SUSE-IU-2026:3233-1: Security update of suse-sles-15-sp4-chost-byos-v20260507-x86_64-gen2
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat May 9 07:03:49 UTC 2026
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20260507-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3233-1
Image Tags : suse-sles-15-sp4-chost-byos-v20260507-x86_64-gen2:20260507
Image Release :
Severity : important
Type : security
References : 1001888 1006827 1029961 1065729 1065729 1098094 1098228 1170554
1192862 1193629 1194869 1196823 1204957 1205128 1205567 1206798
1206889 1206893 1207051 1207088 1207611 1207612 1207619 1207620
1207622 1207636 1207644 1207646 1207652 1207653 1208570 1208758
1209799 1210763 1210817 1210943 1211162 1211690 1211692 1213025
1213032 1213093 1213098 1213105 1213110 1213111 1213114 1213653
1213747 1213747 1213867 1214635 1214940 1214954 1214962 1214986
1214990 1214992 1215148 1216062 1217366 1220137 1220144 1222465
1223007 1224138 1228015 1229003 1229750 1230185 1230861 1231084
1232351 1232526 1233038 1234225 1234736 1235905 1236104 1236104
1236208 1237236 1237240 1237241 1237242 1237885 1237906 1238414
1238491 1238754 1238763 1238896 1238917 1238917 1239119 1239439
1239566 1239938 1240788 1240871 1241002 1241284 1242006 1243794
1243991 1244003 1244011 1244050 1244057 1244057 1244550 1244758
1244904 1244937 1245110 1245199 1245210 1245667 1245723 1245751
1246011 1246025 1246057 1246399 1246544 1246602 1246965 1246974
1247177 1247432 1247483 1247850 1248306 1248377 1248586 1248600
1248807 1248816 1249055 1249076 1249156 1249158 1249375 1249479
1249608 1249657 1249806 1249827 1249857 1249859 1249871 1249988
1250224 1250397 1250553 1250742 1250816 1250946 1251027 1251032
1251034 1251035 1251040 1251043 1251045 1251047 1251052 1251057
1251059 1251061 1251063 1251064 1251065 1251066 1251068 1251072
1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093
1251097 1251099 1251101 1251104 1251110 1251113 1251115 1251123
1251128 1251129 1251133 1251136 1251147 1251149 1251154 1251159
1251164 1251166 1251169 1251170 1251173 1251178 1251180 1251182
1251197 1251198 1251199 1251200 1251201 1251202 1251208 1251210
1251215 1251218 1251222 1251223 1251230 1251247 1251268 1251271
1251281 1251282 1251283 1251285 1251286 1251292 1251294 1251295
1251296 1251298 1251299 1251300 1251302 1251303 1251305 1251306
1251310 1251312 1251322 1251324 1251325 1251326 1251327 1251329
1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550
1251723 1251725 1251728 1251730 1251736 1251737 1251741 1251743
1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767
1251769 1251772 1251775 1251777 1251785 1251786 1251823 1251930
1251967 1252033 1252033 1252035 1252046 1252047 1252069 1252110
1252148 1252232 1252232 1252265 1252267 1252318 1252338 1252379
1252380 1252474 1252475 1252476 1252480 1252484 1252486 1252489
1252490 1252492 1252495 1252497 1252499 1252501 1252508 1252509
1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526
1252528 1252529 1252532 1252535 1252536 1252537 1252538 1252539
1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568
1252634 1252678 1252688 1252692 1252780 1252785 1252785 1252862
1252893 1252904 1252919 1252931 1252932 1252933 1252934 1252935
1252974 1253001 1253028 1253043 1253126 1253132 1253223 1253367
1253409 1253431 1253436 1253702 1253741 1253757 1253783 1254132
1254157 1254158 1254159 1254160 1254180 1254297 1254353 1254353
1254362 1254400 1254401 1254425 1254462 1254463 1254464 1254480
1254520 1254559 1254562 1254572 1254578 1254580 1254592 1254608
1254609 1254614 1254615 1254617 1254625 1254631 1254632 1254634
1254644 1254645 1254649 1254653 1254656 1254658 1254660 1254662
1254664 1254666 1254670 1254670 1254671 1254674 1254676 1254677
1254686 1254690 1254692 1254694 1254696 1254698 1254699 1254704
1254706 1254709 1254710 1254711 1254712 1254713 1254714 1254716
1254723 1254725 1254728 1254729 1254743 1254745 1254751 1254756
1254759 1254763 1254767 1254775 1254780 1254781 1254782 1254783
1254785 1254788 1254789 1254792 1254813 1254842 1254843 1254847
1254851 1254866 1254867 1254867 1254878 1254894 1254902 1254915
1254916 1254917 1254920 1254959 1254974 1254986 1254994 1254997
1255002 1255005 1255007 1255049 1255060 1255075 1255163 1255165
1255171 1255251 1255377 1255401 1255467 1255469 1255521 1255528
1255546 1255549 1255554 1255555 1255558 1255560 1255562 1255565
1255574 1255576 1255578 1255582 1255594 1255600 1255607 1255608
1255609 1255618 1255619 1255620 1255623 1255624 1255626 1255627
1255628 1255636 1255688 1255690 1255697 1255702 1255704 1255715
1255731 1255732 1255733 1255734 1255749 1255750 1255757 1255758
1255760 1255762 1255765 1255769 1255771 1255773 1255780 1255786
1255787 1255789 1255790 1255791 1255792 1255796 1255797 1255800
1255801 1255802 1255803 1255804 1255806 1255808 1255819 1255839
1255843 1255844 1255872 1255875 1255876 1255877 1255878 1255880
1255889 1255901 1255902 1255905 1255906 1255908 1255909 1255910
1255912 1255919 1255922 1255925 1255939 1255950 1255953 1255954
1255962 1255964 1255968 1255969 1255970 1255971 1255978 1255979
1255983 1255985 1255990 1255993 1255994 1255996 1256034 1256040
1256042 1256045 1256046 1256048 1256049 1256053 1256056 1256057
1256062 1256063 1256064 1256065 1256074 1256081 1256086 1256091
1256093 1256095 1256099 1256105 1256114 1256115 1256118 1256119
1256121 1256122 1256124 1256125 1256126 1256127 1256130 1256131
1256132 1256133 1256136 1256137 1256140 1256141 1256142 1256143
1256145 1256149 1256152 1256154 1256155 1256157 1256158 1256162
1256165 1256167 1256172 1256173 1256174 1256177 1256178 1256179
1256182 1256184 1256185 1256186 1256188 1256189 1256191 1256192
1256193 1256194 1256196 1256199 1256200 1256202 1256203 1256204
1256205 1256206 1256207 1256208 1256211 1256215 1256216 1256219
1256220 1256221 1256223 1256228 1256230 1256231 1256235 1256241
1256242 1256244 1256245 1256246 1256248 1256250 1256254 1256260
1256265 1256269 1256271 1256274 1256282 1256285 1256291 1256295
1256300 1256306 1256317 1256320 1256323 1256326 1256328 1256331
1256333 1256334 1256335 1256337 1256338 1256341 1256344 1256346
1256349 1256353 1256355 1256368 1256370 1256375 1256382 1256383
1256384 1256386 1256388 1256389 1256390 1256391 1256394 1256395
1256396 1256397 1256423 1256426 1256432 1256498 1256499 1256500
1256504 1256525 1256526 1256582 1256612 1256623 1256641 1256645
1256675 1256709 1256726 1256744 1256745 1256747 1256766 1256779
1256792 1256804 1256805 1256807 1256808 1256809 1256810 1256811
1256812 1256822 1256834 1256835 1256836 1256837 1256838 1256839
1256840 1256902 1257005 1257029 1257031 1257041 1257042 1257044
1257046 1257049 1257144 1257181 1257231 1257232 1257236 1257296
1257364 1257365 1257463 1257473 1257473 1257490 1257496 1257593
1257594 1257595 1257625 1257667 1257732 1257735 1257749 1257771
1257773 1257790 1257825 1257960 1258002 1258020 1258022 1258045
1258049 1258054 1258080 1258081 1258229 1258340 1258395 1258406
1258518 1258730 1258849 1258850 1258859 1259051 1259362 1259362
1259363 1259364 1259365 1259377 1259418 1259543 1259611 1259616
1259619 1259650 1259697 1259711 1259726 1259729 1259734 1259735
1259797 1259803 1259829 1259845 1259857 1259924 1259985 1259989
1260005 1260009 1260026 1260441 1260442 1260443 1260444 1260445
1260589 1260754 1260805 1261155 1261191 1261271 1261274 1261420
1261568 1261678 1261809 1261969 1261970 1262098 1262144 1262178
1262180 1262319 1262428 1262573 1262631 1262632 1262635 1262636
1262638 1262654 529469 837347 CVE-2022-0854 CVE-2022-43945 CVE-2022-48853
CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50280
CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472
CVE-2022-50475 CVE-2022-50478 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484
CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490
CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497
CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504
CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513
CVE-2022-50514 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521
CVE-2022-50523 CVE-2022-50525 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530
CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541
CVE-2022-50542 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549
CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560
CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566
CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574
CVE-2022-50575 CVE-2022-50576 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580
CVE-2022-50581 CVE-2022-50582 CVE-2022-50614 CVE-2022-50615 CVE-2022-50617
CVE-2022-50618 CVE-2022-50619 CVE-2022-50622 CVE-2022-50623 CVE-2022-50625
CVE-2022-50626 CVE-2022-50629 CVE-2022-50630 CVE-2022-50633 CVE-2022-50635
CVE-2022-50636 CVE-2022-50638 CVE-2022-50640 CVE-2022-50641 CVE-2022-50643
CVE-2022-50644 CVE-2022-50646 CVE-2022-50649 CVE-2022-50652 CVE-2022-50653
CVE-2022-50656 CVE-2022-50658 CVE-2022-50660 CVE-2022-50661 CVE-2022-50662
CVE-2022-50664 CVE-2022-50666 CVE-2022-50668 CVE-2022-50669 CVE-2022-50670
CVE-2022-50671 CVE-2022-50672 CVE-2022-50673 CVE-2022-50675 CVE-2022-50677
CVE-2022-50678 CVE-2022-50679 CVE-2022-50697 CVE-2022-50698 CVE-2022-50699
CVE-2022-50700 CVE-2022-50702 CVE-2022-50703 CVE-2022-50704 CVE-2022-50709
CVE-2022-50715 CVE-2022-50716 CVE-2022-50717 CVE-2022-50718 CVE-2022-50719
CVE-2022-50722 CVE-2022-50724 CVE-2022-50726 CVE-2022-50727 CVE-2022-50728
CVE-2022-50730 CVE-2022-50731 CVE-2022-50732 CVE-2022-50733 CVE-2022-50735
CVE-2022-50736 CVE-2022-50740 CVE-2022-50742 CVE-2022-50744 CVE-2022-50745
CVE-2022-50747 CVE-2022-50749 CVE-2022-50750 CVE-2022-50751 CVE-2022-50752
CVE-2022-50754 CVE-2022-50755 CVE-2022-50756 CVE-2022-50757 CVE-2022-50758
CVE-2022-50760 CVE-2022-50761 CVE-2022-50763 CVE-2022-50767 CVE-2022-50769
CVE-2022-50770 CVE-2022-50773 CVE-2022-50774 CVE-2022-50776 CVE-2022-50777
CVE-2022-50779 CVE-2022-50781 CVE-2022-50782 CVE-2022-50809 CVE-2022-50814
CVE-2022-50819 CVE-2022-50821 CVE-2022-50822 CVE-2022-50823 CVE-2022-50824
CVE-2022-50826 CVE-2022-50827 CVE-2022-50828 CVE-2022-50829 CVE-2022-50830
CVE-2022-50832 CVE-2022-50834 CVE-2022-50835 CVE-2022-50836 CVE-2022-50839
CVE-2022-50840 CVE-2022-50842 CVE-2022-50843 CVE-2022-50844 CVE-2022-50845
CVE-2022-50846 CVE-2022-50848 CVE-2022-50849 CVE-2022-50850 CVE-2022-50851
CVE-2022-50853 CVE-2022-50856 CVE-2022-50858 CVE-2022-50859 CVE-2022-50860
CVE-2022-50861 CVE-2022-50864 CVE-2022-50866 CVE-2022-50868 CVE-2022-50870
CVE-2022-50872 CVE-2022-50876 CVE-2022-50878 CVE-2022-50880 CVE-2022-50881
CVE-2022-50882 CVE-2022-50884 CVE-2022-50885 CVE-2022-50886 CVE-2022-50887
CVE-2022-50888 CVE-2022-50889 CVE-2023-23559 CVE-2023-52433 CVE-2023-52923
CVE-2023-52923 CVE-2023-53178 CVE-2023-53215 CVE-2023-53254 CVE-2023-53365
CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53500
CVE-2023-53533 CVE-2023-53534 CVE-2023-53541 CVE-2023-53542 CVE-2023-53548
CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556
CVE-2023-53559 CVE-2023-53560 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567
CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53576
CVE-2023-53579 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53592
CVE-2023-53594 CVE-2023-53597 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605
CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615
CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625
CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640
CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651
CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668
CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53676
CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687
CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53700
CVE-2023-53704 CVE-2023-53705 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711
CVE-2023-53715 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722
CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730
CVE-2023-53743 CVE-2023-53744 CVE-2023-53746 CVE-2023-53747 CVE-2023-53751
CVE-2023-53754 CVE-2023-53755 CVE-2023-53761 CVE-2023-53766 CVE-2023-53781
CVE-2023-53783 CVE-2023-53786 CVE-2023-53788 CVE-2023-53792 CVE-2023-53794
CVE-2023-53802 CVE-2023-53803 CVE-2023-53804 CVE-2023-53808 CVE-2023-53811
CVE-2023-53814 CVE-2023-53818 CVE-2023-53819 CVE-2023-53820 CVE-2023-53827
CVE-2023-53830 CVE-2023-53832 CVE-2023-53834 CVE-2023-53837 CVE-2023-53840
CVE-2023-53842 CVE-2023-53844 CVE-2023-53845 CVE-2023-53847 CVE-2023-53850
CVE-2023-53852 CVE-2023-53858 CVE-2023-53862 CVE-2023-53866 CVE-2023-53990
CVE-2023-53991 CVE-2023-53996 CVE-2023-53998 CVE-2023-54001 CVE-2023-54003
CVE-2023-54007 CVE-2023-54009 CVE-2023-54010 CVE-2023-54014 CVE-2023-54015
CVE-2023-54018 CVE-2023-54019 CVE-2023-54020 CVE-2023-54021 CVE-2023-54024
CVE-2023-54025 CVE-2023-54026 CVE-2023-54028 CVE-2023-54036 CVE-2023-54039
CVE-2023-54040 CVE-2023-54042 CVE-2023-54045 CVE-2023-54046 CVE-2023-54048
CVE-2023-54049 CVE-2023-54050 CVE-2023-54051 CVE-2023-54053 CVE-2023-54055
CVE-2023-54058 CVE-2023-54064 CVE-2023-54072 CVE-2023-54076 CVE-2023-54078
CVE-2023-54079 CVE-2023-54083 CVE-2023-54084 CVE-2023-54090 CVE-2023-54091
CVE-2023-54092 CVE-2023-54095 CVE-2023-54096 CVE-2023-54097 CVE-2023-54098
CVE-2023-54100 CVE-2023-54102 CVE-2023-54104 CVE-2023-54108 CVE-2023-54110
CVE-2023-54111 CVE-2023-54115 CVE-2023-54118 CVE-2023-54119 CVE-2023-54120
CVE-2023-54122 CVE-2023-54123 CVE-2023-54126 CVE-2023-54127 CVE-2023-54130
CVE-2023-54131 CVE-2023-54136 CVE-2023-54140 CVE-2023-54142 CVE-2023-54146
CVE-2023-54150 CVE-2023-54153 CVE-2023-54156 CVE-2023-54159 CVE-2023-54166
CVE-2023-54168 CVE-2023-54170 CVE-2023-54171 CVE-2023-54173 CVE-2023-54177
CVE-2023-54179 CVE-2023-54183 CVE-2023-54186 CVE-2023-54189 CVE-2023-54190
CVE-2023-54197 CVE-2023-54198 CVE-2023-54199 CVE-2023-54201 CVE-2023-54202
CVE-2023-54205 CVE-2023-54208 CVE-2023-54211 CVE-2023-54213 CVE-2023-54214
CVE-2023-54219 CVE-2023-54230 CVE-2023-54236 CVE-2023-54242 CVE-2023-54243
CVE-2023-54244 CVE-2023-54245 CVE-2023-54252 CVE-2023-54260 CVE-2023-54264
CVE-2023-54266 CVE-2023-54269 CVE-2023-54270 CVE-2023-54271 CVE-2023-54274
CVE-2023-54275 CVE-2023-54277 CVE-2023-54280 CVE-2023-54284 CVE-2023-54286
CVE-2023-54287 CVE-2023-54289 CVE-2023-54292 CVE-2023-54293 CVE-2023-54294
CVE-2023-54295 CVE-2023-54298 CVE-2023-54299 CVE-2023-54300 CVE-2023-54301
CVE-2023-54302 CVE-2023-54304 CVE-2023-54305 CVE-2023-54309 CVE-2023-54311
CVE-2023-54315 CVE-2023-54317 CVE-2023-54319 CVE-2023-54321 CVE-2023-54325
CVE-2023-54326 CVE-2023-7324 CVE-2024-2312 CVE-2024-25621 CVE-2024-26581
CVE-2024-26832 CVE-2024-28956 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350
CVE-2024-36357 CVE-2024-44987 CVE-2024-46854 CVE-2024-50143 CVE-2024-54031
CVE-2025-10911 CVE-2025-11468 CVE-2025-11563 CVE-2025-11961 CVE-2025-12084
CVE-2025-13151 CVE-2025-13462 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372
CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017
CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819
CVE-2025-14831 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15282
CVE-2025-15366 CVE-2025-15367 CVE-2025-21658 CVE-2025-21738 CVE-2025-21738
CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-27466
CVE-2025-28162 CVE-2025-28164 CVE-2025-30258 CVE-2025-31133 CVE-2025-31133
CVE-2025-38068 CVE-2025-38129 CVE-2025-38159 CVE-2025-38234 CVE-2025-38375
CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-39742 CVE-2025-39797
CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39967 CVE-2025-39968
CVE-2025-39973 CVE-2025-39977 CVE-2025-39978 CVE-2025-40018 CVE-2025-40019
CVE-2025-40040 CVE-2025-40044 CVE-2025-40044 CVE-2025-40048 CVE-2025-40088
CVE-2025-40102 CVE-2025-40121 CVE-2025-40139 CVE-2025-40154 CVE-2025-40204
CVE-2025-40215 CVE-2025-40220 CVE-2025-40233 CVE-2025-40242 CVE-2025-40256
CVE-2025-40257 CVE-2025-40258 CVE-2025-40277 CVE-2025-40280 CVE-2025-40300
CVE-2025-40331 CVE-2025-40778 CVE-2025-40780 CVE-2025-45582 CVE-2025-52565
CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-53906 CVE-2025-54505
CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148
CVE-2025-58149 CVE-2025-58150 CVE-2025-58436 CVE-2025-58436 CVE-2025-58436
CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664
CVE-2025-61915 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-64505
CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-66418
CVE-2025-66471 CVE-2025-66471 CVE-2025-68160 CVE-2025-68183 CVE-2025-68276
CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68468 CVE-2025-68471
CVE-2025-68732 CVE-2025-68813 CVE-2025-68818 CVE-2025-68973 CVE-2025-69418
CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720 CVE-2025-7039
CVE-2025-70873 CVE-2025-71066 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112
CVE-2025-71116 CVE-2025-71120 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058
CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-8732 CVE-2025-9403
CVE-2025-9714 CVE-2025-9820 CVE-2026-0672 CVE-2026-0861 CVE-2026-0865
CVE-2026-0915 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967
CVE-2026-0968 CVE-2026-0988 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992
CVE-2026-1299 CVE-2026-1502 CVE-2026-1519 CVE-2026-1757 CVE-2026-1965
CVE-2026-1965 CVE-2026-21441 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796
CVE-2026-22801 CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23054
CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23103 CVE-2026-23191
CVE-2026-23204 CVE-2026-23209 CVE-2026-23243 CVE-2026-23268 CVE-2026-23269
CVE-2026-23272 CVE-2026-23274 CVE-2026-23490 CVE-2026-23553 CVE-2026-23557
CVE-2026-23558 CVE-2026-24515 CVE-2026-25210 CVE-2026-25645 CVE-2026-25646
CVE-2026-26269 CVE-2026-27135 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389
CVE-2026-28390 CVE-2026-28417 CVE-2026-29111 CVE-2026-30922 CVE-2026-31431
CVE-2026-31789 CVE-2026-31790 CVE-2026-3184 CVE-2026-32597 CVE-2026-32776
CVE-2026-32777 CVE-2026-32778 CVE-2026-33412 CVE-2026-33416 CVE-2026-3446
CVE-2026-34714 CVE-2026-3479 CVE-2026-34982 CVE-2026-34990 CVE-2026-35535
CVE-2026-3644 CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805
CVE-2026-4105 CVE-2026-4224 CVE-2026-4519 CVE-2026-4786 CVE-2026-4873
CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6019 CVE-2026-6100
CVE-2026-6253 CVE-2026-6276 CVE-2026-6429
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20260507-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3788-1
Released: Fri Oct 24 15:28:50 2025
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3794-1
Released: Fri Oct 24 17:36:29 2025
Summary: Security update for chrony
Type: security
Severity: moderate
References: 1246544
This update for chrony fixes the following issues:
- Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544).
This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3843-1
Released: Tue Oct 28 17:40:42 2025
Summary: Security update for xen
Type: security
Severity: important
References: 1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148
This update for xen fixes the following issues:
- CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475)
- CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3853-1
Released: Wed Oct 29 15:06:03 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1229750
This update for vim fixes the following issues:
- Fix: vim compatible mode is not switched off earlier (bsc#1229750).
Nocompatible must be set before the syntax highlighting is turned on.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3854-1
Released: Wed Oct 29 15:10:39 2025
Summary: Recommended update for cifs-utils
Type: recommended
Severity: moderate
References: 1248816
This update for cifs-utils fixes the following issues:
- Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket
from the credential cache if the TGT is expired or not exist (bsc#1248816)
* cifs-utils: Skip TGT check if there is a valid service ticket
* cifs-utils: avoid using mktemp when updating mtab
* cifs-utils: add documentation for upcall_target
* setcifsacl: fix memory allocation for struct cifs_ace
* cifs.upcall: fix UAF in get_cachename_from_process_en
* cifs.upcall: fix memory leaks in check_service_ticket
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3930-1
Released: Tue Nov 4 09:26:22 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050
This update for gcc15 fixes the following issues:
This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 14 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc15 compilers use:
- install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages.
- override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages.
For a full changelog with all new GCC15 features, check out
https://gcc.gnu.org/gcc-15/changes.html
Update to GCC 15.2 release:
* the GCC 15.2 release contains regression fixes accumulated since
the GCC 15.1 release
- Prune the use of update-alternatives from openSUSE Factory and
SLFO.
- Adjust crosses to conflict consistently where they did not
already and make them use unsuffixed binaries.
- Tune for power10 for SLES 16. [jsc#PED-12029]
- Tune for z15 for SLES 16. [jsc#PED-253]
- Fix PR120827, ICE due to splitter emitting constant loads directly
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Enable C++ for offload compilers. [bsc#1243794]
- Add libgcobol and libquadmath-devel dependence to the cobol frontend
package.
Update to GCC 15 branch head, 15.1.1+git9595
* includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
for the AMD GCN offload compiler when llvm is new enough.
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Fix newlib libm miscompilation for GCN offloading.
Update to GCC trunk head, 15.0.1+git9001
* includes -msplit-patch-nops required for user-space livepatching
on powerpc
* includes fix for Ada build with --enable-host-pie
- Build GCC executables PIE on SLE. [bsc#1239938]
- Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF
debug info DW_AT_producer string. [bsc#1239566]
- Package GCC COBOL compiler for openSUSE Factory for supported
targets which are x86_64, aarch64 and ppc64le.
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Includes fix for emacs JIT use
- Bumps libgo SONAME to libgo24 which should fix go1.9 build
- Adjust cross compiler requirements to use %requires_ge
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3950-1
Released: Wed Nov 5 11:22:31 2025
Summary: Security update for runc
Type: security
Severity: important
References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881
This update for runc fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232).
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).
Update to runc v1.2.7.
- Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7>
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3986-1
Released: Fri Nov 7 11:31:03 2025
Summary: Security update for gpg2
Type: security
Severity: low
References: 1239119,CVE-2025-30258
This update for gpg2 fixes the following issues:
- CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4073-1
Released: Wed Nov 12 11:34:27 2025
Summary: Security update for runc
Type: security
Severity: important
References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881
This update for runc fixes the following issues:
Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0>
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4107-1
Released: Fri Nov 14 16:54:13 2025
Summary: Security update for bind
Type: security
Severity: important
References: 1252379,1252380,CVE-2025-40778,CVE-2025-40780
This update for bind fixes the following issues:
- CVE-2025-40778: Address various spoofing attacks (bsc#1252379).
- CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4111-1
Released: Sat Nov 15 19:38:39 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1205128,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214954,1214992,1215148,1217366,1236104,1249479,1249608,1249857,1249859,1249988,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251040,1251043,1251045,1251047,1251052,1251057,1251059,1251061,1251063,1251064,1251065,1251066,1251068,1251072,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251154,1251159,1251164,1251166,1251169,1251170,1251173,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251302,1251303,1251306,1251310,1251312,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1
251737,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252069,1252265,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252634,1252688,1252785,1252893,1252904,1252919,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-50488,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50
512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50525,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE-2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53541,CVE-2023-53542,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53559,CVE-2023-53560,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53576,CVE
-2023-53579,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-39742,CVE-2025-39
797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-40018,CVE-2025-40044,CVE-2025-40088,CVE-2025-40102
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
The following non security issues were fixed:
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4112-1
Released: Sat Nov 15 23:38:15 2025
Summary: Security update for openssh
Type: security
Severity: moderate
References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985
This update for openssh fixes the following issues:
- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
- CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4116-1
Released: Mon Nov 17 08:26:11 2025
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714
This update for libxml2 fixes the following issues:
- CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076)
- CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4118-1
Released: Mon Nov 17 09:06:55 2025
Summary: Recommended update for freetype2
Type: recommended
Severity: important
References: 1252148
This update for freetype2 fixes the following issues:
- Fix the %licence tag (bsc#1252148)
* package FTL.TXT and GPLv2.TXT as %license
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4177-1
Released: Mon Nov 24 08:25:42 2025
Summary: Recommended update for python-azure-agent
Type: recommended
Severity: important
References: 1253001
This update for python-azure-agent fixes the following issues:
- Update to version 2.14.0.1 (bsc#1253001)
* FIPS 140-3 support
* Block extensions disallowed by policy
* Report ext policy errors in heartbeat
* Implement signature validation helper functions
* Prevent ssh public key override
* Use proper filesystem creation flag for btrfs
* Enable resource monitoring in cgroup v2 machines
* Update agent cgroup cleanup
* Add cgroupv2 distros to supported list
* Clean old agent cgroup setup
* Redact sas tokens in telemetry events and agent log
* Add conf option to use hardcoded wireserver ip instead of dhcp request
to discover wireserver ip
* Support for python 3.12
* Update telemetry message for agent updates and send new telemetry for
ext resource governance
* Disable rsm downgrade
* Add community support for Chainguard OS
* Swap out legacycrypt for crypt-r for Python 3.13+
* Pin setuptools version
* Set the agent config file path for FreeBSD
* Handle errors importing crypt module
- From 2.13.1.1
* Setup: Fix install_requires list syntax
* Pickup latest goal state on tenant certificate rotation + Avoid
infinite loop when the tenant certificate is missing
* Fix unsupported syntax in py2.6
* Cgroup rewrite: uses systemctl for expressing desired configuration instead drop-in files
* Remove usages of tempfile.mktemp
* Use random time for attempting new Agent update
* Enable logcollector in v2 machines
* Clean history files
* Missing firewall rules reason
* Add support for nftables (+ refactoring of firewall code)
* Create walinuxagent nftable atomically
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4092-1
Released: Mon Nov 24 10:08:22 2025
Summary: Security update for elfutils
Type: security
Severity: moderate
References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4224-1
Released: Tue Nov 25 10:53:48 2025
Summary: Security update for grub2
Type: security
Severity: moderate
References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664
This update for grub2 fixes the following issues:
- CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
Other fixes:
- Bump upstream SBAT generation to 6
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4279-1
Released: Thu Nov 27 14:16:36 2025
Summary: Recommended update for hyper-v
Type: recommended
Severity: moderate
References:
hyper-v was updated to fix the following issue:
- hyper-v is shipped on Aarch64.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4288-1
Released: Fri Nov 28 09:25:32 2025
Summary: Security update for containerd
Type: security
Severity: important
References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329
This update for containerd fixes the following issues:
- Update to containerd v1.7.29
- CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126)
- CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4290-1
Released: Fri Nov 28 10:04:11 2025
Summary: Security update for cups
Type: security
Severity: moderate
References: 1234225,1244057,1253783,CVE-2025-58436,CVE-2025-61915
This update for cups fixes the following issues:
- CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783)
- CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4309-1
Released: Fri Nov 28 16:39:38 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4319-1
Released: Wed Dec 3 13:34:00 2025
Summary: Security update for cups
Type: security
Severity: important
References: 1254353,CVE-2025-58436
This update for cups fixes the following issues:
- The fix for CVE-2025-58436 causes a regression where
GTK applications will hang. (bsc#1254353)
See also https://github.com/OpenPrinting/cups/issues/1429
The fix has been temporary disabled.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4321-1
Released: Fri Dec 5 08:07:53 2025
Summary: Recommended update for pciutils
Type: recommended
Severity: moderate
References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347
This update for pciutils fixes the following issues:
pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138):
- Highlights of issues fixed:
* Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as
the ML110 Gen11 (bsc#1192862)
* Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228)
* Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094)
* Replaced dependency on pciutil-ids with hwdata
* Potentially disruptive change of PCI IDs Cache:
+ The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0)
This could be a disruptive change if users or scripts are relying on the old path.
- Key New Features and Utilities:
* New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level
diagnostic feature (v3.11.0)
* New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device
(v3.6.2)
* ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe
configuration space (v3.10.0)
* IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0)
- New Hardware and Protocol Decoding:
* Added support for decoding CXL capabilities (v3.9.0)
* Decoding for Advanced Error Reporting (AER) (v3.13.0)
* Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0)
* Decoding for Data Object Exchange (DOE) (v3.8.0)
* Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0)
* Decoding for Multicast capabilities (v3.6.3)
- Improved Output Clarity:
* PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0)
* BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as
'[virtual]' (v3.6.0)
- Command Behavior and System Changes:
* `lspci` Tree View (-t):
+ Can now be combined with `-s` to show only a specific sub-tree (v3.6.3)
+ Improved filtering options (v3.9.0)
+ Improved support of multi-domain systems (v3.10.0)
* `setpci`:
+ Can now check if a named register exists for that device's header type (v3.9.0)
* `update-pciids`:
+ Now supports XZ compression when downloading new ID lists (v3.11.0)
* Database Update:
+ The pci.ids device database was continuously updated across all versions.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4326-1
Released: Tue Dec 9 11:31:28 2025
Summary: Recommended update for runc
Type: recommended
Severity: moderate
References: 1254362
This update for runc fixes the following issues:
- Update to runc v1.3.4 (bsc#1254362)
- libct: fix mips compilation:
* When configuring a tmpfs mount, only set the mode= argument if the
target path already existed.
* Fix various file descriptor leaks and add additional tests to detect them as
comprehensively as possible.
- Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2,
which should make it easier for some downstreams to import runc without
pulling in too many extra packages.
- The runc binary distributed with this release are statically linked with the following
GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library':
* libseccomp: The versions of these libraries were not modified from their upstream versions
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4331-1
Released: Tue Dec 9 12:55:17 2025
Summary: Recommended update for kmod
Type: recommended
Severity: important
References: 1253741
This update for kmod fixes the following issues:
- Fix modprobe.d confusion on man page (bsc#1253741):
* document the config file order handling
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4347-1
Released: Wed Dec 10 14:02:26 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1249055,CVE-2025-7039
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4362-1
Released: Thu Dec 11 11:08:27 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1253043
This update for gcc15 fixes the following issues:
- Enable the use of _dl_find_object even when not available at build time. [bsc#1253043]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4368-1
Released: Thu Dec 11 16:12:16 2025
Summary: Security update for python3
Type: security
Severity: low
References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4425-1
Released: Wed Dec 17 12:20:02 2025
Summary: Security update for cups
Type: security
Severity: moderate
References: 1244057,1254353,CVE-2025-58436
This update for cups fixes the following issues:
Security issues fixed:
- CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other
clients (bsc#1244057).
Other issues fixed:
- Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4436-1
Released: Wed Dec 17 14:55:46 2025
Summary: Security update for libpng16
Type: security
Severity: important
References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4504-1
Released: Mon Dec 22 17:29:14 2025
Summary: Security update for glib2
Type: security
Severity: important
References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4525-1
Released: Fri Dec 26 13:19:00 2025
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1254132,CVE-2025-9820
This update for gnutls fixes the following issues:
- CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:27-1
Released: Mon Jan 5 13:45:08 2026
Summary: Security update for python3
Type: security
Severity: moderate
References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:29-1
Released: Mon Jan 5 13:58:05 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2025-39967,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033)
The following non-security bugs were fixed:
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:48-1
Released: Wed Jan 7 09:08:18 2026
Summary: Recommended update for pciutils
Type: recommended
Severity: moderate
References: 1252338
This update for pciutils fixes the following issues:
- Add a strict dependency to libpci to prevent possible segfault (bsc#1252338)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:214-1
Released: Thu Jan 22 13:09:26 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1255715,1256244,1256246,1256390,CVE-2025-68973
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:224-1
Released: Thu Jan 22 13:18:20 2026
Summary: Security update for libtasn1
Type: security
Severity: moderate
References: 1256341,CVE-2025-13151
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:360-1
Released: Mon Feb 2 10:55:33 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:394-1
Released: Thu Feb 5 16:42:04 2026
Summary: Security update for xen
Type: security
Severity: moderate
References: 1252692,1254180,1256745,1256747,CVE-2025-58149,CVE-2025-58150,CVE-2026-23553
This update for xen fixes the following issues:
Security fixes:
- CVE-2025-58150: Fixed buffer overrun with shadow paging and
tracing (XSA-477) (bsc#1256745)
- CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation
(XSA-479) (bsc#1256747)
- CVE-2025-58149: Fixed incorrect removal od permissions on PCI
device unplug allow PV guests to access memory of devices no
longer assigned to it (XSA-476) (bsc#1252692)
Other fixes:
- Fixed virtxend service restart. Caused by a failure to start
xenstored (bsc#1254180)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:430-1
Released: Wed Feb 11 09:43:42 2026
Summary: Security update for python-pyasn1
Type: security
Severity: important
References: 1256902,CVE-2026-23490
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation
octets leading to Denial of Service (bsc#1256902)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:432-1
Released: Wed Feb 11 10:11:56 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1248586,1254670,CVE-2025-7709
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:443-1
Released: Wed Feb 11 10:46:43 2026
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1254866,1254867,1256331,CVE-2025-66418,CVE-2025-66471,CVE-2026-21441
This update for python-urllib3_1 fixes the following issues:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867).
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:458-1
Released: Thu Feb 12 00:28:37 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1257049,CVE-2026-0988
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:463-1
Released: Thu Feb 12 08:40:25 2026
Summary: Recommended update for supportutils
Type: recommended
Severity: important
References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1256709
This update for supportutils fixes the following issues:
- scplugin.rc is restored in package 3.2.12.1 for continued compatibility (bsc#1256709)
- Changes to version 3.2.12:
* Optimized lsof usage and honors OPTION_OFILES (bsc#1232351)
* Run in containers without errors (bsc#1245667)
* Removed pmap PID from memory.txt (bsc#1246011)
* Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025)
* Improved database perforce with kGraft patching (bsc#1249657)
* Using last boot for journalctl for optimization (bsc#1250224)
* Fixed extraction failures (bsc#1252318)
* Update supportconfig.conf path in docs (bsc#1254425)
* drm_sub_info: Catch error when dir doesn't exist
* Replace remaining `egrep` with `grep -E`
* Add process affinity to slert logs
* Reintroduce cgroup statistics (and v2)
* Minor changes to basic-health-check: improve information level
* Collect important machine health counters
* powerpc: collect hot-pluggable PCI and PHB slots
* podman: collect podman disk usage
* Exclude binary files in crondir
* kexec/kdump: collect everything under /sys/kernel/kexec dir
* Use short-iso for journalctl
- Changes to version 3.2.11:
* Collect rsyslog frule files (bsc#1244003)
* Remove proxy passwords (bsc#1244011)
* Missing NetworkManager information (bsc#1241284)
* Include agama logs bsc#1244937)
* Additional NFS conf files
* New fadump sysfs files
* Fixed change log dates
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:508-1
Released: Fri Feb 13 15:50:21 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:510-1
Released: Fri Feb 13 15:52:36 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1254666,CVE-2025-14104
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:575-1
Released: Wed Feb 18 10:10:36 2026
Summary: Security update for libpcap
Type: security
Severity: low
References: 1255765,CVE-2025-11961
This update for libpcap fixes the following issues:
- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
read and write (bsc#1255765).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:577-1
Released: Wed Feb 18 16:49:13 2026
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471
This update for avahi fixes the following issues:
- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:596-1
Released: Mon Feb 23 16:57:20 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646
This update for libpng16 fixes the following issues:
- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:606-1
Released: Tue Feb 24 12:19:29 2026
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:617-1
Released: Tue Feb 24 16:18:34 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1193629,1194869,1196823,1204957,1205567,1206889,1207051,1207088,1207611,1207620,1207622,1207636,1207644,1207646,1207652,1207653,1208570,1208758,1209799,1210817,1210943,1211690,1213025,1213032,1213093,1213105,1213110,1213111,1213653,1213747,1213867,1214635,1214940,1214962,1214986,1214990,1216062,1220137,1220144,1223007,1228015,1230185,1231084,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1238896,1238917,1242006,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1249871,1250397,1252046,1252678,1252785,1253028,1253409,1253702,1254462,1254463,1254464,1254520,1254559,1254562,1254572,1254578,1254580,1254592,1254608,1254609,1254614,1254615,1254617,1254625,1254631,1254632,1254634,1254644,1254645,1254649,1254653,1254656,1254658,1254660,1254664,1254671,1254674,1254676,1254677,1254686,1254690,1254692,1254694,1254696,1254698,1254699,1254704,1254706,1254709,1254710,1254711,1254712,1254713,1254714,1
254716,1254723,1254725,1254728,1254729,1254743,1254745,1254751,1254756,1254759,1254763,1254767,1254775,1254780,1254781,1254782,1254783,1254785,1254788,1254789,1254792,1254813,1254842,1254843,1254847,1254851,1254894,1254902,1254915,1254916,1254917,1254920,1254959,1254974,1254986,1254994,1255002,1255005,1255007,1255049,1255060,1255163,1255165,1255171,1255251,1255377,1255401,1255467,1255469,1255521,1255528,1255546,1255549,1255554,1255555,1255558,1255560,1255562,1255565,1255574,1255576,1255578,1255582,1255594,1255600,1255607,1255608,1255609,1255618,1255619,1255620,1255623,1255624,1255626,1255627,1255628,1255636,1255688,1255690,1255697,1255702,1255704,1255749,1255750,1255757,1255758,1255760,1255762,1255769,1255771,1255773,1255780,1255786,1255787,1255789,1255790,1255791,1255792,1255796,1255797,1255800,1255801,1255802,1255803,1255804,1255806,1255808,1255819,1255839,1255843,1255844,1255872,1255875,1255876,1255877,1255878,1255880,1255889,1255901,1255902,1255905,1255906,1255908,1255909,125591
0,1255912,1255919,1255922,1255925,1255939,1255950,1255953,1255954,1255962,1255964,1255968,1255969,1255970,1255971,1255978,1255979,1255983,1255985,1255990,1255993,1255994,1255996,1256034,1256040,1256042,1256045,1256046,1256048,1256049,1256053,1256056,1256057,1256062,1256063,1256064,1256065,1256074,1256081,1256086,1256091,1256093,1256095,1256099,1256114,1256115,1256118,1256119,1256121,1256122,1256124,1256125,1256126,1256127,1256130,1256131,1256132,1256133,1256136,1256137,1256140,1256141,1256142,1256143,1256145,1256149,1256152,1256154,1256155,1256157,1256158,1256162,1256165,1256167,1256172,1256173,1256174,1256177,1256178,1256179,1256182,1256184,1256185,1256186,1256188,1256189,1256191,1256192,1256193,1256194,1256196,1256199,1256200,1256202,1256203,1256204,1256205,1256206,1256207,1256208,1256211,1256215,1256216,1256219,1256220,1256221,1256223,1256228,1256230,1256231,1256235,1256241,1256242,1256245,1256248,1256250,1256254,1256260,1256265,1256269,1256271,1256274,1256282,1256285,1256291,125
6295,1256300,1256306,1256317,1256320,1256323,1256326,1256328,1256333,1256334,1256335,1256337,1256338,1256344,1256346,1256349,1256353,1256355,1256368,1256370,1256375,1256382,1256383,1256384,1256386,1256388,1256391,1256394,1256395,1256396,1256397,1256423,1256426,1256432,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,1257749,1257771,1257790,CVE-2022-0854,CVE-2022-48853,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50614,CVE-2022-50615,CVE-2022-50617,CVE-2022-50618,CVE-2022-50619,CVE-2022-50622,CVE-2022-50623,CVE-2022-50625,CVE-2022-50626,CVE-2022-50629,CVE-2022-50630,CVE-2022-50633,CVE-2022-50635,CVE-2022-50636,CVE-2022-50638,CVE-2022-50640,CVE-2022-50641,CVE-2022-50643,CVE-2022-50644,CVE-2022-50646,CVE-2022-50649,CVE-2022-50652,CVE-2022-50653,CVE-2022-50656,CVE-2022-50658,CVE-2022-50660,CVE-2022-50661,CVE-2022-50662,CVE-2022-50664,CVE-2022-50666,CVE-2022-50668,CVE-2022-50669,CVE-2022-50670,CVE-2022-50671,CVE-2022-
50672,CVE-2022-50673,CVE-2022-50675,CVE-2022-50677,CVE-2022-50678,CVE-2022-50679,CVE-2022-50697,CVE-2022-50698,CVE-2022-50699,CVE-2022-50700,CVE-2022-50702,CVE-2022-50703,CVE-2022-50704,CVE-2022-50709,CVE-2022-50715,CVE-2022-50716,CVE-2022-50717,CVE-2022-50718,CVE-2022-50719,CVE-2022-50722,CVE-2022-50724,CVE-2022-50726,CVE-2022-50727,CVE-2022-50728,CVE-2022-50730,CVE-2022-50731,CVE-2022-50732,CVE-2022-50733,CVE-2022-50735,CVE-2022-50736,CVE-2022-50740,CVE-2022-50742,CVE-2022-50744,CVE-2022-50745,CVE-2022-50747,CVE-2022-50749,CVE-2022-50750,CVE-2022-50751,CVE-2022-50752,CVE-2022-50754,CVE-2022-50755,CVE-2022-50756,CVE-2022-50757,CVE-2022-50758,CVE-2022-50760,CVE-2022-50761,CVE-2022-50763,CVE-2022-50767,CVE-2022-50769,CVE-2022-50770,CVE-2022-50773,CVE-2022-50774,CVE-2022-50776,CVE-2022-50777,CVE-2022-50779,CVE-2022-50781,CVE-2022-50782,CVE-2022-50809,CVE-2022-50814,CVE-2022-50819,CVE-2022-50821,CVE-2022-50822,CVE-2022-50823,CVE-2022-50824,CVE-2022-50826,CVE-2022-50827,CVE-2022-50828,C
VE-2022-50829,CVE-2022-50830,CVE-2022-50832,CVE-2022-50834,CVE-2022-50835,CVE-2022-50836,CVE-2022-50839,CVE-2022-50840,CVE-2022-50842,CVE-2022-50843,CVE-2022-50844,CVE-2022-50845,CVE-2022-50846,CVE-2022-50848,CVE-2022-50849,CVE-2022-50850,CVE-2022-50851,CVE-2022-50853,CVE-2022-50856,CVE-2022-50858,CVE-2022-50859,CVE-2022-50860,CVE-2022-50861,CVE-2022-50864,CVE-2022-50866,CVE-2022-50868,CVE-2022-50870,CVE-2022-50872,CVE-2022-50876,CVE-2022-50878,CVE-2022-50880,CVE-2022-50881,CVE-2022-50882,CVE-2022-50884,CVE-2022-50885,CVE-2022-50886,CVE-2022-50887,CVE-2022-50888,CVE-2022-50889,CVE-2023-23559,CVE-2023-52433,CVE-2023-52923,CVE-2023-53178,CVE-2023-53215,CVE-2023-53254,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53743,CVE-2023-53744,CVE-2023-53746,CVE-2023-53747,CVE-2023-53751,CVE-2023-53754,CVE-2023-53755,CVE-2023-53761,CVE-2023-53766,CVE-2023-53781,CVE-2023-53783,CVE-2023-53786,CVE-2023-53788,CVE-2023-53792,CVE-2023-53794,CVE-2023-53802,CVE-2023-53803,CVE-2023
-53804,CVE-2023-53808,CVE-2023-53811,CVE-2023-53814,CVE-2023-53818,CVE-2023-53819,CVE-2023-53820,CVE-2023-53827,CVE-2023-53830,CVE-2023-53832,CVE-2023-53834,CVE-2023-53837,CVE-2023-53840,CVE-2023-53842,CVE-2023-53844,CVE-2023-53845,CVE-2023-53847,CVE-2023-53850,CVE-2023-53852,CVE-2023-53858,CVE-2023-53862,CVE-2023-53866,CVE-2023-53990,CVE-2023-53991,CVE-2023-53996,CVE-2023-53998,CVE-2023-54001,CVE-2023-54003,CVE-2023-54007,CVE-2023-54009,CVE-2023-54010,CVE-2023-54014,CVE-2023-54015,CVE-2023-54018,CVE-2023-54019,CVE-2023-54020,CVE-2023-54021,CVE-2023-54024,CVE-2023-54025,CVE-2023-54026,CVE-2023-54028,CVE-2023-54036,CVE-2023-54039,CVE-2023-54040,CVE-2023-54042,CVE-2023-54045,CVE-2023-54046,CVE-2023-54048,CVE-2023-54049,CVE-2023-54050,CVE-2023-54051,CVE-2023-54053,CVE-2023-54055,CVE-2023-54058,CVE-2023-54064,CVE-2023-54072,CVE-2023-54076,CVE-2023-54078,CVE-2023-54079,CVE-2023-54083,CVE-2023-54084,CVE-2023-54090,CVE-2023-54091,CVE-2023-54092,CVE-2023-54095,CVE-2023-54096,CVE-2023-54097,
CVE-2023-54098,CVE-2023-54100,CVE-2023-54102,CVE-2023-54104,CVE-2023-54108,CVE-2023-54110,CVE-2023-54111,CVE-2023-54115,CVE-2023-54118,CVE-2023-54119,CVE-2023-54120,CVE-2023-54122,CVE-2023-54123,CVE-2023-54126,CVE-2023-54127,CVE-2023-54130,CVE-2023-54131,CVE-2023-54136,CVE-2023-54140,CVE-2023-54142,CVE-2023-54146,CVE-2023-54150,CVE-2023-54153,CVE-2023-54156,CVE-2023-54159,CVE-2023-54166,CVE-2023-54168,CVE-2023-54170,CVE-2023-54171,CVE-2023-54173,CVE-2023-54177,CVE-2023-54179,CVE-2023-54183,CVE-2023-54186,CVE-2023-54189,CVE-2023-54190,CVE-2023-54197,CVE-2023-54198,CVE-2023-54199,CVE-2023-54201,CVE-2023-54202,CVE-2023-54205,CVE-2023-54208,CVE-2023-54211,CVE-2023-54213,CVE-2023-54214,CVE-2023-54219,CVE-2023-54230,CVE-2023-54236,CVE-2023-54242,CVE-2023-54243,CVE-2023-54244,CVE-2023-54245,CVE-2023-54252,CVE-2023-54260,CVE-2023-54264,CVE-2023-54266,CVE-2023-54269,CVE-2023-54270,CVE-2023-54271,CVE-2023-54274,CVE-2023-54275,CVE-2023-54277,CVE-2023-54280,CVE-2023-54284,CVE-2023-54286,CVE-202
3-54287,CVE-2023-54289,CVE-2023-54292,CVE-2023-54293,CVE-2023-54294,CVE-2023-54295,CVE-2023-54298,CVE-2023-54299,CVE-2023-54300,CVE-2023-54301,CVE-2023-54302,CVE-2023-54304,CVE-2023-54305,CVE-2023-54309,CVE-2023-54311,CVE-2023-54315,CVE-2023-54317,CVE-2023-54319,CVE-2023-54321,CVE-2023-54325,CVE-2023-54326,CVE-2024-26581,CVE-2024-26832,CVE-2024-28956,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44987,CVE-2024-46854,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21738,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-39977,CVE-2025-40019,CVE-2025-40044,CVE-2025-40139,CVE-2025-40215,CVE-2025-40220,CVE-2025-40233,CVE-2025-40256,CVE-2025-40257,CVE-2025-40258,CVE-2025-40277,CVE-2025-40280,CVE-2025-40300,CVE-2025-40331,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68732,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089
,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001,CVE-2026-23074,CVE-2026-23089
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
The following non security issues were fixed:
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
- x86: make page fault handling disable interrupts properly (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:664-1
Released: Thu Feb 26 16:15:04 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:694-1
Released: Fri Feb 27 16:14:32 2026
Summary: Security update for gpg2
Type: security
Severity: moderate
References: 1256389
This update for gpg2 fixes the following issues:
Security fix:
- Fixed GnuPG accepting Path Separators and Path Traversals
in Literal Data (bsc#1256389)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:741-1
Released: Mon Mar 2 09:11:04 2026
Summary: Security update for shim
Type: security
Severity: moderate
References: 1240871,1247432,CVE-2024-2312
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:791-1
Released: Tue Mar 3 16:59:33 2026
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1257463
This update for gcc15 fixes the following issues:
- Fix bogus expression simplification (bsc#1257463)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:823-1
Released: Thu Mar 5 15:32:08 2026
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1258022
This update for grub2 fixes the following issues:
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:826-1
Released: Thu Mar 5 16:16:29 2026
Summary: Security update for expat
Type: security
Severity: moderate
References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:837-1
Released: Fri Mar 6 08:30:05 2026
Summary: Recommended update for syslogd
Type: recommended
Severity: moderate
References:
This update for syslogd fixes the following issues:
- Drop last sysvinit Requirement/Provide (jsc#PED-13698)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:862-1
Released: Wed Mar 11 10:59:55 2026
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1257960,CVE-2025-14831
This update for gnutls fixes the following issues:
- CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing
a large number of name constraints and subject alternative names (SANs) (bsc#1257960).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:896-1
Released: Fri Mar 13 16:25:07 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
- CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766)
- CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822)
- CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005)
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:911-1
Released: Tue Mar 17 20:56:12 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:912-1
Released: Wed Mar 18 07:19:42 2026
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1229003,1258002
This update for ca-certificates-mozilla fixes the following issues:
- test for a concretely missing certificate rather than
just the directory, as the latter is now also provided by openssl-3
- Re-create java-cacerts with SOURCE_DATE_EPOCH set
for reproducible builds (bsc#1229003)
- Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user
during install: allow rpm to properly execute %clean when completed.
- Create /var/lib/ca-certificates during build to ensure rpm gives
the %ghost'ed directory proper mode attributes.
- Updated to 2.84 state (bsc#1258002)
* Removed:
+ Baltimore CyberTrust Root
+ CommScope Public Trust ECC Root-01
+ CommScope Public Trust ECC Root-02
+ CommScope Public Trust RSA Root-01
+ CommScope Public Trust RSA Root-02
+ DigiNotar Root CA
* Added:
+ e-Szigno TLS Root CA 2023
+ OISTE Client Root ECC G1
+ OISTE Client Root RSA G1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
+ SwissSign RSA SMIME Root CA 2022 - 1
+ SwissSign RSA TLS Root CA 2022 - 1
+ TrustAsia SMIME ECC Root CA
+ TrustAsia SMIME RSA Root CA
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
- reenable the distrusted certs again. the distrust is only for certs
issued after the distrust date, not for all certs of a CA.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:931-1
Released: Thu Mar 19 09:23:14 2026
Summary: Security update for jq
Type: security
Severity: low
References: 1248600,CVE-2025-9403
This update for jq fixes the following issue:
- CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:949-1
Released: Fri Mar 20 19:08:19 2026
Summary: Security update for runc
Type: security
Severity: important
References:
This update for runc rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:982-1
Released: Mon Mar 23 17:48:23 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1258859,CVE-2026-3184
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:984-1
Released: Mon Mar 23 23:20:28 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1238917,1255075,1256645,1257231,1257473,1257732,1257735,1258340,1258395,1258518,1258849,1258850,1259857,CVE-2025-21738,CVE-2025-40242,CVE-2025-71066,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23191,CVE-2026-23204,CVE-2026-23209,CVE-2026-23268,CVE-2026-23269
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non-security bugs were fixed:
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1061-1
Released: Thu Mar 26 11:35:08 2026
Summary: Security update for systemd
Type: security
Severity: important
References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- 6a38d88a42 machined: reject invalid class types when registering machines
- 8c9a592e5a udev: fix review mixup
- b57007a917 udev-builtin-net-id: print cescaped bad attributes
- ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
- 0f63e799e6 udev: ensure tag parsing stays within bounds
- 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
- 5be21460ce udev: check for invalid chars in various fields received from the kernel
- 9559607b16 core/cgroup: avoid one unnecessary strjoina()
- fcae348ca4 core: validate input cgroup path more prudently
- a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
- 08125d6b06 units: add dep on systemd-logind.service by user at .service
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1065-1
Released: Thu Mar 26 11:38:12 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1067-1
Released: Thu Mar 26 11:39:01 2026
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1254867,1259829,CVE-2025-66471
This update for python-urllib3 fixes the following issue:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API
(bsc#1254867).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1090-1
Released: Thu Mar 26 18:44:54 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257181,CVE-2026-1299
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1095-1
Released: Thu Mar 26 19:05:08 2026
Summary: Security update for vim
Type: security
Severity: moderate
References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1105-1
Released: Fri Mar 27 08:03:05 2026
Summary: Security update for containerd
Type: security
Severity: important
References:
This update for containerd rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1158-1
Released: Tue Mar 31 13:55:47 2026
Summary: Security update for python-pyasn1
Type: security
Severity: important
References: 1259803,CVE-2026-30922
This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1166-1
Released: Thu Apr 2 03:08:04 2026
Summary: Security update for expat
Type: security
Severity: important
References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1177-1
Released: Thu Apr 2 17:00:30 2026
Summary: Security update for tar
Type: security
Severity: important
References: 1246399,CVE-2025-45582
This update for tar fixes the following issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1247-1
Released: Fri Apr 10 12:34:39 2026
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1259845,CVE-2026-27135
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1257-1
Released: Fri Apr 10 16:59:14 2026
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1309-1
Released: Tue Apr 14 12:39:22 2026
Summary: Security update for sudo
Type: security
Severity: important
References: 1261420,CVE-2026-35535
This update for sudo fixes the following issue:
- CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2026:1315-1
Released: Tue Apr 14 13:26:20 2026
Summary: Optional update for rsyslog
Type: optional
Severity: moderate
References:
This update for rsyslog fixes the following issue:
- add the rsyslog-module-ossl (openssl TLS support).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1323-1
Released: Tue Apr 14 15:11:50 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1260754,CVE-2026-33416
This update for libpng16 fixes the following issues:
- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
execution (bsc#1260754).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1383-1
Released: Thu Apr 16 11:14:40 2026
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: important
References: 1230861,1239439,1241002,1244550,1257490,1257625,1257667,1257825,1261155
This update for suseconnect-ng fixes the following issues:
- Update version to 1.21.1:
* Fix nil token handling (bsc#1261155)
* Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
* Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226).
* Support new profile based metric collection
* Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667)
* Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260).
* Removed backport patch
* Add missing product id to allow yast2-registration to not break (bsc#1257825)
* Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
* Ignore product in announce call (bsc#1257490)
* Registration to SMT server with failed (bsc#1257625)
- Update version to 1.20:
* Update error message for Public Cloud instances with registercloudguest installed.
SUSEConnect -d is disabled on PYAG and BYOS when
the registercloudguest command is available. (bsc#1230861)
* Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
* Fixed modules and extension link to point to version less documentation. (bsc#1239439)
* Fixed SAP instance detection (bsc#1244550)
* Remove link to extensions documentation (bsc#1239439)
* Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the new golang public library
which can be consumed without the need to interface with SUSEConnect directly.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1387-1
Released: Thu Apr 16 11:17:48 2026
Summary: Security update for vim
Type: security
Severity: important
References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982
This update for vim fixes the following issues:
Update to version 9.2.0280.
- CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command
execution (bsc#1261271).
- CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution
(bsc#1261191).
- CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to
arbitrary code execution (bsc#1259985).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1399-1
Released: Thu Apr 16 12:44:14 2026
Summary: Security update for cups
Type: security
Severity: important
References: 1261568,CVE-2026-34990
This update for cups fixes the following issue:
- CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1400-1
Released: Thu Apr 16 12:47:09 2026
Summary: Security update for python-PyJWT
Type: security
Severity: important
References: 1259616,CVE-2026-32597
This update for python-PyJWT fixes the following issues:
- CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1428-1
Released: Fri Apr 17 12:00:40 2026
Summary: Security update for bind
Type: security
Severity: important
References: 1260805,CVE-2026-1519
This update for bind fixes the following issues:
- CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released: Fri Apr 17 12:12:08 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issue:
- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1487-1
Released: Mon Apr 20 17:52:11 2026
Summary: Security update for runc
Type: security
Severity: important
References:
This update for runc rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1495-1
Released: Mon Apr 20 17:59:12 2026
Summary: Security update for containerd
Type: security
Severity: important
References:
This update for containerd rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1510-1
Released: Tue Apr 21 08:28:12 2026
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1259924,CVE-2025-69720
This update for ncurses fixes the following issue:
- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1562-1
Released: Thu Apr 23 09:05:52 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1261678,CVE-2026-28390
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1563-1
Released: Thu Apr 23 09:07:39 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1246057,1256504,1256675,1257773,1259797,1260005,1260009,CVE-2025-38234,CVE-2025-68818,CVE-2026-23103,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057).
- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
The following non security issue was fixed:
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1565-1
Released: Thu Apr 23 09:08:29 2026
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731
This update for libssh fixes the following issues:
- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).
- CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1644-1
Released: Tue Apr 28 15:31:39 2026
Summary: Security update for python-requests
Type: security
Severity: moderate
References: 1260589,CVE-2026-25645
This update for python-requests fixes the following issues:
- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and
reuses target files that already exist without validation (bsc#1260589).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1659-1
Released: Wed Apr 29 13:09:06 2026
Summary: Security update for sed
Type: security
Severity: moderate
References: 1262144,CVE-2026-5958
This update for sed fixes the following issues:
- CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file
overwrite (bsc#1262144).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1665-1
Released: Thu Apr 30 16:53:18 2026
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1222465,1234736
This update for util-linux fixes the following issues:
- Recognize fuse 'portal' as a virtual file system (bsc#1234736).
- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1672-1
Released: Sat May 2 08:02:29 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1262573,CVE-2026-31431
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one security issue.
The following security issue was fixed:
- CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1692-1
Released: Tue May 5 10:03:54 2026
Summary: Security update for xen
Type: security
Severity: moderate
References: 1262178,1262180,1262428,CVE-2025-54505,CVE-2026-23557,CVE-2026-23558
This update for xen fixes the following issues:
- CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 (bsc#1262428).
- CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178).
- CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1715-1
Released: Wed May 6 14:09:30 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100
This update for python3 fixes the following issues:
- CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to
misinterpretation of tar archives (bsc#1259611).
- CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969).
- CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be
processed (bsc#1261970).
- CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass
(bsc#1259734).
- CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
- CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser
command line option injection (bsc#1260026).
- CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection
(bsc#1262319).
- CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654).
- CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is
under memory pressure(bsc#1262098).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1717-1
Released: Wed May 6 14:13:17 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).
- CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).
- CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).
- CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).
- CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).
Other updates and bugfixes:
- sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1721-1
Released: Wed May 6 16:43:37 2026
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: important
References: 1253223,1258406,1258730
This update for cloud-netconfig fixes the following issues:
- Update to version 1.19:
* Make sure IPADDR variable is stripped of netmask
- Update to version 1.18:
* Fix issue with link-local address routing (bsc#1258730)
- Update to version 1.17:
* Do not set broadcast address explicitly (bsc#1258406)
- Update to version 1.16:
* Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223)
* Fix variable names in the README
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1757-1
Released: Thu May 7 16:02:15 2026
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1259543
This update for grub2 fixes the following issues:
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
* btrfs: add ability to boot from subvolumes
* btrfs: get default subvolume
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1758-1
Released: Thu May 7 16:03:01 2026
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1261274
This update for dracut fixes the following issues:
- Update to version 055+suse.362.ge7032140:
* fix: make iso-scan trigger udev events (bsc#1261274)
The following package changes have been done:
- bash-sh-4.4-150400.27.6.1 updated
- bash-4.4-150400.27.6.1 updated
- bind-utils-9.16.50-150400.5.59.1 updated
- ca-certificates-mozilla-2.84-150200.44.1 updated
- chrony-pool-suse-4.1-150400.21.8.1 updated
- chrony-4.1-150400.21.8.1 updated
- cifs-utils-6.15-150400.3.18.1 updated
- cloud-netconfig-azure-1.19-150000.25.31.1 updated
- containerd-ctr-1.7.29-150000.132.1 updated
- containerd-1.7.29-150000.132.1 updated
- cups-config-2.2.7-150000.3.86.1 updated
- curl-8.14.1-150400.5.83.1 updated
- dracut-055+suse.362.ge7032140-150400.3.43.1 updated
- elfutils-0.185-150400.5.8.3 updated
- glibc-locale-base-2.31-150300.98.1 updated
- glibc-locale-2.31-150300.98.1 updated
- glibc-2.31-150300.98.1 updated
- gpg2-2.2.27-150300.3.19.1 updated
- grub2-i386-pc-2.06-150400.11.72.2 updated
- grub2-x86_64-efi-2.06-150400.11.72.2 updated
- grub2-2.06-150400.11.72.2 updated
- hyper-v-9-150200.14.14.1 updated
- jq-1.6-150000.3.12.1 updated
- kernel-default-5.14.21-150400.24.205.1 updated
- kmod-29-150300.4.18.1 updated
- libasm1-0.185-150400.5.8.3 updated
- libavahi-client3-0.8-150400.7.26.1 updated
- libavahi-common3-0.8-150400.7.26.1 updated
- libblkid1-2.37.2-150400.8.44.1 updated
- libcap2-2.63-150400.3.6.1 updated
- libcups2-2.2.7-150000.3.86.1 updated
- libcurl4-8.14.1-150400.5.83.1 updated
- libdw1-0.185-150400.5.8.3 updated
- libelf1-0.185-150400.5.8.3 updated
- libexpat1-2.7.1-150400.3.37.1 updated
- libfdisk1-2.37.2-150400.8.44.1 updated
- libfreetype6-2.10.4-150000.4.25.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.9.1 updated
- libglib-2_0-0-2.70.5-150400.3.34.1 updated
- libgnutls30-3.7.3-150400.4.56.1 updated
- libjq1-1.6-150000.3.12.1 updated
- libkmod2-29-150300.4.18.1 updated
- libmount1-2.37.2-150400.8.44.1 updated
- libncurses6-6.1-150000.5.33.1 updated
- libnghttp2-14-1.40.0-150200.22.1 updated
- libopenssl1_1-1.1.1l-150400.7.93.1 updated
- libpcap1-1.10.1-150400.3.9.1 updated
- libpci3-3.13.0-150300.13.12.1 updated
- libpng16-16-1.6.34-150000.3.22.1 updated
- libpython3_6m1_0-3.6.15-150300.10.118.1 updated
- libreadline7-7.0-150400.27.6.1 updated
- libsmartcols1-2.37.2-150400.8.44.1 updated
- libsqlite3-0-3.51.3-150000.3.39.1 updated
- libssh-config-0.9.8-150400.3.17.1 updated
- libssh4-0.9.8-150400.3.17.1 updated
- libstdc++6-15.2.0+git10201-150000.1.9.1 updated
- libsystemd0-249.17-150400.8.55.1 updated
- libtasn1-6-4.13-150000.4.14.1 updated
- libtasn1-4.13-150000.4.14.1 updated
- libudev1-249.17-150400.8.55.1 updated
- libuuid1-2.37.2-150400.8.44.1 updated
- libxml2-2-2.9.14-150400.5.55.1 updated
- ncurses-utils-6.1-150000.5.33.1 updated
- openssh-clients-8.4p1-150300.3.57.1 updated
- openssh-common-8.4p1-150300.3.57.1 updated
- openssh-server-8.4p1-150300.3.57.1 updated
- openssh-8.4p1-150300.3.57.1 updated
- openssl-1_1-1.1.1l-150400.7.93.1 updated
- pciutils-3.13.0-150300.13.12.1 updated
- python-azure-agent-config-server-2.14.0.1-150100.3.53.1 updated
- python-azure-agent-2.14.0.1-150100.3.53.1 updated
- python3-PyJWT-2.4.0-150200.3.11.1 updated
- python3-base-3.6.15-150300.10.118.1 updated
- python3-bind-9.16.50-150400.5.59.1 updated
- python3-pyasn1-0.4.2-150000.3.16.1 updated
- python3-requests-2.25.1-150300.3.21.1 updated
- python3-urllib3-1.25.10-150300.4.24.1 updated
- python3-3.6.15-150300.10.118.1 updated
- rsyslog-module-relp-8.2306.0-150400.5.35.1 updated
- rsyslog-8.2306.0-150400.5.35.1 updated
- runc-1.3.4-150000.92.1 updated
- sed-4.4-150300.13.6.1 updated
- shim-16.1-150300.4.31.3 updated
- sudo-1.9.9-150400.4.42.1 updated
- supportutils-3.2.12.1-150300.7.35.39.1 updated
- suseconnect-ng-1.21.1-150400.3.49.1 updated
- syslog-service-2.0-150300.13.3.1 updated
- systemd-sysvinit-249.17-150400.8.55.1 updated
- systemd-249.17-150400.8.55.1 updated
- tar-1.34-150000.3.37.1 updated
- terminfo-base-6.1-150000.5.33.1 updated
- terminfo-6.1-150000.5.33.1 updated
- udev-249.17-150400.8.55.1 updated
- util-linux-systemd-2.37.2-150400.8.44.1 updated
- util-linux-2.37.2-150400.8.44.1 updated
- vim-data-common-9.2.0280-150000.5.89.1 updated
- vim-9.2.0280-150000.5.89.1 updated
- xen-libs-4.16.7_08-150400.4.81.2 updated
More information about the sle-container-updates
mailing list