVE-2023-54177,CVE-2023-54179,CVE-2023-54183,CVE-2023-54186,CVE-2023-54189,CVE-2023-54190,CVE-2023-54197,CVE-2023-54198,CVE-2023-54199,CVE-2023-54201,CVE-2023-54202,CVE-2023-54205,CVE-2023-54208,CVE-2023-54211,CVE-2023-54213,CVE-2023-54214,CVE-2023-54219,CVE-2023-54230,CVE-2023-54236,CVE-2023-54242,CVE-2023-54243,CVE-2023-54244,CVE-2023-54245,CVE-2023-54252,CVE-2023-54260,CVE-2023-54264,CVE-2023-54266,CVE-2023-54269,CVE-2023-54270,CVE-2023-54271,CVE-2023-54274,CVE-2023-54275,CVE-2023-54277,CVE-2023-54280,CVE-2023-54284,CVE-2023-54286,CVE-202 3-54287,CVE-2023-54289,CVE-2023-54292,CVE-2023-54293,CVE-2023-54294,CVE-2023-54295,CVE-2023-54298,CVE-2023-54299,CVE-2023-54300,CVE-2023-54301,CVE-2023-54302,CVE-2023-54304,CVE-2023-54305,CVE-2023-54309,CVE-2023-54311,CVE-2023-54315,CVE-2023-54317,CVE-2023-54319,CVE-2023-54321,CVE-2023-54325,CVE-2023-54326,CVE-2024-26581,CVE-2024-26832,CVE-2024-28956,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44987,CVE-2024-46854,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21738,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-39977,CVE-2025-40019,CVE-2025-40044,CVE-2025-40139,CVE-2025-40215,CVE-2025-40220,CVE-2025-40233,CVE-2025-40256,CVE-2025-40257,CVE-2025-40258,CVE-2025-40277,CVE-2025-40280,CVE-2025-40300,CVE-2025-40331,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68732,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089 ,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001,CVE-2026-23074,CVE-2026-23089 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785). - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576). - CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397). - CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871). - CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006). - CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678). - CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). The following non security issues were fixed: - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86/CPU/AMD: Add ZenX generations flags (bsc#1238896). - x86/its: Fix crash during dynamic its initialization (bsc#1257771). - x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771). - x86: make page fault handling disable interrupts properly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:664-1 Released: Thu Feb 26 16:15:04 2026 Summary: Security update for python3 Type: security Severity: important References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865 This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:694-1 Released: Fri Feb 27 16:14:32 2026 Summary: Security update for gpg2 Type: security Severity: moderate References: 1256389 This update for gpg2 fixes the following issues: Security fix: - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data (bsc#1256389) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:741-1 Released: Mon Mar 2 09:11:04 2026 Summary: Security update for shim Type: security Severity: moderate References: 1240871,1247432,CVE-2024-2312 This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix 'Verifiying' typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as 'vendor_db' - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:791-1 Released: Tue Mar 3 16:59:33 2026 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1257463 This update for gcc15 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:823-1 Released: Thu Mar 5 15:32:08 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1258022 This update for grub2 fixes the following issues: - Backport upstream's commit to prevent BIOS assert (bsc#1258022) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:826-1 Released: Thu Mar 5 16:16:29 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:837-1 Released: Fri Mar 6 08:30:05 2026 Summary: Recommended update for syslogd Type: recommended Severity: moderate References: This update for syslogd fixes the following issues: - Drop last sysvinit Requirement/Provide (jsc#PED-13698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:862-1 Released: Wed Mar 11 10:59:55 2026 Summary: Security update for gnutls Type: security Severity: moderate References: 1257960,CVE-2025-14831 This update for gnutls fixes the following issues: - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) (bsc#1257960). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:896-1 Released: Fri Mar 13 16:25:07 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) - CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) - CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:911-1 Released: Tue Mar 17 20:56:12 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:912-1 Released: Wed Mar 18 07:19:42 2026 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1229003,1258002 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user during install: allow rpm to properly execute %clean when completed. - Create /var/lib/ca-certificates during build to ensure rpm gives the %ghost'ed directory proper mode attributes. - Updated to 2.84 state (bsc#1258002) * Removed: + Baltimore CyberTrust Root + CommScope Public Trust ECC Root-01 + CommScope Public Trust ECC Root-02 + CommScope Public Trust RSA Root-01 + CommScope Public Trust RSA Root-02 + DigiNotar Root CA * Added: + e-Szigno TLS Root CA 2023 + OISTE Client Root ECC G1 + OISTE Client Root RSA G1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 + SwissSign RSA SMIME Root CA 2022 - 1 + SwissSign RSA TLS Root CA 2022 - 1 + TrustAsia SMIME ECC Root CA + TrustAsia SMIME RSA Root CA + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA - reenable the distrusted certs again. the distrust is only for certs issued after the distrust date, not for all certs of a CA. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:931-1 Released: Thu Mar 19 09:23:14 2026 Summary: Security update for jq Type: security Severity: low References: 1248600,CVE-2025-9403 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:949-1 Released: Fri Mar 20 19:08:19 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:982-1 Released: Mon Mar 23 17:48:23 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1258859,CVE-2026-3184 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:984-1 Released: Mon Mar 23 23:20:28 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1238917,1255075,1256645,1257231,1257473,1257732,1257735,1258340,1258395,1258518,1258849,1258850,1259857,CVE-2025-21738,CVE-2025-40242,CVE-2025-71066,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23191,CVE-2026-23204,CVE-2026-23209,CVE-2026-23268,CVE-2026-23269 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850). - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857). The following non-security bugs were fixed: - Disable CONFIG_NET_SCH_ATM (jsc#PED-12836). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1061-1 Released: Thu Mar 26 11:35:08 2026 Summary: Security update for systemd Type: security Severity: important References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - 6a38d88a42 machined: reject invalid class types when registering machines - 8c9a592e5a udev: fix review mixup - b57007a917 udev-builtin-net-id: print cescaped bad attributes - ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX - 0f63e799e6 udev: ensure tag parsing stays within bounds - 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf - 5be21460ce udev: check for invalid chars in various fields received from the kernel - 9559607b16 core/cgroup: avoid one unnecessary strjoina() - fcae348ca4 core: validate input cgroup path more prudently - a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere - 08125d6b06 units: add dep on systemd-logind.service by user at .service ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1065-1 Released: Thu Mar 26 11:38:12 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1067-1 Released: Thu Mar 26 11:39:01 2026 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1254867,1259829,CVE-2025-66471 This update for python-urllib3 fixes the following issue: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1090-1 Released: Thu Mar 26 18:44:54 2026 Summary: Security update for python3 Type: security Severity: important References: 1257181,CVE-2026-1299 This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1095-1 Released: Thu Mar 26 19:05:08 2026 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1105-1 Released: Fri Mar 27 08:03:05 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1158-1 Released: Tue Mar 31 13:55:47 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1259803,CVE-2026-30922 This update for python-pyasn1 fixes the following issues: - CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1166-1 Released: Thu Apr 2 03:08:04 2026 Summary: Security update for expat Type: security Severity: important References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1177-1 Released: Thu Apr 2 17:00:30 2026 Summary: Security update for tar Type: security Severity: important References: 1246399,CVE-2025-45582 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1247-1 Released: Fri Apr 10 12:34:39 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1259845,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1257-1 Released: Fri Apr 10 16:59:14 2026 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1309-1 Released: Tue Apr 14 12:39:22 2026 Summary: Security update for sudo Type: security Severity: important References: 1261420,CVE-2026-35535 This update for sudo fixes the following issue: - CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2026:1315-1 Released: Tue Apr 14 13:26:20 2026 Summary: Optional update for rsyslog Type: optional Severity: moderate References: This update for rsyslog fixes the following issue: - add the rsyslog-module-ossl (openssl TLS support). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1323-1 Released: Tue Apr 14 15:11:50 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1260754,CVE-2026-33416 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1383-1 Released: Thu Apr 16 11:14:40 2026 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1230861,1239439,1241002,1244550,1257490,1257625,1257667,1257825,1261155 This update for suseconnect-ng fixes the following issues: - Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). - Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) - Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) - Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library - Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1387-1 Released: Thu Apr 16 11:17:48 2026 Summary: Security update for vim Type: security Severity: important References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982 This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). - CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). - CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1399-1 Released: Thu Apr 16 12:44:14 2026 Summary: Security update for cups Type: security Severity: important References: 1261568,CVE-2026-34990 This update for cups fixes the following issue: - CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1400-1 Released: Thu Apr 16 12:47:09 2026 Summary: Security update for python-PyJWT Type: security Severity: important References: 1259616,CVE-2026-32597 This update for python-PyJWT fixes the following issues: - CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1428-1 Released: Fri Apr 17 12:00:40 2026 Summary: Security update for bind Type: security Severity: important References: 1260805,CVE-2026-1519 This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1432-1 Released: Fri Apr 17 12:12:08 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1487-1 Released: Mon Apr 20 17:52:11 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1495-1 Released: Mon Apr 20 17:59:12 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1562-1 Released: Thu Apr 23 09:05:52 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1261678,CVE-2026-28390 This update for openssl-1_1 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1563-1 Released: Thu Apr 23 09:07:39 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1246057,1256504,1256675,1257773,1259797,1260005,1260009,CVE-2025-38234,CVE-2025-68818,CVE-2026-23103,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). The following non security issue was fixed: - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1565-1 Released: Thu Apr 23 09:08:29 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1644-1 Released: Tue Apr 28 15:31:39 2026 Summary: Security update for python-requests Type: security Severity: moderate References: 1260589,CVE-2026-25645 This update for python-requests fixes the following issues: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1659-1 Released: Wed Apr 29 13:09:06 2026 Summary: Security update for sed Type: security Severity: moderate References: 1262144,CVE-2026-5958 This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1665-1 Released: Thu Apr 30 16:53:18 2026 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1222465,1234736 This update for util-linux fixes the following issues: - Recognize fuse 'portal' as a virtual file system (bsc#1234736). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1672-1 Released: Sat May 2 08:02:29 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one security issue. The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1692-1 Released: Tue May 5 10:03:54 2026 Summary: Security update for xen Type: security Severity: moderate References: 1262178,1262180,1262428,CVE-2025-54505,CVE-2026-23557,CVE-2026-23558 This update for xen fixes the following issues: - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 (bsc#1262428). - CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178). - CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1721-1 Released: Wed May 6 16:43:37 2026 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1253223,1258406,1258730 This update for cloud-netconfig fixes the following issues: - Update to version 1.19: * Make sure IPADDR variable is stripped of netmask - Update to version 1.18: * Fix issue with link-local address routing (bsc#1258730) - Update to version 1.17: * Do not set broadcast address explicitly (bsc#1258406) - Update to version 1.16: * Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223) * Fix variable names in the README ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1757-1 Released: Thu May 7 16:02:15 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1259543 This update for grub2 fixes the following issues: - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1758-1 Released: Thu May 7 16:03:01 2026 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1261274 This update for dracut fixes the following issues: - Update to version 055+suse.362.ge7032140: * fix: make iso-scan trigger udev events (bsc#1261274) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bind-utils-9.16.50-150400.5.59.1 updated - ca-certificates-mozilla-2.84-150200.44.1 updated - chrony-pool-suse-4.1-150400.21.8.1 updated - chrony-4.1-150400.21.8.1 updated - cifs-utils-6.15-150400.3.18.1 updated - cloud-netconfig-ec2-1.19-150000.25.31.1 updated - containerd-ctr-1.7.29-150000.132.1 updated - containerd-1.7.29-150000.132.1 updated - cups-config-2.2.7-150000.3.86.1 updated - curl-8.14.1-150400.5.83.1 updated - dracut-055+suse.362.ge7032140-150400.3.43.1 updated - elfutils-0.185-150400.5.8.3 updated - glibc-locale-base-2.31-150300.98.1 updated - glibc-locale-2.31-150300.98.1 updated - glibc-2.31-150300.98.1 updated - gpg2-2.2.27-150300.3.19.1 updated - grub2-i386-pc-2.06-150400.11.72.2 updated - grub2-x86_64-efi-2.06-150400.11.72.2 updated - grub2-x86_64-xen-2.06-150400.11.72.2 updated - grub2-2.06-150400.11.72.2 updated - iptables-1.8.7-1.1 added - jq-1.6-150000.3.12.1 updated - kernel-default-5.14.21-150400.24.205.1 updated - kmod-29-150300.4.18.1 updated - libasm1-0.185-150400.5.8.3 updated - libavahi-client3-0.8-150400.7.26.1 updated - libavahi-common3-0.8-150400.7.26.1 updated - libblkid1-2.37.2-150400.8.44.1 updated - libcap2-2.63-150400.3.6.1 updated - libcups2-2.2.7-150000.3.86.1 updated - libcurl4-8.14.1-150400.5.83.1 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libexpat1-2.7.1-150400.3.37.1 updated - libfdisk1-2.37.2-150400.8.44.1 updated - libfreetype6-2.10.4-150000.4.25.1 updated - libgcc_s1-15.2.0+git10201-150000.1.9.1 updated - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libgnutls30-3.7.3-150400.4.56.1 updated - libip6tc2-1.8.7-1.1 added - libjq1-1.6-150000.3.12.1 updated - libkmod2-29-150300.4.18.1 updated - libmount1-2.37.2-150400.8.44.1 updated - libncurses6-6.1-150000.5.33.1 updated - libnftnl11-1.2.0-150400.1.6 added - libnghttp2-14-1.40.0-150200.22.1 updated - libopenssl1_1-1.1.1l-150400.7.93.1 updated - libpcap1-1.10.1-150400.3.9.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libpng16-16-1.6.34-150000.3.22.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsmartcols1-2.37.2-150400.8.44.1 updated - libsqlite3-0-3.51.3-150000.3.39.1 updated - libssh-config-0.9.8-150400.3.17.1 updated - libssh4-0.9.8-150400.3.17.1 updated - libstdc++6-15.2.0+git10201-150000.1.9.1 updated - libsystemd0-249.17-150400.8.55.1 updated - libtasn1-6-4.13-150000.4.14.1 updated - libtasn1-4.13-150000.4.14.1 updated - libudev1-249.17-150400.8.55.1 updated - libuuid1-2.37.2-150400.8.44.1 updated - libxml2-2-2.9.14-150400.5.55.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - openssh-clients-8.4p1-150300.3.57.1 updated - openssh-common-8.4p1-150300.3.57.1 updated - openssh-server-8.4p1-150300.3.57.1 updated - openssh-8.4p1-150300.3.57.1 updated - openssl-1_1-1.1.1l-150400.7.93.1 updated - pciutils-3.13.0-150300.13.12.1 updated - python3-PyJWT-2.4.0-150200.3.11.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-bind-9.16.50-150400.5.59.1 updated - python3-pyasn1-0.4.2-150000.3.16.1 updated - python3-requests-2.25.1-150300.3.21.1 updated - python3-urllib3-1.25.10-150300.4.24.1 updated - python3-3.6.15-150300.10.118.1 updated - rsyslog-module-relp-8.2306.0-150400.5.35.1 updated - rsyslog-8.2306.0-150400.5.35.1 updated - runc-1.3.4-150000.92.1 updated - sed-4.4-150300.13.6.1 updated - shim-16.1-150300.4.31.3 updated - sudo-1.9.9-150400.4.42.1 updated - supportutils-3.2.12.1-150300.7.35.39.1 updated - suseconnect-ng-1.21.1-150400.3.49.1 updated - syslog-service-2.0-150300.13.3.1 updated - systemd-sysvinit-249.17-150400.8.55.1 updated - systemd-249.17-150400.8.55.1 updated - tar-1.34-150000.3.37.1 updated - terminfo-base-6.1-150000.5.33.1 updated - terminfo-6.1-150000.5.33.1 updated - udev-249.17-150400.8.55.1 updated - util-linux-systemd-2.37.2-150400.8.44.1 updated - util-linux-2.37.2-150400.8.44.1 updated - vim-data-common-9.2.0280-150000.5.89.1 updated - vim-9.2.0280-150000.5.89.1 updated - xen-libs-4.16.7_08-150400.4.81.2 updated - xen-tools-domU-4.16.7_08-150400.4.81.2 updated - xtables-plugins-1.8.7-1.1 added From sle-container-updates at lists.suse.com Sat May 9 07:05:05 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 9 May 2026 09:05:05 +0200 (CEST) Subject: SUSE-IU-2026:3238-1: Security update of suse-sles-15-sp5-chost-byos-v20260507-hvm-ssd-x86_64 Message-ID: <20260509070505.BE231FB96@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20260507-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3238-1 Image Tags : suse-sles-15-sp5-chost-byos-v20260507-hvm-ssd-x86_64:20260507 Image Release : Severity : important Type : security References : 1001888 1006827 1027519 1029961 1065729 1065729 1098094 1098228 1170554 1192862 1193629 1194869 1196823 1204957 1205128 1205567 1206451 1206798 1206843 1206843 1206889 1206893 1207051 1207088 1207315 1207611 1207612 1207619 1207620 1207622 1207636 1207644 1207646 1207652 1207653 1208570 1208758 1209799 1209980 1210644 1210763 1210817 1210943 1211162 1211690 1211692 1213025 1213032 1213093 1213098 1213105 1213110 1213111 1213114 1213653 1213747 1213747 1213867 1214635 1214754 1214940 1214954 1214962 1214986 1214990 1214992 1215148 1215492 1216062 1217366 1220137 1220144 1222323 1222465 1223007 1224138 1224573 1225049 1225832 1226797 1226846 1228015 1229003 1229655 1229750 1230861 1232351 1232526 1233038 1233640 1233640 1233655 1234736 1235038 1235905 1236104 1236104 1236208 1237236 1237240 1237241 1237242 1237563 1237885 1237906 1238414 1238491 1238754 1238763 1238917 1239119 1239439 1239566 1239938 1240788 1240871 1241002 1241284 1242960 1243794 1243991 1244003 1244011 1244050 1244550 1244758 1244904 1244937 1245110 1245199 1245210 1245498 1245499 1245667 1245723 1245751 1246011 1246025 1246057 1246211 1246399 1246544 1246602 1246965 1246974 1247177 1247317 1247432 1247483 1247850 1247858 1248306 1248377 1248586 1248600 1248754 1248807 1248816 1249055 1249156 1249158 1249375 1249479 1249608 1249657 1249806 1249827 1249857 1249859 1249871 1249988 1250224 1250237 1250553 1250593 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251037 1251040 1251043 1251045 1251046 1251047 1251052 1251054 1251057 1251059 1251060 1251061 1251063 1251065 1251066 1251068 1251072 1251079 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251105 1251106 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251153 1251154 1251159 1251162 1251164 1251166 1251167 1251169 1251170 1251173 1251174 1251178 1251180 1251182 1251197 1251198 1251199 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251221 1251222 1251223 1251230 1251247 1251268 1251271 1251281 1251282 1251283 1251284 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251301 1251302 1251303 1251305 1251306 1251307 1251310 1251312 1251315 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251738 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251786 1251823 1251930 1251967 1252033 1252033 1252035 1252046 1252047 1252060 1252069 1252110 1252148 1252232 1252232 1252265 1252267 1252318 1252338 1252379 1252380 1252473 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252494 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252534 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252632 1252634 1252678 1252688 1252692 1252780 1252785 1252785 1252862 1252893 1252931 1252932 1252933 1252934 1252935 1252974 1253028 1253043 1253087 1253126 1253132 1253223 1253367 1253409 1253409 1253431 1253436 1253702 1253741 1253757 1254132 1254157 1254158 1254159 1254160 1254180 1254297 1254362 1254392 1254400 1254401 1254425 1254447 1254462 1254463 1254464 1254465 1254480 1254520 1254559 1254562 1254572 1254578 1254580 1254592 1254601 1254608 1254609 1254614 1254615 1254617 1254623 1254625 1254626 1254631 1254632 1254634 1254644 1254645 1254649 1254651 1254653 1254656 1254658 1254660 1254662 1254664 1254666 1254670 1254670 1254671 1254674 1254676 1254677 1254681 1254684 1254685 1254686 1254690 1254692 1254694 1254696 1254698 1254699 1254704 1254706 1254709 1254710 1254711 1254712 1254713 1254714 1254716 1254723 1254725 1254728 1254729 1254743 1254745 1254751 1254753 1254754 1254756 1254759 1254763 1254767 1254775 1254780 1254781 1254782 1254783 1254785 1254786 1254788 1254789 1254792 1254813 1254842 1254843 1254847 1254851 1254866 1254867 1254867 1254878 1254894 1254902 1254910 1254911 1254915 1254916 1254917 1254920 1254922 1254958 1254959 1254974 1254979 1254986 1254994 1254997 1255002 1255005 1255007 1255049 1255060 1255075 1255107 1255163 1255165 1255171 1255245 1255251 1255377 1255401 1255467 1255469 1255521 1255528 1255532 1255546 1255549 1255554 1255555 1255558 1255560 1255561 1255562 1255565 1255574 1255576 1255578 1255582 1255594 1255596 1255600 1255605 1255607 1255608 1255609 1255618 1255619 1255620 1255623 1255624 1255626 1255627 1255628 1255635 1255636 1255688 1255690 1255697 1255702 1255704 1255715 1255731 1255732 1255733 1255734 1255745 1255747 1255749 1255750 1255757 1255758 1255760 1255761 1255762 1255763 1255765 1255769 1255771 1255773 1255780 1255786 1255787 1255789 1255790 1255791 1255792 1255796 1255797 1255800 1255801 1255802 1255803 1255804 1255806 1255808 1255819 1255839 1255841 1255843 1255844 1255872 1255875 1255876 1255877 1255878 1255880 1255881 1255888 1255889 1255890 1255899 1255901 1255902 1255905 1255906 1255908 1255909 1255910 1255912 1255916 1255919 1255920 1255922 1255924 1255925 1255939 1255946 1255950 1255953 1255954 1255955 1255962 1255964 1255968 1255969 1255970 1255971 1255974 1255978 1255979 1255983 1255985 1255990 1255993 1255994 1255996 1255998 1256034 1256040 1256042 1256045 1256046 1256048 1256049 1256050 1256053 1256056 1256057 1256062 1256063 1256064 1256065 1256071 1256074 1256081 1256084 1256086 1256088 1256091 1256093 1256095 1256099 1256101 1256103 1256105 1256106 1256111 1256112 1256114 1256115 1256118 1256119 1256121 1256122 1256124 1256125 1256126 1256127 1256128 1256130 1256131 1256132 1256133 1256136 1256137 1256140 1256141 1256142 1256143 1256144 1256145 1256149 1256150 1256152 1256154 1256155 1256157 1256158 1256162 1256164 1256165 1256166 1256167 1256172 1256173 1256174 1256177 1256178 1256179 1256182 1256184 1256185 1256186 1256188 1256189 1256191 1256192 1256193 1256194 1256196 1256198 1256199 1256200 1256202 1256203 1256204 1256205 1256206 1256207 1256208 1256211 1256214 1256215 1256216 1256218 1256219 1256220 1256221 1256223 1256228 1256230 1256231 1256235 1256239 1256241 1256242 1256244 1256245 1256246 1256248 1256250 1256254 1256260 1256265 1256269 1256271 1256274 1256282 1256285 1256291 1256294 1256295 1256300 1256302 1256306 1256309 1256317 1256320 1256323 1256326 1256328 1256331 1256333 1256334 1256335 1256337 1256338 1256341 1256344 1256346 1256349 1256352 1256353 1256355 1256358 1256359 1256363 1256364 1256368 1256370 1256375 1256381 1256382 1256383 1256384 1256386 1256388 1256389 1256390 1256391 1256394 1256395 1256396 1256397 1256398 1256423 1256426 1256432 1256498 1256499 1256500 1256525 1256526 1256582 1256612 1256623 1256641 1256645 1256675 1256709 1256726 1256744 1256745 1256747 1256766 1256779 1256792 1256805 1256807 1256808 1256809 1256811 1256812 1256822 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1256902 1257005 1257029 1257031 1257041 1257042 1257044 1257046 1257049 1257144 1257181 1257231 1257232 1257236 1257296 1257364 1257365 1257463 1257473 1257473 1257496 1257593 1257594 1257595 1257667 1257732 1257735 1257749 1257773 1257790 1257825 1257960 1258002 1258020 1258022 1258045 1258049 1258054 1258080 1258081 1258229 1258340 1258392 1258395 1258406 1258518 1258730 1258849 1258850 1258859 1259051 1259247 1259362 1259362 1259363 1259364 1259365 1259377 1259418 1259543 1259611 1259616 1259619 1259650 1259697 1259711 1259726 1259729 1259734 1259735 1259797 1259803 1259829 1259845 1259857 1259924 1259985 1259989 1260005 1260009 1260026 1260347 1260441 1260442 1260443 1260444 1260562 1260589 1260754 1260805 1261155 1261191 1261271 1261274 1261420 1261678 1261809 1261969 1261970 1262098 1262144 1262178 1262180 1262319 1262428 1262573 1262631 1262632 1262635 1262636 1262638 1262654 510058 529469 837347 CVE-2022-0854 CVE-2022-43945 CVE-2022-48853 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50280 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50479 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50515 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50524 CVE-2022-50525 CVE-2022-50526 CVE-2022-50527 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50543 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50577 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2022-50614 CVE-2022-50615 CVE-2022-50617 CVE-2022-50618 CVE-2022-50619 CVE-2022-50621 CVE-2022-50622 CVE-2022-50623 CVE-2022-50625 CVE-2022-50626 CVE-2022-50629 CVE-2022-50630 CVE-2022-50633 CVE-2022-50635 CVE-2022-50636 CVE-2022-50638 CVE-2022-50640 CVE-2022-50641 CVE-2022-50643 CVE-2022-50644 CVE-2022-50646 CVE-2022-50649 CVE-2022-50652 CVE-2022-50653 CVE-2022-50656 CVE-2022-50658 CVE-2022-50660 CVE-2022-50661 CVE-2022-50662 CVE-2022-50664 CVE-2022-50665 CVE-2022-50666 CVE-2022-50667 CVE-2022-50668 CVE-2022-50669 CVE-2022-50670 CVE-2022-50671 CVE-2022-50672 CVE-2022-50673 CVE-2022-50675 CVE-2022-50677 CVE-2022-50678 CVE-2022-50679 CVE-2022-50697 CVE-2022-50698 CVE-2022-50699 CVE-2022-50700 CVE-2022-50701 CVE-2022-50702 CVE-2022-50703 CVE-2022-50704 CVE-2022-50705 CVE-2022-50709 CVE-2022-50710 CVE-2022-50712 CVE-2022-50714 CVE-2022-50715 CVE-2022-50716 CVE-2022-50717 CVE-2022-50718 CVE-2022-50719 CVE-2022-50722 CVE-2022-50723 CVE-2022-50724 CVE-2022-50726 CVE-2022-50727 CVE-2022-50728 CVE-2022-50730 CVE-2022-50731 CVE-2022-50732 CVE-2022-50733 CVE-2022-50735 CVE-2022-50736 CVE-2022-50738 CVE-2022-50740 CVE-2022-50742 CVE-2022-50744 CVE-2022-50745 CVE-2022-50747 CVE-2022-50749 CVE-2022-50750 CVE-2022-50751 CVE-2022-50752 CVE-2022-50754 CVE-2022-50755 CVE-2022-50756 CVE-2022-50757 CVE-2022-50758 CVE-2022-50760 CVE-2022-50761 CVE-2022-50763 CVE-2022-50767 CVE-2022-50768 CVE-2022-50769 CVE-2022-50770 CVE-2022-50773 CVE-2022-50774 CVE-2022-50776 CVE-2022-50777 CVE-2022-50779 CVE-2022-50781 CVE-2022-50782 CVE-2022-50809 CVE-2022-50814 CVE-2022-50818 CVE-2022-50819 CVE-2022-50821 CVE-2022-50822 CVE-2022-50823 CVE-2022-50824 CVE-2022-50826 CVE-2022-50827 CVE-2022-50828 CVE-2022-50829 CVE-2022-50830 CVE-2022-50832 CVE-2022-50833 CVE-2022-50834 CVE-2022-50835 CVE-2022-50836 CVE-2022-50838 CVE-2022-50839 CVE-2022-50840 CVE-2022-50842 CVE-2022-50843 CVE-2022-50844 CVE-2022-50845 CVE-2022-50846 CVE-2022-50847 CVE-2022-50848 CVE-2022-50849 CVE-2022-50850 CVE-2022-50851 CVE-2022-50853 CVE-2022-50856 CVE-2022-50858 CVE-2022-50859 CVE-2022-50860 CVE-2022-50861 CVE-2022-50862 CVE-2022-50864 CVE-2022-50866 CVE-2022-50867 CVE-2022-50868 CVE-2022-50870 CVE-2022-50872 CVE-2022-50873 CVE-2022-50876 CVE-2022-50878 CVE-2022-50880 CVE-2022-50881 CVE-2022-50882 CVE-2022-50883 CVE-2022-50884 CVE-2022-50885 CVE-2022-50886 CVE-2022-50887 CVE-2022-50888 CVE-2022-50889 CVE-2023-23559 CVE-2023-52433 CVE-2023-52874 CVE-2023-52923 CVE-2023-52923 CVE-2023-53178 CVE-2023-53254 CVE-2023-53365 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53539 CVE-2023-53541 CVE-2023-53542 CVE-2023-53546 CVE-2023-53547 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53557 CVE-2023-53559 CVE-2023-53560 CVE-2023-53562 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53578 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53591 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53598 CVE-2023-53601 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53676 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53697 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53707 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53714 CVE-2023-53715 CVE-2023-53716 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-53743 CVE-2023-53744 CVE-2023-53746 CVE-2023-53747 CVE-2023-53751 CVE-2023-53753 CVE-2023-53754 CVE-2023-53755 CVE-2023-53761 CVE-2023-53766 CVE-2023-53769 CVE-2023-53780 CVE-2023-53781 CVE-2023-53783 CVE-2023-53786 CVE-2023-53788 CVE-2023-53792 CVE-2023-53794 CVE-2023-53801 CVE-2023-53802 CVE-2023-53803 CVE-2023-53804 CVE-2023-53806 CVE-2023-53808 CVE-2023-53811 CVE-2023-53814 CVE-2023-53816 CVE-2023-53818 CVE-2023-53819 CVE-2023-53820 CVE-2023-53827 CVE-2023-53828 CVE-2023-53830 CVE-2023-53832 CVE-2023-53833 CVE-2023-53834 CVE-2023-53837 CVE-2023-53840 CVE-2023-53842 CVE-2023-53844 CVE-2023-53845 CVE-2023-53847 CVE-2023-53848 CVE-2023-53849 CVE-2023-53850 CVE-2023-53852 CVE-2023-53858 CVE-2023-53860 CVE-2023-53862 CVE-2023-53864 CVE-2023-53866 CVE-2023-53989 CVE-2023-53990 CVE-2023-53991 CVE-2023-53996 CVE-2023-53998 CVE-2023-54001 CVE-2023-54003 CVE-2023-54007 CVE-2023-54009 CVE-2023-54010 CVE-2023-54014 CVE-2023-54015 CVE-2023-54017 CVE-2023-54018 CVE-2023-54019 CVE-2023-54020 CVE-2023-54021 CVE-2023-54024 CVE-2023-54025 CVE-2023-54026 CVE-2023-54028 CVE-2023-54036 CVE-2023-54039 CVE-2023-54040 CVE-2023-54041 CVE-2023-54042 CVE-2023-54044 CVE-2023-54045 CVE-2023-54046 CVE-2023-54047 CVE-2023-54048 CVE-2023-54049 CVE-2023-54050 CVE-2023-54051 CVE-2023-54053 CVE-2023-54055 CVE-2023-54057 CVE-2023-54058 CVE-2023-54064 CVE-2023-54070 CVE-2023-54072 CVE-2023-54074 CVE-2023-54076 CVE-2023-54078 CVE-2023-54079 CVE-2023-54083 CVE-2023-54084 CVE-2023-54090 CVE-2023-54091 CVE-2023-54092 CVE-2023-54095 CVE-2023-54096 CVE-2023-54097 CVE-2023-54098 CVE-2023-54100 CVE-2023-54102 CVE-2023-54104 CVE-2023-54106 CVE-2023-54107 CVE-2023-54108 CVE-2023-54110 CVE-2023-54111 CVE-2023-54114 CVE-2023-54115 CVE-2023-54116 CVE-2023-54118 CVE-2023-54119 CVE-2023-54120 CVE-2023-54122 CVE-2023-54123 CVE-2023-54126 CVE-2023-54127 CVE-2023-54128 CVE-2023-54130 CVE-2023-54131 CVE-2023-54132 CVE-2023-54134 CVE-2023-54136 CVE-2023-54138 CVE-2023-54140 CVE-2023-54142 CVE-2023-54144 CVE-2023-54146 CVE-2023-54148 CVE-2023-54150 CVE-2023-54153 CVE-2023-54156 CVE-2023-54159 CVE-2023-54164 CVE-2023-54166 CVE-2023-54168 CVE-2023-54169 CVE-2023-54170 CVE-2023-54171 CVE-2023-54173 CVE-2023-54175 CVE-2023-54177 CVE-2023-54179 CVE-2023-54183 CVE-2023-54186 CVE-2023-54189 CVE-2023-54190 CVE-2023-54194 CVE-2023-54197 CVE-2023-54198 CVE-2023-54199 CVE-2023-54201 CVE-2023-54202 CVE-2023-54205 CVE-2023-54208 CVE-2023-54210 CVE-2023-54211 CVE-2023-54213 CVE-2023-54214 CVE-2023-54219 CVE-2023-54226 CVE-2023-54229 CVE-2023-54230 CVE-2023-54234 CVE-2023-54236 CVE-2023-54238 CVE-2023-54242 CVE-2023-54243 CVE-2023-54244 CVE-2023-54245 CVE-2023-54251 CVE-2023-54252 CVE-2023-54254 CVE-2023-54260 CVE-2023-54262 CVE-2023-54264 CVE-2023-54266 CVE-2023-54267 CVE-2023-54269 CVE-2023-54270 CVE-2023-54271 CVE-2023-54274 CVE-2023-54275 CVE-2023-54277 CVE-2023-54280 CVE-2023-54284 CVE-2023-54286 CVE-2023-54287 CVE-2023-54289 CVE-2023-54292 CVE-2023-54293 CVE-2023-54294 CVE-2023-54295 CVE-2023-54298 CVE-2023-54299 CVE-2023-54300 CVE-2023-54301 CVE-2023-54302 CVE-2023-54304 CVE-2023-54305 CVE-2023-54309 CVE-2023-54311 CVE-2023-54315 CVE-2023-54317 CVE-2023-54319 CVE-2023-54320 CVE-2023-54321 CVE-2023-54322 CVE-2023-54325 CVE-2023-54326 CVE-2023-7324 CVE-2024-2312 CVE-2024-25621 CVE-2024-26581 CVE-2024-26661 CVE-2024-26832 CVE-2024-36933 CVE-2024-50143 CVE-2024-53093 CVE-2024-53093 CVE-2024-54031 CVE-2024-56590 CVE-2025-10911 CVE-2025-11468 CVE-2025-11563 CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13462 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-14831 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15282 CVE-2025-15366 CVE-2025-15367 CVE-2025-21658 CVE-2025-21738 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164 CVE-2025-30258 CVE-2025-31133 CVE-2025-31133 CVE-2025-37885 CVE-2025-38068 CVE-2025-38084 CVE-2025-38085 CVE-2025-38129 CVE-2025-38159 CVE-2025-38234 CVE-2025-38375 CVE-2025-38476 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39977 CVE-2025-39978 CVE-2025-39981 CVE-2025-40018 CVE-2025-40019 CVE-2025-40040 CVE-2025-40044 CVE-2025-40044 CVE-2025-40048 CVE-2025-40121 CVE-2025-40139 CVE-2025-40139 CVE-2025-40154 CVE-2025-40204 CVE-2025-40215 CVE-2025-40220 CVE-2025-40233 CVE-2025-40242 CVE-2025-40256 CVE-2025-40257 CVE-2025-40258 CVE-2025-40277 CVE-2025-40280 CVE-2025-40300 CVE-2025-40331 CVE-2025-40778 CVE-2025-40780 CVE-2025-45582 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-53906 CVE-2025-54505 CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-58150 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-66418 CVE-2025-66471 CVE-2025-66471 CVE-2025-68160 CVE-2025-68183 CVE-2025-68218 CVE-2025-68276 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68468 CVE-2025-68471 CVE-2025-68732 CVE-2025-68771 CVE-2025-68813 CVE-2025-68818 CVE-2025-68973 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-7039 CVE-2025-70873 CVE-2025-71066 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-8732 CVE-2025-9403 CVE-2025-9820 CVE-2026-0672 CVE-2026-0861 CVE-2026-0865 CVE-2026-0915 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1299 CVE-2026-1502 CVE-2026-1519 CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-21441 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796 CVE-2026-22801 CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23054 CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23103 CVE-2026-23191 CVE-2026-23204 CVE-2026-23209 CVE-2026-23243 CVE-2026-23268 CVE-2026-23269 CVE-2026-23272 CVE-2026-23274 CVE-2026-23317 CVE-2026-23490 CVE-2026-23553 CVE-2026-23554 CVE-2026-23557 CVE-2026-23558 CVE-2026-24515 CVE-2026-25210 CVE-2026-25645 CVE-2026-25646 CVE-2026-26269 CVE-2026-27135 CVE-2026-27171 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-28417 CVE-2026-29111 CVE-2026-30922 CVE-2026-31431 CVE-2026-31789 CVE-2026-3184 CVE-2026-32597 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33412 CVE-2026-33416 CVE-2026-3446 CVE-2026-34714 CVE-2026-3479 CVE-2026-34982 CVE-2026-35535 CVE-2026-3644 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6019 CVE-2026-6100 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20260507-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3794-1 Released: Fri Oct 24 17:36:29 2025 Summary: Security update for chrony Type: security Severity: moderate References: 1246544 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3797-1 Released: Mon Oct 27 08:58:05 2025 Summary: Security update for xen Type: security Severity: important References: 1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3854-1 Released: Wed Oct 29 15:10:39 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1248816 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4108-1 Released: Fri Nov 14 16:54:51 2025 Summary: Security update for bind Type: security Severity: important References: 1252379,1252380,CVE-2025-40778,CVE-2025-40780 This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4112-1 Released: Sat Nov 15 23:38:15 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4152-1 Released: Fri Nov 21 10:10:35 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) Other fixes: - Bump upstream SBAT generation to 6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4288-1 Released: Fri Nov 28 09:25:32 2025 Summary: Security update for containerd Type: security Severity: important References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4320-1 Released: Thu Dec 4 11:04:15 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206843,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214754,1214954,1214992,1215148,1217366,1236104,1242960,1245498,1245499,1246211,1247317,1248754,1249479,1249608,1249857,1249859,1249988,1250237,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251037,1251040,1251043,1251045,1251046,1251047,1251052,1251054,1251057,1251059,1251060,1251061,1251063,1251065,1251066,1251068,1251072,1251079,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251105,1251106,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251153,1251154,1251159,1251162,1251164,1251166,1251167,1251169,1251170,1251173,1251174,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251221,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251284,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251301,1251302,1251303,1 251306,1251307,1251310,1251312,1251315,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1251737,1251738,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252060,1252069,1252265,1252473,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252494,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252534,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252632,1252634,1252688,1252785,1252893,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50479,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-504 88,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50515,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50524,CVE-2022-50525,CVE-2022-50526,CVE-2022-50527,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50543,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50577,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE- 2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53539,CVE-2023-53541,CVE-2023-53542,CVE-2023-53546,CVE-2023-53547,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53557,CVE-2023-53559,CVE-2023-53560,CVE-2023-53562,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53578,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53591,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53598,CVE-2023-53601,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53 668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53697,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53707,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53716,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-37885,CVE-2025-38084,CVE-2025-38085,CVE-2025-38476,CVE-2025-39742,CVE-2025-39797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-40018,CVE-2025-40044 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38084: hugetlb: unshare some PMDs when splitting VMAs (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39797: xfrm: Duplicate SPI Handling (bsc#1249608). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39981: Bluetooth: MGMT: Fix possible UAFs (bsc#1252060). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). The following non security issues were fixed: - NFS: remove revoked delegation from server's delegation list (bsc#1246211). - NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - fbcon: Fix OOB access in font allocation (bsc#1252033) - kabi fix for NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). - net: mana: Switch to page pool for jumbo frames (bsc#1248754). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4377-1 Released: Fri Dec 12 10:37:09 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4436-1 Released: Wed Dec 17 14:55:46 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4490-1 Released: Fri Dec 19 12:17:11 2025 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1252692,1254180,CVE-2025-58149 This update for xen fixes the following issues: Update to Xen 4.17.6. Security issues fixed: - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to them (bsc#1252692). Other issues fixed: - Several upstream bug fixes (bsc#1027519). - Failure to restart xenstored (bsc#1254180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4506-1 Released: Mon Dec 22 17:38:35 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1233640,1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2024-53093,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - Fix type signess in fbcon_set_font() (bsc#1252033). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4525-1 Released: Fri Dec 26 13:19:00 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:27-1 Released: Mon Jan 5 13:45:08 2026 Summary: Security update for python3 Type: security Severity: moderate References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:117-1 Released: Tue Jan 13 05:33:38 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:214-1 Released: Thu Jan 22 13:09:26 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:224-1 Released: Thu Jan 22 13:18:20 2026 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1256341,CVE-2025-13151 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:304-1 Released: Tue Jan 27 17:14:50 2026 Summary: Security update for xen Type: security Severity: moderate References: 1256745,1256747,CVE-2025-58150,CVE-2026-23553 This update for xen fixes the following issues: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:317-1 Released: Wed Jan 28 15:36:48 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1193629,1194869,1196823,1204957,1205567,1206451,1206843,1206889,1207051,1207088,1207315,1207611,1207620,1207622,1207636,1207644,1207646,1207652,1207653,1208570,1208758,1209799,1209980,1210644,1210817,1210943,1211690,1213025,1213032,1213093,1213105,1213110,1213111,1213653,1213747,1213867,1214635,1214940,1214962,1214986,1214990,1216062,1224573,1225832,1226797,1226846,1228015,1233640,1235038,1237563,1249871,1252046,1252678,1253409,1254392,1254520,1254559,1254562,1254572,1254578,1254580,1254592,1254601,1254608,1254609,1254614,1254615,1254617,1254623,1254625,1254626,1254631,1254632,1254634,1254644,1254645,1254649,1254651,1254653,1254656,1254658,1254660,1254664,1254671,1254674,1254676,1254677,1254681,1254684,1254685,1254686,1254690,1254692,1254694,1254696,1254698,1254699,1254704,1254706,1254709,1254710,1254711,1254712,1254713,1254714,1254716,1254723,1254725,1254728,1254729,1254743,1254745,1254751,1254753,1254754,1254756,1254759,1254763,1254775,1254780,1254781,1254782,1 254783,1254785,1254786,1254788,1254789,1254792,1254813,1254843,1254847,1254851,1254894,1254902,1254910,1254911,1254915,1254916,1254917,1254920,1254922,1254958,1254959,1254974,1254979,1254986,1254994,1255002,1255005,1255007,1255049,1255060,1255107,1255163,1255165,1255245,1255467,1255469,1255521,1255528,1255532,1255546,1255549,1255554,1255555,1255558,1255560,1255561,1255562,1255565,1255574,1255576,1255578,1255582,1255596,1255600,1255605,1255607,1255608,1255609,1255618,1255619,1255620,1255623,1255624,1255626,1255627,1255628,1255635,1255636,1255688,1255690,1255697,1255702,1255704,1255745,1255747,1255749,1255750,1255757,1255758,1255760,1255761,1255762,1255763,1255769,1255771,1255773,1255780,1255786,1255787,1255789,1255790,1255791,1255792,1255796,1255797,1255800,1255801,1255802,1255803,1255804,1255806,1255808,1255819,1255839,1255841,1255843,1255844,1255872,1255875,1255876,1255877,1255878,1255880,1255881,1255888,1255889,1255890,1255899,1255901,1255902,1255905,1255906,1255909,1255910,125591 2,1255916,1255919,1255920,1255922,1255924,1255925,1255939,1255946,1255950,1255953,1255954,1255955,1255962,1255964,1255968,1255969,1255970,1255971,1255974,1255978,1255979,1255983,1255985,1255990,1255993,1255994,1255996,1255998,1256034,1256040,1256042,1256045,1256046,1256048,1256049,1256050,1256053,1256056,1256057,1256062,1256063,1256064,1256065,1256071,1256074,1256081,1256084,1256086,1256088,1256091,1256093,1256099,1256101,1256103,1256106,1256111,1256112,1256114,1256115,1256118,1256119,1256121,1256122,1256124,1256125,1256126,1256127,1256128,1256130,1256131,1256132,1256133,1256136,1256137,1256140,1256141,1256142,1256143,1256144,1256145,1256149,1256150,1256152,1256154,1256155,1256157,1256158,1256162,1256164,1256165,1256166,1256167,1256172,1256173,1256174,1256177,1256178,1256179,1256182,1256184,1256185,1256186,1256188,1256189,1256191,1256192,1256193,1256194,1256196,1256198,1256199,1256200,1256202,1256203,1256204,1256205,1256206,1256207,1256208,1256211,1256214,1256215,1256216,1256218,125 6219,1256220,1256221,1256223,1256228,1256230,1256231,1256235,1256239,1256241,1256242,1256245,1256248,1256250,1256254,1256260,1256265,1256269,1256271,1256274,1256282,1256285,1256291,1256294,1256295,1256300,1256302,1256306,1256309,1256317,1256320,1256323,1256326,1256328,1256333,1256334,1256335,1256337,1256338,1256344,1256346,1256349,1256352,1256353,1256355,1256358,1256359,1256363,1256364,1256368,1256370,1256375,1256381,1256382,1256383,1256384,1256386,1256388,1256391,1256394,1256395,1256396,1256397,1256398,1256423,1256426,1256432,CVE-2022-0854,CVE-2022-48853,CVE-2022-50614,CVE-2022-50615,CVE-2022-50617,CVE-2022-50618,CVE-2022-50619,CVE-2022-50621,CVE-2022-50622,CVE-2022-50623,CVE-2022-50625,CVE-2022-50626,CVE-2022-50629,CVE-2022-50630,CVE-2022-50633,CVE-2022-50635,CVE-2022-50636,CVE-2022-50638,CVE-2022-50640,CVE-2022-50641,CVE-2022-50643,CVE-2022-50644,CVE-2022-50646,CVE-2022-50649,CVE-2022-50652,CVE-2022-50653,CVE-2022-50656,CVE-2022-50658,CVE-2022-50660,CVE-2022-50661,CVE-2022-50662, CVE-2022-50664,CVE-2022-50665,CVE-2022-50666,CVE-2022-50667,CVE-2022-50668,CVE-2022-50669,CVE-2022-50670,CVE-2022-50671,CVE-2022-50672,CVE-2022-50673,CVE-2022-50675,CVE-2022-50677,CVE-2022-50678,CVE-2022-50679,CVE-2022-50698,CVE-2022-50699,CVE-2022-50700,CVE-2022-50701,CVE-2022-50702,CVE-2022-50703,CVE-2022-50704,CVE-2022-50705,CVE-2022-50709,CVE-2022-50710,CVE-2022-50712,CVE-2022-50714,CVE-2022-50715,CVE-2022-50716,CVE-2022-50717,CVE-2022-50718,CVE-2022-50719,CVE-2022-50722,CVE-2022-50723,CVE-2022-50724,CVE-2022-50726,CVE-2022-50727,CVE-2022-50728,CVE-2022-50730,CVE-2022-50731,CVE-2022-50732,CVE-2022-50733,CVE-2022-50735,CVE-2022-50736,CVE-2022-50738,CVE-2022-50740,CVE-2022-50742,CVE-2022-50744,CVE-2022-50745,CVE-2022-50747,CVE-2022-50749,CVE-2022-50750,CVE-2022-50751,CVE-2022-50752,CVE-2022-50754,CVE-2022-50755,CVE-2022-50756,CVE-2022-50757,CVE-2022-50758,CVE-2022-50760,CVE-2022-50761,CVE-2022-50763,CVE-2022-50767,CVE-2022-50768,CVE-2022-50769,CVE-2022-50770,CVE-2022-50773,CVE-202 2-50774,CVE-2022-50776,CVE-2022-50777,CVE-2022-50779,CVE-2022-50781,CVE-2022-50782,CVE-2022-50809,CVE-2022-50814,CVE-2022-50818,CVE-2022-50819,CVE-2022-50821,CVE-2022-50822,CVE-2022-50823,CVE-2022-50824,CVE-2022-50826,CVE-2022-50827,CVE-2022-50828,CVE-2022-50829,CVE-2022-50830,CVE-2022-50832,CVE-2022-50833,CVE-2022-50834,CVE-2022-50835,CVE-2022-50836,CVE-2022-50838,CVE-2022-50839,CVE-2022-50840,CVE-2022-50842,CVE-2022-50843,CVE-2022-50844,CVE-2022-50845,CVE-2022-50846,CVE-2022-50847,CVE-2022-50848,CVE-2022-50849,CVE-2022-50850,CVE-2022-50851,CVE-2022-50853,CVE-2022-50856,CVE-2022-50858,CVE-2022-50859,CVE-2022-50860,CVE-2022-50861,CVE-2022-50862,CVE-2022-50864,CVE-2022-50866,CVE-2022-50867,CVE-2022-50868,CVE-2022-50870,CVE-2022-50872,CVE-2022-50873,CVE-2022-50876,CVE-2022-50878,CVE-2022-50880,CVE-2022-50881,CVE-2022-50882,CVE-2022-50883,CVE-2022-50884,CVE-2022-50885,CVE-2022-50886,CVE-2022-50887,CVE-2022-50888,CVE-2022-50889,CVE-2023-23559,CVE-2023-53254,CVE-2023-53743,CVE-2023-53744 ,CVE-2023-53746,CVE-2023-53747,CVE-2023-53751,CVE-2023-53753,CVE-2023-53754,CVE-2023-53755,CVE-2023-53761,CVE-2023-53766,CVE-2023-53769,CVE-2023-53780,CVE-2023-53781,CVE-2023-53783,CVE-2023-53786,CVE-2023-53788,CVE-2023-53792,CVE-2023-53794,CVE-2023-53801,CVE-2023-53802,CVE-2023-53803,CVE-2023-53804,CVE-2023-53806,CVE-2023-53808,CVE-2023-53811,CVE-2023-53814,CVE-2023-53816,CVE-2023-53818,CVE-2023-53819,CVE-2023-53820,CVE-2023-53827,CVE-2023-53828,CVE-2023-53830,CVE-2023-53832,CVE-2023-53833,CVE-2023-53834,CVE-2023-53837,CVE-2023-53840,CVE-2023-53842,CVE-2023-53844,CVE-2023-53845,CVE-2023-53847,CVE-2023-53848,CVE-2023-53849,CVE-2023-53850,CVE-2023-53852,CVE-2023-53858,CVE-2023-53860,CVE-2023-53862,CVE-2023-53864,CVE-2023-53866,CVE-2023-53989,CVE-2023-53990,CVE-2023-53991,CVE-2023-53996,CVE-2023-53998,CVE-2023-54001,CVE-2023-54003,CVE-2023-54007,CVE-2023-54009,CVE-2023-54010,CVE-2023-54014,CVE-2023-54015,CVE-2023-54017,CVE-2023-54018,CVE-2023-54019,CVE-2023-54020,CVE-2023-54021,CVE-20 23-54024,CVE-2023-54025,CVE-2023-54026,CVE-2023-54028,CVE-2023-54036,CVE-2023-54039,CVE-2023-54040,CVE-2023-54041,CVE-2023-54042,CVE-2023-54044,CVE-2023-54045,CVE-2023-54046,CVE-2023-54047,CVE-2023-54048,CVE-2023-54049,CVE-2023-54050,CVE-2023-54051,CVE-2023-54053,CVE-2023-54055,CVE-2023-54057,CVE-2023-54058,CVE-2023-54064,CVE-2023-54070,CVE-2023-54072,CVE-2023-54074,CVE-2023-54076,CVE-2023-54078,CVE-2023-54079,CVE-2023-54083,CVE-2023-54084,CVE-2023-54090,CVE-2023-54091,CVE-2023-54092,CVE-2023-54095,CVE-2023-54096,CVE-2023-54097,CVE-2023-54098,CVE-2023-54100,CVE-2023-54102,CVE-2023-54104,CVE-2023-54106,CVE-2023-54107,CVE-2023-54108,CVE-2023-54110,CVE-2023-54111,CVE-2023-54114,CVE-2023-54115,CVE-2023-54116,CVE-2023-54118,CVE-2023-54119,CVE-2023-54120,CVE-2023-54122,CVE-2023-54123,CVE-2023-54126,CVE-2023-54127,CVE-2023-54128,CVE-2023-54130,CVE-2023-54131,CVE-2023-54132,CVE-2023-54134,CVE-2023-54136,CVE-2023-54138,CVE-2023-54140,CVE-2023-54144,CVE-2023-54146,CVE-2023-54148,CVE-2023-5415 0,CVE-2023-54153,CVE-2023-54156,CVE-2023-54159,CVE-2023-54164,CVE-2023-54166,CVE-2023-54168,CVE-2023-54169,CVE-2023-54170,CVE-2023-54171,CVE-2023-54173,CVE-2023-54175,CVE-2023-54177,CVE-2023-54179,CVE-2023-54183,CVE-2023-54186,CVE-2023-54189,CVE-2023-54190,CVE-2023-54194,CVE-2023-54197,CVE-2023-54198,CVE-2023-54199,CVE-2023-54201,CVE-2023-54202,CVE-2023-54205,CVE-2023-54208,CVE-2023-54210,CVE-2023-54211,CVE-2023-54213,CVE-2023-54214,CVE-2023-54219,CVE-2023-54226,CVE-2023-54229,CVE-2023-54230,CVE-2023-54234,CVE-2023-54236,CVE-2023-54238,CVE-2023-54242,CVE-2023-54244,CVE-2023-54245,CVE-2023-54251,CVE-2023-54252,CVE-2023-54254,CVE-2023-54260,CVE-2023-54262,CVE-2023-54264,CVE-2023-54266,CVE-2023-54267,CVE-2023-54269,CVE-2023-54270,CVE-2023-54271,CVE-2023-54274,CVE-2023-54275,CVE-2023-54277,CVE-2023-54280,CVE-2023-54284,CVE-2023-54286,CVE-2023-54287,CVE-2023-54289,CVE-2023-54292,CVE-2023-54293,CVE-2023-54294,CVE-2023-54295,CVE-2023-54298,CVE-2023-54299,CVE-2023-54300,CVE-2023-54301,CVE-2 023-54302,CVE-2023-54304,CVE-2023-54305,CVE-2023-54309,CVE-2023-54311,CVE-2023-54315,CVE-2023-54317,CVE-2023-54319,CVE-2023-54320,CVE-2023-54321,CVE-2023-54322,CVE-2023-54325,CVE-2023-54326,CVE-2024-36933,CVE-2024-53093,CVE-2024-56590,CVE-2025-39977,CVE-2025-40019,CVE-2025-40139,CVE-2025-40215,CVE-2025-40220,CVE-2025-40233,CVE-2025-40256,CVE-2025-40258,CVE-2025-40277,CVE-2025-40280,CVE-2025-40331,CVE-2025-68218,CVE-2025-68732 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785). - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576). - CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871). - CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751). - CVE-2024-56590: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (bsc#1235038). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688). The following non security issues were fixed: - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Do not pass NULL handles to acpi_attach_data() (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - KVM: SVM: Fix TSC_AUX virtualization setup (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes). - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes). - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes). - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes). - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes). - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes). - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes). - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes). - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes). - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes). - arch/idle: Change arch_cpu_idle() behavior: always exit with IRQs disabled (git-fixes). - cpuidle/poll: Ensure IRQs stay disabled after cpuidle_state::enter() calls (git-fixes). - cpuidle: Move IRQ state validation (git-fixes). - cpuidle: haltpoll: Do not enable interrupts when entering idle (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Drop flags from __tdx_hypercall() (git-fixes). - x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Extend TDX_MODULE_CALL to support more TDCALL/SEAMCALL leafs (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes). - x86/tdx: Make TDX_HYPERCALL asm similar to TDX_MODULE_CALL (git-fixes). - x86/tdx: Make macros of TDCALLs consistent with the spec (git-fixes). - x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure (git-fixes). - x86/tdx: Reimplement __tdx_hypercall() using TDX_MODULE_CALL asm (git-fixes). - x86/tdx: Remove 'struct tdx_hypercall_args' (git-fixes). - x86/tdx: Remove TDX_HCALL_ISSUE_STI (git-fixes). - x86/tdx: Rename __tdx_module_call() to __tdcall() (git-fixes). - x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes). - x86/tdx: Retry partially-completed page conversion hypercalls (git-fixes). - x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid (git-fixes). - x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (git-fixes). - x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP (git-fixes). - x86/virt/tdx: Wire up basic SEAMCALL functions (git-fixes). - xfs: fix sparse inode limits on runt AG (bsc#1254392). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:359-1 Released: Mon Feb 2 10:54:54 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:430-1 Released: Wed Feb 11 09:43:42 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1256902,CVE-2026-23490 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service (bsc#1256902) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:443-1 Released: Wed Feb 11 10:46:43 2026 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1254866,1254867,1256331,CVE-2025-66418,CVE-2025-66471,CVE-2026-21441 This update for python-urllib3_1 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). - CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:463-1 Released: Thu Feb 12 08:40:25 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1256709 This update for supportutils fixes the following issues: - scplugin.rc is restored in package 3.2.12.1 for continued compatibility (bsc#1256709) - Changes to version 3.2.12: * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11: * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:474-1 Released: Thu Feb 12 12:28:33 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1220137,1220144,1222323,1223007,1225049,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1252785,1253028,1253087,1253409,1253702,1254447,1254462,1254463,1254464,1254465,1254767,1254842,1255171,1255251,1255377,1255401,1255594,1255908,1256095,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50697,CVE-2023-52433,CVE-2023-52874,CVE-2023-52923,CVE-2023-53178,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53714,CVE-2023-54142,CVE-2023-54243,CVE-2024-26581,CVE-2024-26661,CVE-2024-26832,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-40044,CVE-2025-40 139,CVE-2025-40257,CVE-2025-40300,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68771,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483). - CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). The following non security issues were fixed: - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86: make page fault handling disable interrupts properly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:570-1 Released: Tue Feb 17 17:38:47 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1247858,1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:575-1 Released: Wed Feb 18 10:10:36 2026 Summary: Security update for libpcap Type: security Severity: low References: 1255765,CVE-2025-11961 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:577-1 Released: Wed Feb 18 16:49:13 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:596-1 Released: Mon Feb 23 16:57:20 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:664-1 Released: Thu Feb 26 16:15:04 2026 Summary: Security update for python3 Type: security Severity: important References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865 This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:694-1 Released: Fri Feb 27 16:14:32 2026 Summary: Security update for gpg2 Type: security Severity: moderate References: 1256389 This update for gpg2 fixes the following issues: Security fix: - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data (bsc#1256389) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:741-1 Released: Mon Mar 2 09:11:04 2026 Summary: Security update for shim Type: security Severity: moderate References: 1240871,1247432,CVE-2024-2312 This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix 'Verifiying' typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as 'vendor_db' - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:783-1 Released: Tue Mar 3 14:36:14 2026 Summary: Security update for zlib Type: security Severity: moderate References: 1258392,CVE-2026-27171 This update for zlib fixes the following issue: - CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing checks for negative lengths (bsc#1258392). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:791-1 Released: Tue Mar 3 16:59:33 2026 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1257463 This update for gcc15 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:818-1 Released: Thu Mar 5 11:26:09 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1258022 This update for grub2 fixes the following issues: - Backport upstream's commit to prevent BIOS assert (bsc#1258022) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:826-1 Released: Thu Mar 5 16:16:29 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:837-1 Released: Fri Mar 6 08:30:05 2026 Summary: Recommended update for syslogd Type: recommended Severity: moderate References: This update for syslogd fixes the following issues: - Drop last sysvinit Requirement/Provide (jsc#PED-13698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:856-1 Released: Tue Mar 10 09:35:24 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1258859,CVE-2026-3184 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:862-1 Released: Wed Mar 11 10:59:55 2026 Summary: Security update for gnutls Type: security Severity: moderate References: 1257960,CVE-2025-14831 This update for gnutls fixes the following issues: - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs) (bsc#1257960). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:896-1 Released: Fri Mar 13 16:25:07 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) - CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) - CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:899-1 Released: Fri Mar 13 16:32:57 2026 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1230861,1239439,1241002,1244550 This update for suseconnect-ng fixes the following issues: - Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) - Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library - Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:910-1 Released: Tue Mar 17 20:34:12 2026 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:911-1 Released: Tue Mar 17 20:56:12 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:912-1 Released: Wed Mar 18 07:19:42 2026 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1229003,1258002 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user during install: allow rpm to properly execute %clean when completed. - Create /var/lib/ca-certificates during build to ensure rpm gives the %ghost'ed directory proper mode attributes. - Updated to 2.84 state (bsc#1258002) * Removed: + Baltimore CyberTrust Root + CommScope Public Trust ECC Root-01 + CommScope Public Trust ECC Root-02 + CommScope Public Trust RSA Root-01 + CommScope Public Trust RSA Root-02 + DigiNotar Root CA * Added: + e-Szigno TLS Root CA 2023 + OISTE Client Root ECC G1 + OISTE Client Root RSA G1 + OISTE Server Root ECC G1 + OISTE Server Root RSA G1 + SwissSign RSA SMIME Root CA 2022 - 1 + SwissSign RSA TLS Root CA 2022 - 1 + TrustAsia SMIME ECC Root CA + TrustAsia SMIME RSA Root CA + TrustAsia TLS ECC Root CA + TrustAsia TLS RSA Root CA - reenable the distrusted certs again. the distrust is only for certs issued after the distrust date, not for all certs of a CA. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:931-1 Released: Thu Mar 19 09:23:14 2026 Summary: Security update for jq Type: security Severity: low References: 1248600,CVE-2025-9403 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:949-1 Released: Fri Mar 20 19:08:19 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1003-1 Released: Wed Mar 25 10:25:34 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1238917,1255075,1256645,1257231,1257473,1257732,1257735,1257749,1257790,1258340,1258395,1258518,1258849,1258850,1259857,CVE-2025-21738,CVE-2025-40242,CVE-2025-71066,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23074,CVE-2026-23089,CVE-2026-23191,CVE-2026-23204,CVE-2026-23209,CVE-2026-23268,CVE-2026-23269 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850). - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857). The following non-security bugs were fixed: - Disable CONFIG_NET_SCH_ATM (jsc#PED-12836). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1061-1 Released: Thu Mar 26 11:35:08 2026 Summary: Security update for systemd Type: security Severity: important References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - 6a38d88a42 machined: reject invalid class types when registering machines - 8c9a592e5a udev: fix review mixup - b57007a917 udev-builtin-net-id: print cescaped bad attributes - ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX - 0f63e799e6 udev: ensure tag parsing stays within bounds - 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf - 5be21460ce udev: check for invalid chars in various fields received from the kernel - 9559607b16 core/cgroup: avoid one unnecessary strjoina() - fcae348ca4 core: validate input cgroup path more prudently - a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere - 08125d6b06 units: add dep on systemd-logind.service by user at .service ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1065-1 Released: Thu Mar 26 11:38:12 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1067-1 Released: Thu Mar 26 11:39:01 2026 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1254867,1259829,CVE-2025-66471 This update for python-urllib3 fixes the following issue: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1087-1 Released: Thu Mar 26 16:20:57 2026 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1222465,1234736 This update for util-linux fixes the following issues: - recognize fuse 'portal' as a virtual file system (bsc#1234736). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1090-1 Released: Thu Mar 26 18:44:54 2026 Summary: Security update for python3 Type: security Severity: important References: 1257181,CVE-2026-1299 This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1092-1 Released: Thu Mar 26 18:51:45 2026 Summary: Security update for xen Type: security Severity: important References: 1259247,CVE-2026-23554 This update for xen fixes the following issues: - CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1105-1 Released: Fri Mar 27 08:03:05 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1158-1 Released: Tue Mar 31 13:55:47 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1259803,CVE-2026-30922 This update for python-pyasn1 fixes the following issues: - CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1166-1 Released: Thu Apr 2 03:08:04 2026 Summary: Security update for expat Type: security Severity: important References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1177-1 Released: Thu Apr 2 17:00:30 2026 Summary: Security update for tar Type: security Severity: important References: 1246399,CVE-2025-45582 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1230-1 Released: Thu Apr 9 10:58:22 2026 Summary: Security update for bind Type: security Severity: important References: 1260805,CVE-2026-1519 This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1247-1 Released: Fri Apr 10 12:34:39 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1259845,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1290-1 Released: Mon Apr 13 10:08:34 2026 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1260441,1260442,1260443,1260444,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1308-1 Released: Tue Apr 14 12:37:49 2026 Summary: Security update for sudo Type: security Severity: important References: 1261420,CVE-2026-35535 This update for sudo fixes the following issue: - CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2026:1315-1 Released: Tue Apr 14 13:26:20 2026 Summary: Optional update for rsyslog Type: optional Severity: moderate References: This update for rsyslog fixes the following issue: - add the rsyslog-module-ossl (openssl TLS support). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1323-1 Released: Tue Apr 14 15:11:50 2026 Summary: Security update for libpng16 Type: security Severity: important References: 1260754,CVE-2026-33416 This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1380-1 Released: Thu Apr 16 11:13:40 2026 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1257667,1257825,1261155 This update for suseconnect-ng fixes the following issues: - Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). - Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1400-1 Released: Thu Apr 16 12:47:09 2026 Summary: Security update for python-PyJWT Type: security Severity: important References: 1259616,CVE-2026-32597 This update for python-PyJWT fixes the following issues: - CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1403-1 Released: Thu Apr 16 13:34:01 2026 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1432-1 Released: Fri Apr 17 12:12:08 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1472-1 Released: Mon Apr 20 11:31:54 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1259543 This update for grub2 fixes the following issues: - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1487-1 Released: Mon Apr 20 17:52:11 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1495-1 Released: Mon Apr 20 17:59:12 2026 Summary: Security update for containerd Type: security Severity: important References: This update for containerd rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1550-1 Released: Wed Apr 22 11:41:14 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1261678,CVE-2026-28390 This update for openssl-1_1 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1565-1 Released: Thu Apr 23 09:08:29 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1606-1 Released: Fri Apr 24 13:50:09 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215492,1246057,1256675,1257773,1259797,1260005,1260009,1260347,1260562,CVE-2025-38234,CVE-2025-68818,CVE-2026-23103,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274,CVE-2026-23317 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). - CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). The following non security issues were fixed: - nvme-fc: use ctrl state getter (git-fixes bsc#1215492). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1607-1 Released: Fri Apr 24 13:50:52 2026 Summary: Security update for vim Type: security Severity: important References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982 This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). - CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). - CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1644-1 Released: Tue Apr 28 15:31:39 2026 Summary: Security update for python-requests Type: security Severity: moderate References: 1260589,CVE-2026-25645 This update for python-requests fixes the following issues: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1657-1 Released: Wed Apr 29 13:06:49 2026 Summary: Security update for xen Type: security Severity: important References: 1262178,1262180,1262428,CVE-2025-54505,CVE-2026-23557,CVE-2026-23558 This update for xen fixes the following issues: - CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD-SN-7053 (bsc#1262428). - CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178). - CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1659-1 Released: Wed Apr 29 13:09:06 2026 Summary: Security update for sed Type: security Severity: moderate References: 1262144,CVE-2026-5958 This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1670-1 Released: Sat May 2 07:53:26 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1262573,CVE-2026-31431 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix one security issue The following security issue was fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1715-1 Released: Wed May 6 14:09:30 2026 Summary: Security update for python3 Type: security Severity: important References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100 This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). - CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). - CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). - CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1721-1 Released: Wed May 6 16:43:37 2026 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1253223,1258406,1258730 This update for cloud-netconfig fixes the following issues: - Update to version 1.19: * Make sure IPADDR variable is stripped of netmask - Update to version 1.18: * Fix issue with link-local address routing (bsc#1258730) - Update to version 1.17: * Do not set broadcast address explicitly (bsc#1258406) - Update to version 1.16: * Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223) * Fix variable names in the README ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1759-1 Released: Thu May 7 16:03:37 2026 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1261274 This update for dracut fixes the following issues: - Update to version 055+suse.399.g9aa7e567: * fix: make iso-scan trigger udev events (bsc#1261274) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bind-utils-9.16.50-150500.8.35.1 updated - ca-certificates-mozilla-2.84-150200.44.1 updated - chrony-pool-suse-4.1-150400.21.8.1 updated - chrony-4.1-150400.21.8.1 updated - cifs-utils-6.15-150400.3.18.1 updated - cloud-netconfig-ec2-1.19-150000.25.31.1 updated - containerd-ctr-1.7.29-150000.132.1 updated - containerd-1.7.29-150000.132.1 updated - curl-8.14.1-150400.5.83.1 updated - dracut-055+suse.399.g9aa7e567-150500.3.35.1 updated - elfutils-0.185-150400.5.8.3 updated - glibc-locale-base-2.31-150300.98.1 updated - glibc-locale-2.31-150300.98.1 updated - glibc-2.31-150300.98.1 updated - gpg2-2.2.27-150300.3.19.1 updated - grub2-i386-pc-2.06-150500.29.65.1 updated - grub2-x86_64-efi-2.06-150500.29.65.1 updated - grub2-x86_64-xen-2.06-150500.29.65.1 updated - grub2-2.06-150500.29.65.1 updated - iptables-1.8.7-1.1 added - jq-1.6-150000.3.12.1 updated - kernel-default-5.14.21-150500.55.149.1 updated - kmod-29-150300.4.18.1 updated - libasm1-0.185-150400.5.8.3 updated - libavahi-client3-0.8-150400.7.26.1 updated - libavahi-common3-0.8-150400.7.26.1 updated - libblkid1-2.37.4-150500.9.26.1 updated - libcap2-2.63-150400.3.6.1 updated - libcurl4-8.14.1-150400.5.83.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.18.4 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libexpat1-2.7.1-150400.3.37.1 updated - libfdisk1-2.37.4-150500.9.26.1 updated - libfreetype6-2.10.4-150000.4.25.1 updated - libgcc_s1-15.2.0+git10201-150000.1.9.1 updated - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libgnutls30-3.7.3-150400.4.56.1 updated - libip6tc2-1.8.7-1.1 added - libjq1-1.6-150000.3.12.1 updated - libkmod2-29-150300.4.18.1 updated - libmount1-2.37.4-150500.9.26.1 updated - libncurses6-6.1-150000.5.33.1 updated - libnftnl11-1.2.0-150400.1.6 added - libnghttp2-14-1.40.0-150200.22.1 updated - libopenssl1_1-1.1.1l-150500.17.54.1 updated - libpcap1-1.10.1-150400.3.9.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libpng16-16-1.6.34-150000.3.22.1 updated - libpython3_6m1_0-3.6.15-150300.10.118.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsasl2-3-2.1.28-150500.3.3.1 updated - libsmartcols1-2.37.4-150500.9.26.1 updated - libsqlite3-0-3.51.3-150000.3.39.1 updated - libssh-config-0.9.8-150400.3.17.1 updated - libssh4-0.9.8-150400.3.17.1 updated - libstdc++6-15.2.0+git10201-150000.1.9.1 updated - libsystemd0-249.17-150400.8.55.1 updated - libtasn1-6-4.13-150000.4.14.1 updated - libtasn1-4.13-150000.4.14.1 updated - libudev1-249.17-150400.8.55.1 updated - libuuid1-2.37.4-150500.9.26.1 updated - libxml2-2-2.10.3-150500.5.38.1 updated - libz1-1.2.13-150500.4.6.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - openssh-clients-8.4p1-150300.3.57.1 updated - openssh-common-8.4p1-150300.3.57.1 updated - openssh-server-8.4p1-150300.3.57.1 updated - openssh-8.4p1-150300.3.57.1 updated - openssl-1_1-1.1.1l-150500.17.54.1 updated - pciutils-3.13.0-150300.13.12.1 updated - python3-PyJWT-2.4.0-150200.3.11.1 updated - python3-base-3.6.15-150300.10.118.1 updated - python3-bind-9.16.50-150500.8.35.1 updated - python3-pyasn1-0.4.2-150000.3.16.1 updated - python3-requests-2.25.1-150300.3.21.1 updated - python3-urllib3-1.25.10-150300.4.24.1 updated - python3-3.6.15-150300.10.118.1 updated - rsyslog-module-relp-8.2306.0-150400.5.35.1 updated - rsyslog-8.2306.0-150400.5.35.1 updated - runc-1.3.4-150000.92.1 updated - sed-4.4-150300.13.6.1 updated - shim-16.1-150300.4.31.3 updated - sudo-1.9.12p1-150500.7.16.1 updated - supportutils-3.2.12.1-150300.7.35.39.1 updated - suseconnect-ng-1.21.1-150500.3.40.1 updated - syslog-service-2.0-150300.13.3.1 updated - systemd-sysvinit-249.17-150400.8.55.1 updated - systemd-249.17-150400.8.55.1 updated - tar-1.34-150000.3.37.1 updated - terminfo-base-6.1-150000.5.33.1 updated - terminfo-6.1-150000.5.33.1 updated - udev-249.17-150400.8.55.1 updated - util-linux-systemd-2.37.4-150500.9.26.1 updated - util-linux-2.37.4-150500.9.26.1 updated - vim-data-common-9.2.0280-150500.20.46.1 updated - vim-9.2.0280-150500.20.46.1 updated - xen-libs-4.17.6_08-150500.3.65.1 updated - xen-tools-domU-4.17.6_08-150500.3.65.1 updated - xtables-plugins-1.8.7-1.1 added - libwayland-client0-1.21.0-150500.1.1 removed From sle-container-updates at lists.suse.com Tue May 12 07:10:25 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 12 May 2026 09:10:25 +0200 (CEST) Subject: SUSE-IU-2026:3293-1: Security update of suse/sle-micro/5.5 Message-ID: <20260512071025.CB481FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3293-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.8.1 , suse/sle-micro/5.5:latest Image Release : 5.8.1 Severity : important Type : security References : 1001888 1006827 1029961 1098094 1098228 1103388 1104120 1106523 1121410 1168806 1170160 1170160 1170554 1180422 1180482 1182482 1182482 1185697 1186749 1187948 1190091 1191375 1192862 1194338 1196332 1196332 1200110 1206798 1222465 1224138 1229655 1233655 1234736 1246399 1246602 1246965 1247850 1247858 1248586 1248600 1248988 1249055 1250553 1250553 1252338 1253043 1253741 1253993 1254297 1254362 1254441 1254662 1254666 1254670 1254670 1254878 1255715 1255731 1255732 1255733 1255734 1256105 1256244 1256246 1256389 1256390 1256483 1256498 1256499 1256500 1256766 1256805 1256807 1256808 1256809 1256811 1256812 1256822 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1257005 1257049 1257144 1257359 1257463 1257496 1257593 1257594 1257595 1258045 1258049 1258054 1258080 1258081 1258229 1258392 1258568 1258859 1259051 1259362 1259362 1259363 1259364 1259365 1259377 1259418 1259619 1259650 1259697 1259711 1259726 1259729 1259845 1259924 1259985 1260441 1260442 1260443 1260444 1260859 1261191 1261271 1261274 1261420 1261678 1261809 1262144 1262631 1262632 1262635 1262636 1262638 510058 529469 837347 CVE-2025-10158 CVE-2025-10911 CVE-2025-10911 CVE-2025-13601 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-45582 CVE-2025-47914 CVE-2025-53906 CVE-2025-68160 CVE-2025-68276 CVE-2025-68468 CVE-2025-68471 CVE-2025-68973 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-7039 CVE-2025-70873 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058 CVE-2025-8732 CVE-2025-9403 CVE-2025-9615 CVE-2026-0861 CVE-2026-0915 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-22795 CVE-2026-22796 CVE-2026-24515 CVE-2026-25210 CVE-2026-26269 CVE-2026-27135 CVE-2026-27171 CVE-2026-2781 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-28417 CVE-2026-29111 CVE-2026-31789 CVE-2026-3184 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33412 CVE-2026-34714 CVE-2026-34982 CVE-2026-35535 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4873 CVE-2026-4878 CVE-2026-4897 CVE-2026-5545 CVE-2026-5958 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4044-1 Released: Mon Nov 25 08:28:17 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4363-1 Released: Tue Dec 17 16:12:41 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update v0.390 * Update pci and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1721-1 Released: Tue May 27 17:59:31 2025 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update 0.394: * Update pci, usb and vendor ids * Fix usb.ids encoding and a couple of typos * Fix configure to honor --prefix ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4377-1 Released: Fri Dec 12 10:37:09 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:41-1 Released: Tue Jan 6 11:33:23 2026 Summary: Security update for rsync Type: security Severity: moderate References: 1254441,CVE-2025-10158 This update for rsync fixes the following issues: - CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:67-1 Released: Thu Jan 8 13:22:12 2026 Summary: Security update for podman Type: security Severity: moderate References: 1253993,CVE-2025-47914 This update for podman fixes the following issues: - CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an out-of-bounds read with non validated message size (bsc#1253993) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:117-1 Released: Tue Jan 13 05:33:38 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:214-1 Released: Thu Jan 22 13:09:26 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:305-1 Released: Tue Jan 27 17:15:03 2026 Summary: Recommended update for kernel-firmware Type: security Severity: important References: 1256483 This update for kernel-firmware fixes the following issues: - Update AMD ucode to 20251203 (bsc#1256483) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:359-1 Released: Mon Feb 2 10:54:54 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:446-1 Released: Wed Feb 11 14:31:02 2026 Summary: Recommended update for podman Type: recommended Severity: moderate References: 1248988 This update for podman fixes the following issues: - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:570-1 Released: Tue Feb 17 17:38:47 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1247858,1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:577-1 Released: Wed Feb 18 16:49:13 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:694-1 Released: Fri Feb 27 16:14:32 2026 Summary: Security update for gpg2 Type: security Severity: moderate References: 1256389 This update for gpg2 fixes the following issues: Security fix: - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data (bsc#1256389) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:783-1 Released: Tue Mar 3 14:36:14 2026 Summary: Security update for zlib Type: security Severity: moderate References: 1258392,CVE-2026-27171 This update for zlib fixes the following issue: - CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing checks for negative lengths (bsc#1258392). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:791-1 Released: Tue Mar 3 16:59:33 2026 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1257463 This update for gcc15 fixes the following issues: - Fix bogus expression simplification (bsc#1257463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:801-1 Released: Wed Mar 4 13:33:26 2026 Summary: Security update for libxslt Type: security Severity: moderate References: 1250553,CVE-2025-10911 This update for libxslt fixes the following issues: - CVE-2025-10911: use-after-free will be fixed on libxml2 side instead (bsc#1250553). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:813-1 Released: Thu Mar 5 09:33:59 2026 Summary: Security update for mozilla-nss Type: security Severity: moderate References: 1258568,CVE-2026-2781 This update for mozilla-nss fixes the following issues: Update to NSS 3.112.3: * CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:826-1 Released: Thu Mar 5 16:16:29 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:856-1 Released: Tue Mar 10 09:35:24 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1258859,CVE-2026-3184 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:896-1 Released: Fri Mar 13 16:25:07 2026 Summary: Security update for glibc Type: security Severity: important References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) - CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) - CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:910-1 Released: Tue Mar 17 20:34:12 2026 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:911-1 Released: Tue Mar 17 20:56:12 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:931-1 Released: Thu Mar 19 09:23:14 2026 Summary: Security update for jq Type: security Severity: low References: 1248600,CVE-2025-9403 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:949-1 Released: Fri Mar 20 19:08:19 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1061-1 Released: Thu Mar 26 11:35:08 2026 Summary: Security update for systemd Type: security Severity: important References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - 6a38d88a42 machined: reject invalid class types when registering machines - 8c9a592e5a udev: fix review mixup - b57007a917 udev-builtin-net-id: print cescaped bad attributes - ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX - 0f63e799e6 udev: ensure tag parsing stays within bounds - 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf - 5be21460ce udev: check for invalid chars in various fields received from the kernel - 9559607b16 core/cgroup: avoid one unnecessary strjoina() - fcae348ca4 core: validate input cgroup path more prudently - a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere - 08125d6b06 units: add dep on systemd-logind.service by user at .service ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1065-1 Released: Thu Mar 26 11:38:12 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1087-1 Released: Thu Mar 26 16:20:57 2026 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1222465,1234736 This update for util-linux fixes the following issues: - recognize fuse 'portal' as a virtual file system (bsc#1234736). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1166-1 Released: Thu Apr 2 03:08:04 2026 Summary: Security update for expat Type: security Severity: important References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1177-1 Released: Thu Apr 2 17:00:30 2026 Summary: Security update for tar Type: security Severity: important References: 1246399,CVE-2025-45582 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1247-1 Released: Fri Apr 10 12:34:39 2026 Summary: Security update for nghttp2 Type: security Severity: important References: 1259845,CVE-2026-27135 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1290-1 Released: Mon Apr 13 10:08:34 2026 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1260441,1260442,1260443,1260444,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1308-1 Released: Tue Apr 14 12:37:49 2026 Summary: Security update for sudo Type: security Severity: important References: 1261420,CVE-2026-35535 This update for sudo fixes the following issue: - CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1403-1 Released: Thu Apr 16 13:34:01 2026 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1424-1 Released: Fri Apr 17 10:02:57 2026 Summary: Security update for polkit Type: security Severity: moderate References: 1260859,CVE-2026-4897 This update for polkit fixes the following issue: - CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1427-1 Released: Fri Apr 17 11:58:37 2026 Summary: Security update for NetworkManager Type: security Severity: moderate References: 1257359,CVE-2025-9615 This update for NetworkManager fixes the following issue: - CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1432-1 Released: Fri Apr 17 12:12:08 2026 Summary: Security update for libcap Type: security Severity: important References: 1261809,CVE-2026-4878 This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1487-1 Released: Mon Apr 20 17:52:11 2026 Summary: Security update for runc Type: security Severity: important References: This update for runc rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1510-1 Released: Tue Apr 21 08:28:12 2026 Summary: Security update for ncurses Type: security Severity: moderate References: 1259924,CVE-2025-69720 This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1540-1 Released: Wed Apr 22 09:21:58 2026 Summary: Security update for podman Type: security Severity: important References: This update for podman rebuilds it against the current go 1.25 security release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1550-1 Released: Wed Apr 22 11:41:14 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1261678,CVE-2026-28390 This update for openssl-1_1 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1561-1 Released: Thu Apr 23 08:34:49 2026 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: This update for mozilla-nss fixes the following issues: Update to NSS 3.112.4: * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey. * Improving the allocation of S/MIME DecryptSymKey. * store email on subject cache_entry in NSS trust domain. * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation. * Improve size calculations in CMS content buffering. * avoid integer overflow while escaping RFC822 Names. * Reject excessively large ASN.1 SEQUENCE OF in quickder. * Deep copy profile data in CERT_FindSMimeProfile. * Improve input validation in DSAU signature decoding. * avoid integer overflow in RSA_EMSAEncodePSS. * RSA_EMSAEncodePSS should validate the length of mHash. * Add a maximum cert uncompressed len and tests. * Clarify extension negotiation mechanism for TLS Handshakes. * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree. * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag. * Remove invalid PORT_Free(). * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * make ss->ssl3.hs.cookie an owned-copy of the cookie. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1565-1 Released: Thu Apr 23 09:08:29 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1607-1 Released: Fri Apr 24 13:50:52 2026 Summary: Security update for vim Type: security Severity: important References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982 This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). - CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). - CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1659-1 Released: Wed Apr 29 13:09:06 2026 Summary: Security update for sed Type: security Severity: moderate References: 1262144,CVE-2026-5958 This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1717-1 Released: Wed May 6 14:13:17 2026 Summary: Security update for curl Type: security Severity: important References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429 This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: - sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:1759-1 Released: Thu May 7 16:03:37 2026 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1261274 This update for dracut fixes the following issues: - Update to version 055+suse.399.g9aa7e567: * fix: make iso-scan trigger udev events (bsc#1261274) The following package changes have been done: - glibc-2.31-150300.98.1 updated - libz1-1.2.13-150500.4.6.1 updated - libuuid1-2.37.4-150500.9.26.1 updated - libudev1-249.17-150400.8.55.1 updated - libsmartcols1-2.37.4-150500.9.26.1 updated - libgcc_s1-15.2.0+git10201-150000.1.9.1 updated - libexpat1-2.7.1-150400.3.37.1 updated - libcap2-2.63-150400.3.6.1 updated - libblkid1-2.37.4-150500.9.26.1 updated - libxml2-2-2.10.3-150500.5.38.1 updated - libopenssl1_1-1.1.1l-150500.17.54.1 updated - libstdc++6-15.2.0+git10201-150000.1.9.1 updated - libfdisk1-2.37.4-150500.9.26.1 updated - libmount1-2.37.4-150500.9.26.1 updated - libkmod2-29-150300.4.18.1 updated - libsystemd0-249.17-150400.8.55.1 updated - libncurses6-6.1-150000.5.33.1 updated - terminfo-base-6.1-150000.5.33.1 updated - ncurses-utils-6.1-150000.5.33.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.18.4 updated - sed-4.4-150300.13.6.1 updated - openssl-1_1-1.1.1l-150500.17.54.1 updated - util-linux-2.37.4-150500.9.26.1 updated - kmod-29-150300.4.18.1 updated - systemd-249.17-150400.8.55.1 updated - util-linux-systemd-2.37.4-150500.9.26.1 updated - systemd-sysvinit-249.17-150400.8.55.1 updated - udev-249.17-150400.8.55.1 updated - dracut-055+suse.399.g9aa7e567-150500.3.35.1 updated - libdevmapper-event1_03-2.03.22_1.02.196-150500.7.18.4 updated - libfreebl3-3.112.4-150400.3.66.1 updated - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libnghttp2-14-1.40.0-150200.22.1 updated - libsasl2-3-2.1.28-150500.3.3.1 updated - libsqlite3-0-3.51.3-150000.3.39.1 updated - libssh-config-0.9.8-150400.3.17.1 updated - libgobject-2_0-0-2.70.5-150400.3.34.1 updated - libgmodule-2_0-0-2.70.5-150400.3.34.1 updated - libssh4-0.9.8-150400.3.17.1 updated - mozilla-nss-certs-3.112.4-150400.3.66.1 updated - tar-1.34-150000.3.37.1 updated - device-mapper-2.03.22_1.02.196-150500.7.18.4 updated - libgio-2_0-0-2.70.5-150400.3.34.1 updated - glib2-tools-2.70.5-150400.3.34.1 updated - libcurl4-8.14.1-150400.5.83.1 updated - mozilla-nss-3.112.4-150400.3.66.1 updated - libsoftokn3-3.112.4-150400.3.66.1 updated - libnm0-1.38.6-150500.3.5.1 updated - NetworkManager-1.38.6-150500.3.5.1 updated - liblvm2cmd2_03-2.03.22-150500.7.18.4 updated - lvm2-2.03.22-150500.7.18.4 updated - glibc-locale-base-2.31-150300.98.1 updated - rsync-3.2.3-150400.3.26.1 updated - gpg2-2.2.27-150300.3.19.1 updated - kernel-firmware-amdgpu-20230724-150500.3.15.1 updated - kernel-firmware-ath10k-20230724-150500.3.15.1 updated - kernel-firmware-ath11k-20230724-150500.3.15.1 updated - kernel-firmware-atheros-20230724-150500.3.15.1 updated - kernel-firmware-bluetooth-20230724-150500.3.15.1 updated - kernel-firmware-bnx2-20230724-150500.3.15.1 updated - kernel-firmware-brcm-20230724-150500.3.15.1 updated - kernel-firmware-chelsio-20230724-150500.3.15.1 updated - kernel-firmware-dpaa2-20230724-150500.3.15.1 updated - kernel-firmware-i915-20230724-150500.3.15.1 updated - kernel-firmware-intel-20230724-150500.3.15.1 updated - kernel-firmware-iwlwifi-20230724-150500.3.15.1 updated - kernel-firmware-liquidio-20230724-150500.3.15.1 updated - kernel-firmware-marvell-20230724-150500.3.15.1 updated - kernel-firmware-media-20230724-150500.3.15.1 updated - kernel-firmware-mediatek-20230724-150500.3.15.1 updated - kernel-firmware-mellanox-20230724-150500.3.15.1 updated - kernel-firmware-mwifiex-20230724-150500.3.15.1 updated - kernel-firmware-network-20230724-150500.3.15.1 updated - kernel-firmware-nfp-20230724-150500.3.15.1 updated - kernel-firmware-nvidia-20230724-150500.3.15.1 updated - kernel-firmware-platform-20230724-150500.3.15.1 updated - kernel-firmware-prestera-20230724-150500.3.15.1 updated - kernel-firmware-qcom-20230724-150500.3.15.1 updated - kernel-firmware-qlogic-20230724-150500.3.15.1 updated - kernel-firmware-radeon-20230724-150500.3.15.1 updated - kernel-firmware-realtek-20230724-150500.3.15.1 updated - kernel-firmware-serial-20230724-150500.3.15.1 updated - kernel-firmware-sound-20230724-150500.3.15.1 updated - kernel-firmware-ti-20230724-150500.3.15.1 updated - kernel-firmware-ueagle-20230724-150500.3.15.1 updated - kernel-firmware-usb-network-20230724-150500.3.15.1 updated - libavahi-common3-0.8-150400.7.26.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libxslt1-1.1.34-150400.3.16.1 updated - runc-1.3.4-150000.92.1 updated - sudo-1.9.12p1-150500.7.16.1 updated - vim-data-common-9.2.0280-150500.20.46.1 updated - kernel-firmware-all-20230724-150500.3.15.1 updated - libavahi-core7-0.8-150400.7.26.1 updated - libpolkit-gobject-1-0-121-150500.3.11.1 updated - libpolkit-agent-1-0-121-150500.3.11.1 updated - polkit-121-150500.3.11.1 updated - libjq1-1.6-150000.3.12.1 updated - vim-small-9.2.0280-150500.20.46.1 updated - avahi-0.8-150400.7.26.1 updated - hwdata-0.394-150000.3.77.2 added - jq-1.6-150000.3.12.1 updated - pciutils-3.13.0-150300.13.12.1 updated - NetworkManager-wwan-1.38.6-150500.3.5.1 updated - podman-4.9.5-150500.3.67.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.272 updated - pciutils-ids-20200324-3.6.1 removed From sle-container-updates at lists.suse.com Wed May 13 07:06:57 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:06:57 +0200 (CEST) Subject: SUSE-IU-2026:3299-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260513070657.054C9FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3299-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.273 , suse/sle-micro/base-5.5:latest Image Release : 5.8.273 Severity : moderate Type : security References : 1263366 1263367 CVE-2026-40355 CVE-2026-40356 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1816-1 Released: Tue May 12 09:56:32 2026 Summary: Security update for krb5 Type: security Severity: moderate References: 1263366,1263367,CVE-2026-40355,CVE-2026-40356 This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). The following package changes have been done: - krb5-1.20.1-150500.3.20.1 updated From sle-container-updates at lists.suse.com Wed May 13 07:09:01 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:09:01 +0200 (CEST) Subject: SUSE-IU-2026:3300-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260513070901.800E6FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3300-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.526 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.526 Severity : moderate Type : security References : 1263366 1263367 CVE-2026-40355 CVE-2026-40356 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1816-1 Released: Tue May 12 09:56:32 2026 Summary: Security update for krb5 Type: security Severity: moderate References: 1263366,1263367,CVE-2026-40355,CVE-2026-40356 This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). The following package changes have been done: - krb5-1.20.1-150500.3.20.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.273 updated From sle-container-updates at lists.suse.com Wed May 13 07:12:02 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:12:02 +0200 (CEST) Subject: SUSE-IU-2026:3301-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20260513071202.9A947FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3301-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.585 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.585 Severity : moderate Type : security References : 1263366 1263367 CVE-2026-40355 CVE-2026-40356 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1816-1 Released: Tue May 12 09:56:32 2026 Summary: Security update for krb5 Type: security Severity: moderate References: 1263366,1263367,CVE-2026-40355,CVE-2026-40356 This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). The following package changes have been done: - krb5-1.20.1-150500.3.20.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.8.4 updated From sle-container-updates at lists.suse.com Wed May 13 07:14:21 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:14:21 +0200 (CEST) Subject: SUSE-IU-2026:3302-1: Security update of suse/sle-micro/5.5 Message-ID: <20260513071421.2373CFB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3302-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.8.4 , suse/sle-micro/5.5:latest Image Release : 5.8.4 Severity : moderate Type : security References : 1263366 1263367 CVE-2026-40355 CVE-2026-40356 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1816-1 Released: Tue May 12 09:56:32 2026 Summary: Security update for krb5 Type: security Severity: moderate References: 1263366,1263367,CVE-2026-40355,CVE-2026-40356 This update for krb5 fixes the following issues - CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). - CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). The following package changes have been done: - krb5-1.20.1-150500.3.20.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.273 updated From sle-container-updates at lists.suse.com Wed May 13 07:18:02 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:18:02 +0200 (CEST) Subject: SUSE-CU-2026:4878-1: Security update of private-registry/1.2/harbor-trivy-adapter Message-ID: <20260513071802.99654F79C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/1.2/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4878-1 Container Tags : private-registry/1.2/harbor-trivy-adapter:1.2.0 , private-registry/1.2/harbor-trivy-adapter:1.2.0-1.16 , private-registry/1.2/harbor-trivy-adapter:latest Container Release : 1.16 Severity : moderate Type : security References : 1264873 CVE-2026-41506 ----------------------------------------------------------------- The container private-registry/1.2/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1834-1 Released: Tue May 12 18:15:55 2026 Summary: Security update for trivy Type: security Severity: moderate References: 1264873,CVE-2026-41506 This update for trivy fixes the following issue - CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during smart-HTTP clone and fetch operations (bsc#1264873). The following package changes have been done: - trivy-0.70.0-150000.1.15.1 updated From sle-container-updates at lists.suse.com Wed May 13 07:19:11 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:19:11 +0200 (CEST) Subject: SUSE-CU-2026:4880-1: Security update of private-registry/harbor-trivy-adapter Message-ID: <20260513071911.AC94FF79C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4880-1 Container Tags : private-registry/harbor-trivy-adapter:1.1.2 , private-registry/harbor-trivy-adapter:1.1.2-2.35 , private-registry/harbor-trivy-adapter:latest Container Release : 2.35 Severity : moderate Type : security References : 1264873 CVE-2026-41506 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1834-1 Released: Tue May 12 18:15:55 2026 Summary: Security update for trivy Type: security Severity: moderate References: 1264873,CVE-2026-41506 This update for trivy fixes the following issue - CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during smart-HTTP clone and fetch operations (bsc#1264873). The following package changes have been done: - trivy-0.70.0-150000.1.15.1 updated From sle-container-updates at lists.suse.com Wed May 13 07:27:25 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:27:25 +0200 (CEST) Subject: SUSE-IU-2026:3303-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20260513072725.4034DF79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3303-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.176 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.176 Severity : important Type : security References : 1230279 1261427 1261430 CVE-2026-35385 CVE-2026-35414 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 704 Released: Tue May 12 11:38:42 2026 Summary: Security update for openssh Type: security Severity: important References: 1230279,1261427,1261430,CVE-2026-35385,CVE-2026-35414 This update for openssh fixes the following issues The following package changes have been done: - openssh-common-9.6p1-5.1 updated - openssh-server-9.6p1-5.1 updated - openssh-clients-9.6p1-5.1 updated - openssh-9.6p1-5.1 updated - container:SL-Micro-base-container-2.1.3-7.143 updated From sle-container-updates at lists.suse.com Wed May 13 07:29:27 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:29:27 +0200 (CEST) Subject: SUSE-IU-2026:3304-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20260513072927.F1D4BF79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3304-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.143 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.143 Severity : important Type : security References : 1264449 1264450 CVE-2026-43284 CVE-2026-43500 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-400 Released: Tue May 12 12:32:52 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1264449,1264450,CVE-2026-43284,CVE-2026-43500 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). - CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). The following package changes have been done: - kernel-default-6.4.0-43.1 updated From sle-container-updates at lists.suse.com Wed May 13 07:31:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:31:38 +0200 (CEST) Subject: SUSE-IU-2026:3305-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20260513073138.A9B87F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3305-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.159 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.159 Severity : important Type : security References : 1264449 1264450 CVE-2026-43284 CVE-2026-43500 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-400 Released: Tue May 12 12:32:52 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1264449,1264450,CVE-2026-43284,CVE-2026-43500 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). - CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). The following package changes have been done: - kernel-default-base-6.4.0-43.1.21.20 updated - container:SL-Micro-base-container-2.1.3-7.143 updated From sle-container-updates at lists.suse.com Wed May 13 07:41:45 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:41:45 +0200 (CEST) Subject: SUSE-IU-2026:3307-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20260513074145.05B8FF79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3307-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.106 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.106 Severity : important Type : security References : 1231055 1252425 1252892 1261427 1261430 CVE-2026-35385 CVE-2026-35414 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 524 Released: Tue May 12 12:19:47 2026 Summary: Security update for openssh Type: security Severity: important References: 1231055,1252425,1252892,1261427,1261430,CVE-2026-35385,CVE-2026-35414 This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid (bsc#1261427). - CVE-2026-35414: mishandling of authorized_keys principals option (bsc#1261430). The following package changes have been done: - openssh-common-9.6p1-slfo.1.1_4.1 updated - openssh-server-9.6p1-slfo.1.1_4.1 updated - openssh-clients-9.6p1-slfo.1.1_4.1 updated - openssh-9.6p1-slfo.1.1_4.1 updated - container:SL-Micro-base-container-2.2.1-5.129 updated From sle-container-updates at lists.suse.com Wed May 13 07:43:47 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:43:47 +0200 (CEST) Subject: SUSE-IU-2026:3308-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20260513074347.72A24F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3308-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.129 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.129 Severity : important Type : security References : 1264449 1264450 CVE-2026-43284 CVE-2026-43500 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-400 Released: Tue May 12 12:32:52 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1264449,1264450,CVE-2026-43284,CVE-2026-43500 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). - CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). The following package changes have been done: - kernel-default-6.4.0-43.1 updated From sle-container-updates at lists.suse.com Wed May 13 07:45:52 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 09:45:52 +0200 (CEST) Subject: SUSE-IU-2026:3309-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20260513074552.60648F79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3309-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.130 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.130 Severity : important Type : security References : 1264449 1264450 CVE-2026-43284 CVE-2026-43500 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-400 Released: Tue May 12 12:32:52 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1264449,1264450,CVE-2026-43284,CVE-2026-43500 The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). - CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). The following package changes have been done: - kernel-default-base-6.4.0-43.1.21.20 updated - container:SL-Micro-base-container-2.2.1-5.129 updated From sle-container-updates at lists.suse.com Wed May 13 08:06:17 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 10:06:17 +0200 (CEST) Subject: SUSE-IU-2026:3317-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260513080617.461B4FB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3317-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.128 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.128 Severity : important Type : security References : 1264449 1264450 CVE-2026-43284 CVE-2026-43500 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 734 Released: Tue May 12 17:13:15 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1264449,1264450,CVE-2026-43284,CVE-2026-43500 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: Dirty Frag fixes: - CVE-2026-43500: supported.conf: drop rxrpc completely (bsc#1264450) - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). The following package changes have been done: - kernel-default-base-6.12.0-160000.30.1.160000.2.11 updated From sle-container-updates at lists.suse.com Wed May 13 08:09:51 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 May 2026 10:09:51 +0200 (CEST) Subject: SUSE-IU-2026:3323-1: Security update of suse/sl-micro/6.2/rt-os-container Message-ID: <20260513080952.2789BF79C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3323-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.167 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 6.167 Severity : important Type : security References : 1264449 1264450 CVE-2026-43284 CVE-2026-43500 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 734 Released: Tue May 12 17:13:15 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1264449,1264450,CVE-2026-43284,CVE-2026-43500 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: Dirty Frag fixes: - CVE-2026-43500: supported.conf: drop rxrpc completely (bsc#1264450) - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). The following package changes have been done: - kernel-rt-6.12.0-160000.30.1 updated From sle-container-updates at lists.suse.com Fri May 15 07:27:39 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 May 2026 09:27:39 +0200 (CEST) Subject: SUSE-IU-2026:3329-1: Recommended update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260515072739.6404FFB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3329-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.150 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.150 Severity : moderate Type : recommended References : 1261840 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 746 Released: Thu May 14 16:56:18 2026 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1261840 This update for nfs-utils fixes the following issues: - Fix broken libnfsimapd static and regex plugins (bsc#1261840) The following package changes have been done: - libnfsidmap1-1.0-160000.3.1 updated - nfs-client-2.8.2-160000.3.1 updated From sle-container-updates at lists.suse.com Fri May 15 07:27:42 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 May 2026 09:27:42 +0200 (CEST) Subject: SUSE-IU-2026:3330-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260515072742.8054DFB96@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3330-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.151 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.151 Severity : important Type : security References : 1254441 1262223 CVE-2025-10158 CVE-2026-41035 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 749 Released: Thu May 14 18:43:27 2026 Summary: Security update for rsync Type: security Severity: important References: 1254441,1262223,CVE-2025-10158,CVE-2026-41035 This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index (bsc#1254441). - CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223). The following package changes have been done: - rsync-3.4.1-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-c76a013c9387a6d69984b6d92033fb55570dcd0519cbd49ebfe556d9878273e3-0 updated From sle-container-updates at lists.suse.com Fri May 15 07:25:24 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 May 2026 09:25:24 +0200 (CEST) Subject: SUSE-CU-2026:4913-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20260515072524.DD530F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:4913-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.108 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.108 Severity : important Type : security References : 1264449 CVE-2026-43284 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:1857-1 Released: Thu May 14 16:41:09 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1264449,CVE-2026-43284 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one issue - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). The following package changes have been done: - kernel-default-5.14.21-150400.24.209.1 updated From sle-container-updates at lists.suse.com Fri May 15 07:39:53 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 May 2026 09:39:53 +0200 (CEST) Subject: SUSE-IU-2026:3338-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260515073953.E9B4AF7A3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:3338-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.131 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.131 Severity : important Type : security References : 1254441 1262223 CVE-2025-10158 CVE-2026-41035 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 749 Released: Thu May 14 18:43:27 2026 Summary: Security update for rsync Type: security Severity: important References: 1254441,1262223,CVE-2025-10158,CVE-2026-41035 This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index (bsc#1254441). - CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223). The following package changes have been done: - rsync-3.4.1-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-c76a013c9387a6d69984b6d92033fb55570dcd0519cbd49ebfe556d9878273e3-0 updated