SUSE-IU-2026:3235-1: Security update of sles-15-sp4-chost-byos-v20260507-arm64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat May 9 07:04:30 UTC 2026
SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20260507-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3235-1
Image Tags : sles-15-sp4-chost-byos-v20260507-arm64:20260507
Image Release :
Severity : important
Type : security
References : 1001888 1006827 1029961 1065729 1065729 1098094 1098228 1170554
1192862 1193629 1194869 1196823 1198323 1204957 1205128 1205567
1206798 1206889 1206893 1207051 1207088 1207611 1207612 1207619
1207620 1207622 1207636 1207644 1207646 1207652 1207653 1208570
1208758 1209799 1210763 1210817 1210943 1211162 1211690 1211692
1213025 1213032 1213093 1213098 1213105 1213110 1213111 1213114
1213653 1213747 1213747 1213867 1214635 1214940 1214954 1214962
1214986 1214990 1214992 1215148 1216062 1217366 1220137 1220144
1222465 1223007 1224138 1228015 1229003 1229750 1230185 1230861
1231084 1232351 1232526 1233038 1234225 1234736 1235905 1236104
1236104 1236208 1237236 1237240 1237241 1237242 1237885 1237906
1238414 1238491 1238754 1238763 1238896 1238917 1238917 1239119
1239439 1239566 1239938 1240788 1240871 1241002 1241284 1242006
1243794 1243991 1244003 1244011 1244050 1244057 1244057 1244550
1244758 1244904 1244937 1245110 1245199 1245210 1245667 1245723
1245751 1246011 1246025 1246057 1246399 1246544 1246602 1246965
1246974 1247177 1247432 1247483 1247850 1248306 1248377 1248586
1248600 1248807 1248816 1249055 1249076 1249156 1249158 1249375
1249479 1249608 1249657 1249806 1249827 1249857 1249859 1249871
1249988 1250224 1250397 1250553 1250742 1250816 1250946 1251027
1251032 1251034 1251035 1251040 1251043 1251045 1251047 1251052
1251057 1251059 1251061 1251063 1251064 1251065 1251066 1251068
1251072 1251080 1251082 1251086 1251087 1251088 1251091 1251092
1251093 1251097 1251099 1251101 1251104 1251110 1251113 1251115
1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251154
1251159 1251164 1251166 1251169 1251170 1251173 1251178 1251180
1251182 1251197 1251198 1251199 1251200 1251201 1251202 1251208
1251210 1251215 1251218 1251222 1251223 1251230 1251247 1251268
1251271 1251281 1251282 1251283 1251285 1251286 1251292 1251294
1251295 1251296 1251298 1251299 1251300 1251302 1251303 1251305
1251306 1251310 1251312 1251322 1251324 1251325 1251326 1251327
1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529
1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251741
1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764
1251767 1251769 1251772 1251775 1251777 1251785 1251786 1251823
1251930 1251967 1252033 1252033 1252035 1252046 1252047 1252069
1252110 1252148 1252232 1252232 1252265 1252267 1252318 1252338
1252379 1252380 1252474 1252475 1252476 1252480 1252484 1252486
1252489 1252490 1252492 1252495 1252497 1252499 1252501 1252508
1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523
1252526 1252528 1252529 1252532 1252535 1252536 1252537 1252538
1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565
1252568 1252634 1252678 1252688 1252692 1252780 1252785 1252785
1252862 1252893 1252904 1252919 1252931 1252932 1252933 1252934
1252935 1252974 1253028 1253043 1253126 1253132 1253223 1253367
1253409 1253431 1253436 1253702 1253741 1253757 1253783 1254132
1254157 1254158 1254159 1254160 1254180 1254297 1254353 1254353
1254362 1254400 1254401 1254425 1254462 1254463 1254464 1254480
1254520 1254559 1254562 1254572 1254578 1254580 1254592 1254608
1254609 1254614 1254615 1254617 1254625 1254631 1254632 1254634
1254644 1254645 1254649 1254653 1254656 1254658 1254660 1254662
1254664 1254666 1254670 1254670 1254671 1254674 1254676 1254677
1254686 1254690 1254692 1254694 1254696 1254698 1254699 1254704
1254706 1254709 1254710 1254711 1254712 1254713 1254714 1254716
1254723 1254725 1254728 1254729 1254743 1254745 1254751 1254756
1254759 1254763 1254767 1254775 1254780 1254781 1254782 1254783
1254785 1254788 1254789 1254792 1254813 1254842 1254843 1254847
1254851 1254878 1254894 1254902 1254915 1254916 1254917 1254920
1254959 1254974 1254986 1254994 1254997 1255002 1255005 1255007
1255049 1255060 1255075 1255163 1255165 1255171 1255251 1255377
1255401 1255467 1255469 1255521 1255528 1255546 1255549 1255554
1255555 1255558 1255560 1255562 1255565 1255574 1255576 1255578
1255582 1255594 1255600 1255607 1255608 1255609 1255618 1255619
1255620 1255623 1255624 1255626 1255627 1255628 1255636 1255688
1255690 1255697 1255702 1255704 1255715 1255731 1255732 1255733
1255734 1255749 1255750 1255757 1255758 1255760 1255762 1255765
1255769 1255771 1255773 1255780 1255786 1255787 1255789 1255790
1255791 1255792 1255796 1255797 1255800 1255801 1255802 1255803
1255804 1255806 1255808 1255819 1255839 1255843 1255844 1255872
1255875 1255876 1255877 1255878 1255880 1255889 1255901 1255902
1255905 1255906 1255908 1255909 1255910 1255912 1255919 1255922
1255925 1255939 1255950 1255953 1255954 1255962 1255964 1255968
1255969 1255970 1255971 1255978 1255979 1255983 1255985 1255990
1255993 1255994 1255996 1256034 1256040 1256042 1256045 1256046
1256048 1256049 1256053 1256056 1256057 1256062 1256063 1256064
1256065 1256074 1256081 1256086 1256091 1256093 1256095 1256099
1256105 1256114 1256115 1256118 1256119 1256121 1256122 1256124
1256125 1256126 1256127 1256130 1256131 1256132 1256133 1256136
1256137 1256140 1256141 1256142 1256143 1256145 1256149 1256152
1256154 1256155 1256157 1256158 1256162 1256165 1256167 1256172
1256173 1256174 1256177 1256178 1256179 1256182 1256184 1256185
1256186 1256188 1256189 1256191 1256192 1256193 1256194 1256196
1256199 1256200 1256202 1256203 1256204 1256205 1256206 1256207
1256208 1256211 1256215 1256216 1256219 1256220 1256221 1256223
1256228 1256230 1256231 1256235 1256241 1256242 1256244 1256245
1256246 1256248 1256250 1256254 1256260 1256265 1256269 1256271
1256274 1256282 1256285 1256291 1256295 1256300 1256306 1256317
1256320 1256323 1256326 1256328 1256333 1256334 1256335 1256337
1256338 1256341 1256344 1256346 1256349 1256353 1256355 1256368
1256370 1256375 1256382 1256383 1256384 1256386 1256388 1256389
1256390 1256391 1256394 1256395 1256396 1256397 1256423 1256426
1256432 1256498 1256499 1256500 1256504 1256525 1256526 1256582
1256612 1256623 1256641 1256645 1256675 1256709 1256726 1256744
1256745 1256747 1256766 1256779 1256792 1256804 1256805 1256807
1256808 1256809 1256810 1256811 1256812 1256822 1256834 1256835
1256836 1256837 1256838 1256839 1256840 1256906 1257005 1257029
1257031 1257041 1257042 1257044 1257046 1257049 1257144 1257181
1257231 1257232 1257236 1257296 1257364 1257365 1257463 1257473
1257473 1257490 1257496 1257593 1257594 1257595 1257625 1257667
1257732 1257735 1257749 1257771 1257773 1257790 1257825 1257960
1258002 1258020 1258022 1258045 1258049 1258054 1258080 1258081
1258229 1258340 1258395 1258406 1258518 1258730 1258849 1258850
1258859 1259051 1259362 1259362 1259363 1259364 1259365 1259377
1259418 1259543 1259611 1259619 1259650 1259697 1259711 1259726
1259729 1259734 1259735 1259797 1259845 1259857 1259924 1259985
1259989 1260005 1260009 1260026 1260441 1260442 1260443 1260444
1260445 1260754 1260805 1261155 1261191 1261271 1261274 1261420
1261568 1261678 1261809 1261969 1261970 1262098 1262144 1262178
1262180 1262319 1262428 1262573 1262631 1262632 1262635 1262636
1262638 1262654 529469 837347 CVE-2022-0854 CVE-2022-43945 CVE-2022-48853
CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50280
CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472
CVE-2022-50475 CVE-2022-50478 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484
CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490
CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497
CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504
CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513
CVE-2022-50514 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521
CVE-2022-50523 CVE-2022-50525 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530
CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541
CVE-2022-50542 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549
CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560
CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566
CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574
CVE-2022-50575 CVE-2022-50576 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580
CVE-2022-50581 CVE-2022-50582 CVE-2022-50614 CVE-2022-50615 CVE-2022-50617
CVE-2022-50618 CVE-2022-50619 CVE-2022-50622 CVE-2022-50623 CVE-2022-50625
CVE-2022-50626 CVE-2022-50629 CVE-2022-50630 CVE-2022-50633 CVE-2022-50635
CVE-2022-50636 CVE-2022-50638 CVE-2022-50640 CVE-2022-50641 CVE-2022-50643
CVE-2022-50644 CVE-2022-50646 CVE-2022-50649 CVE-2022-50652 CVE-2022-50653
CVE-2022-50656 CVE-2022-50658 CVE-2022-50660 CVE-2022-50661 CVE-2022-50662
CVE-2022-50664 CVE-2022-50666 CVE-2022-50668 CVE-2022-50669 CVE-2022-50670
CVE-2022-50671 CVE-2022-50672 CVE-2022-50673 CVE-2022-50675 CVE-2022-50677
CVE-2022-50678 CVE-2022-50679 CVE-2022-50697 CVE-2022-50698 CVE-2022-50699
CVE-2022-50700 CVE-2022-50702 CVE-2022-50703 CVE-2022-50704 CVE-2022-50709
CVE-2022-50715 CVE-2022-50716 CVE-2022-50717 CVE-2022-50718 CVE-2022-50719
CVE-2022-50722 CVE-2022-50724 CVE-2022-50726 CVE-2022-50727 CVE-2022-50728
CVE-2022-50730 CVE-2022-50731 CVE-2022-50732 CVE-2022-50733 CVE-2022-50735
CVE-2022-50736 CVE-2022-50740 CVE-2022-50742 CVE-2022-50744 CVE-2022-50745
CVE-2022-50747 CVE-2022-50749 CVE-2022-50750 CVE-2022-50751 CVE-2022-50752
CVE-2022-50754 CVE-2022-50755 CVE-2022-50756 CVE-2022-50757 CVE-2022-50758
CVE-2022-50760 CVE-2022-50761 CVE-2022-50763 CVE-2022-50767 CVE-2022-50769
CVE-2022-50770 CVE-2022-50773 CVE-2022-50774 CVE-2022-50776 CVE-2022-50777
CVE-2022-50779 CVE-2022-50781 CVE-2022-50782 CVE-2022-50809 CVE-2022-50814
CVE-2022-50819 CVE-2022-50821 CVE-2022-50822 CVE-2022-50823 CVE-2022-50824
CVE-2022-50826 CVE-2022-50827 CVE-2022-50828 CVE-2022-50829 CVE-2022-50830
CVE-2022-50832 CVE-2022-50834 CVE-2022-50835 CVE-2022-50836 CVE-2022-50839
CVE-2022-50840 CVE-2022-50842 CVE-2022-50843 CVE-2022-50844 CVE-2022-50845
CVE-2022-50846 CVE-2022-50848 CVE-2022-50849 CVE-2022-50850 CVE-2022-50851
CVE-2022-50853 CVE-2022-50856 CVE-2022-50858 CVE-2022-50859 CVE-2022-50860
CVE-2022-50861 CVE-2022-50864 CVE-2022-50866 CVE-2022-50868 CVE-2022-50870
CVE-2022-50872 CVE-2022-50876 CVE-2022-50878 CVE-2022-50880 CVE-2022-50881
CVE-2022-50882 CVE-2022-50884 CVE-2022-50885 CVE-2022-50886 CVE-2022-50887
CVE-2022-50888 CVE-2022-50889 CVE-2023-23559 CVE-2023-52433 CVE-2023-52923
CVE-2023-52923 CVE-2023-53178 CVE-2023-53215 CVE-2023-53254 CVE-2023-53365
CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53500
CVE-2023-53533 CVE-2023-53534 CVE-2023-53541 CVE-2023-53542 CVE-2023-53548
CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556
CVE-2023-53559 CVE-2023-53560 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567
CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53576
CVE-2023-53579 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53592
CVE-2023-53594 CVE-2023-53597 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605
CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615
CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625
CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640
CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651
CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668
CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53676
CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687
CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53700
CVE-2023-53704 CVE-2023-53705 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711
CVE-2023-53715 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722
CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730
CVE-2023-53743 CVE-2023-53744 CVE-2023-53746 CVE-2023-53747 CVE-2023-53751
CVE-2023-53754 CVE-2023-53755 CVE-2023-53761 CVE-2023-53766 CVE-2023-53781
CVE-2023-53783 CVE-2023-53786 CVE-2023-53788 CVE-2023-53792 CVE-2023-53794
CVE-2023-53802 CVE-2023-53803 CVE-2023-53804 CVE-2023-53808 CVE-2023-53811
CVE-2023-53814 CVE-2023-53818 CVE-2023-53819 CVE-2023-53820 CVE-2023-53827
CVE-2023-53830 CVE-2023-53832 CVE-2023-53834 CVE-2023-53837 CVE-2023-53840
CVE-2023-53842 CVE-2023-53844 CVE-2023-53845 CVE-2023-53847 CVE-2023-53850
CVE-2023-53852 CVE-2023-53858 CVE-2023-53862 CVE-2023-53866 CVE-2023-53990
CVE-2023-53991 CVE-2023-53996 CVE-2023-53998 CVE-2023-54001 CVE-2023-54003
CVE-2023-54007 CVE-2023-54009 CVE-2023-54010 CVE-2023-54014 CVE-2023-54015
CVE-2023-54018 CVE-2023-54019 CVE-2023-54020 CVE-2023-54021 CVE-2023-54024
CVE-2023-54025 CVE-2023-54026 CVE-2023-54028 CVE-2023-54036 CVE-2023-54039
CVE-2023-54040 CVE-2023-54042 CVE-2023-54045 CVE-2023-54046 CVE-2023-54048
CVE-2023-54049 CVE-2023-54050 CVE-2023-54051 CVE-2023-54053 CVE-2023-54055
CVE-2023-54058 CVE-2023-54064 CVE-2023-54072 CVE-2023-54076 CVE-2023-54078
CVE-2023-54079 CVE-2023-54083 CVE-2023-54084 CVE-2023-54090 CVE-2023-54091
CVE-2023-54092 CVE-2023-54095 CVE-2023-54096 CVE-2023-54097 CVE-2023-54098
CVE-2023-54100 CVE-2023-54102 CVE-2023-54104 CVE-2023-54108 CVE-2023-54110
CVE-2023-54111 CVE-2023-54115 CVE-2023-54118 CVE-2023-54119 CVE-2023-54120
CVE-2023-54122 CVE-2023-54123 CVE-2023-54126 CVE-2023-54127 CVE-2023-54130
CVE-2023-54131 CVE-2023-54136 CVE-2023-54140 CVE-2023-54142 CVE-2023-54146
CVE-2023-54150 CVE-2023-54153 CVE-2023-54156 CVE-2023-54159 CVE-2023-54166
CVE-2023-54168 CVE-2023-54170 CVE-2023-54171 CVE-2023-54173 CVE-2023-54177
CVE-2023-54179 CVE-2023-54183 CVE-2023-54186 CVE-2023-54189 CVE-2023-54190
CVE-2023-54197 CVE-2023-54198 CVE-2023-54199 CVE-2023-54201 CVE-2023-54202
CVE-2023-54205 CVE-2023-54208 CVE-2023-54211 CVE-2023-54213 CVE-2023-54214
CVE-2023-54219 CVE-2023-54230 CVE-2023-54236 CVE-2023-54242 CVE-2023-54243
CVE-2023-54244 CVE-2023-54245 CVE-2023-54252 CVE-2023-54260 CVE-2023-54264
CVE-2023-54266 CVE-2023-54269 CVE-2023-54270 CVE-2023-54271 CVE-2023-54274
CVE-2023-54275 CVE-2023-54277 CVE-2023-54280 CVE-2023-54284 CVE-2023-54286
CVE-2023-54287 CVE-2023-54289 CVE-2023-54292 CVE-2023-54293 CVE-2023-54294
CVE-2023-54295 CVE-2023-54298 CVE-2023-54299 CVE-2023-54300 CVE-2023-54301
CVE-2023-54302 CVE-2023-54304 CVE-2023-54305 CVE-2023-54309 CVE-2023-54311
CVE-2023-54315 CVE-2023-54317 CVE-2023-54319 CVE-2023-54321 CVE-2023-54325
CVE-2023-54326 CVE-2023-7324 CVE-2024-2312 CVE-2024-25621 CVE-2024-26581
CVE-2024-26832 CVE-2024-28956 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350
CVE-2024-36357 CVE-2024-44987 CVE-2024-46854 CVE-2024-50143 CVE-2024-54031
CVE-2025-10911 CVE-2025-11468 CVE-2025-11563 CVE-2025-11961 CVE-2025-12084
CVE-2025-13151 CVE-2025-13462 CVE-2025-1352 CVE-2025-13601 CVE-2025-1372
CVE-2025-1376 CVE-2025-1377 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017
CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819
CVE-2025-14831 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15282
CVE-2025-15366 CVE-2025-15367 CVE-2025-21658 CVE-2025-21738 CVE-2025-21738
CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-27466
CVE-2025-28162 CVE-2025-28164 CVE-2025-30258 CVE-2025-31133 CVE-2025-31133
CVE-2025-38068 CVE-2025-38129 CVE-2025-38159 CVE-2025-38234 CVE-2025-38375
CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-39742 CVE-2025-39797
CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39967 CVE-2025-39968
CVE-2025-39973 CVE-2025-39977 CVE-2025-39978 CVE-2025-40018 CVE-2025-40019
CVE-2025-40040 CVE-2025-40044 CVE-2025-40044 CVE-2025-40048 CVE-2025-40088
CVE-2025-40102 CVE-2025-40121 CVE-2025-40139 CVE-2025-40154 CVE-2025-40204
CVE-2025-40215 CVE-2025-40220 CVE-2025-40233 CVE-2025-40242 CVE-2025-40256
CVE-2025-40257 CVE-2025-40258 CVE-2025-40277 CVE-2025-40280 CVE-2025-40300
CVE-2025-40331 CVE-2025-40778 CVE-2025-40780 CVE-2025-45582 CVE-2025-52565
CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-53906 CVE-2025-54505
CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148
CVE-2025-58149 CVE-2025-58150 CVE-2025-58436 CVE-2025-58436 CVE-2025-58436
CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664
CVE-2025-61915 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-64505
CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-68160
CVE-2025-68183 CVE-2025-68276 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312
CVE-2025-68468 CVE-2025-68471 CVE-2025-68732 CVE-2025-68813 CVE-2025-68818
CVE-2025-68973 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421
CVE-2025-69720 CVE-2025-7039 CVE-2025-70873 CVE-2025-71066 CVE-2025-71085
CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2025-7709
CVE-2025-7709 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291
CVE-2025-8732 CVE-2025-9403 CVE-2025-9714 CVE-2025-9820 CVE-2026-0672
CVE-2026-0861 CVE-2026-0865 CVE-2026-0915 CVE-2026-0964 CVE-2026-0965
CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988 CVE-2026-0989
CVE-2026-0990 CVE-2026-0992 CVE-2026-1299 CVE-2026-1502 CVE-2026-1519
CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-22695 CVE-2026-22795
CVE-2026-22796 CVE-2026-22801 CVE-2026-22999 CVE-2026-23001 CVE-2026-23004
CVE-2026-23054 CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23103
CVE-2026-23191 CVE-2026-23204 CVE-2026-23209 CVE-2026-23243 CVE-2026-23268
CVE-2026-23269 CVE-2026-23272 CVE-2026-23274 CVE-2026-23553 CVE-2026-23557
CVE-2026-23558 CVE-2026-24515 CVE-2026-25210 CVE-2026-25646 CVE-2026-26269
CVE-2026-27135 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390
CVE-2026-28417 CVE-2026-29111 CVE-2026-31431 CVE-2026-31789 CVE-2026-31790
CVE-2026-3184 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33412
CVE-2026-33416 CVE-2026-3446 CVE-2026-34714 CVE-2026-3479 CVE-2026-34982
CVE-2026-34990 CVE-2026-35535 CVE-2026-3644 CVE-2026-3731 CVE-2026-3783
CVE-2026-3784 CVE-2026-3805 CVE-2026-4105 CVE-2026-4224 CVE-2026-4519
CVE-2026-4786 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958
CVE-2026-6019 CVE-2026-6100 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429
-----------------------------------------------------------------
The container sles-15-sp4-chost-byos-v20260507-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3788-1
Released: Fri Oct 24 15:28:50 2025
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3794-1
Released: Fri Oct 24 17:36:29 2025
Summary: Security update for chrony
Type: security
Severity: moderate
References: 1246544
This update for chrony fixes the following issues:
- Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544).
This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3843-1
Released: Tue Oct 28 17:40:42 2025
Summary: Security update for xen
Type: security
Severity: important
References: 1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148
This update for xen fixes the following issues:
- CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475)
- CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3853-1
Released: Wed Oct 29 15:06:03 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1229750
This update for vim fixes the following issues:
- Fix: vim compatible mode is not switched off earlier (bsc#1229750).
Nocompatible must be set before the syntax highlighting is turned on.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3854-1
Released: Wed Oct 29 15:10:39 2025
Summary: Recommended update for cifs-utils
Type: recommended
Severity: moderate
References: 1248816
This update for cifs-utils fixes the following issues:
- Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket
from the credential cache if the TGT is expired or not exist (bsc#1248816)
* cifs-utils: Skip TGT check if there is a valid service ticket
* cifs-utils: avoid using mktemp when updating mtab
* cifs-utils: add documentation for upcall_target
* setcifsacl: fix memory allocation for struct cifs_ace
* cifs.upcall: fix UAF in get_cachename_from_process_en
* cifs.upcall: fix memory leaks in check_service_ticket
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3930-1
Released: Tue Nov 4 09:26:22 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050
This update for gcc15 fixes the following issues:
This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 14 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc15 compilers use:
- install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages.
- override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages.
For a full changelog with all new GCC15 features, check out
https://gcc.gnu.org/gcc-15/changes.html
Update to GCC 15.2 release:
* the GCC 15.2 release contains regression fixes accumulated since
the GCC 15.1 release
- Prune the use of update-alternatives from openSUSE Factory and
SLFO.
- Adjust crosses to conflict consistently where they did not
already and make them use unsuffixed binaries.
- Tune for power10 for SLES 16. [jsc#PED-12029]
- Tune for z15 for SLES 16. [jsc#PED-253]
- Fix PR120827, ICE due to splitter emitting constant loads directly
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Enable C++ for offload compilers. [bsc#1243794]
- Add libgcobol and libquadmath-devel dependence to the cobol frontend
package.
Update to GCC 15 branch head, 15.1.1+git9595
* includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
for the AMD GCN offload compiler when llvm is new enough.
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Fix newlib libm miscompilation for GCN offloading.
Update to GCC trunk head, 15.0.1+git9001
* includes -msplit-patch-nops required for user-space livepatching
on powerpc
* includes fix for Ada build with --enable-host-pie
- Build GCC executables PIE on SLE. [bsc#1239938]
- Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF
debug info DW_AT_producer string. [bsc#1239566]
- Package GCC COBOL compiler for openSUSE Factory for supported
targets which are x86_64, aarch64 and ppc64le.
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Includes fix for emacs JIT use
- Bumps libgo SONAME to libgo24 which should fix go1.9 build
- Adjust cross compiler requirements to use %requires_ge
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3950-1
Released: Wed Nov 5 11:22:31 2025
Summary: Security update for runc
Type: security
Severity: important
References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881
This update for runc fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232).
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).
Update to runc v1.2.7.
- Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7>
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3986-1
Released: Fri Nov 7 11:31:03 2025
Summary: Security update for gpg2
Type: security
Severity: low
References: 1239119,CVE-2025-30258
This update for gpg2 fixes the following issues:
- CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4073-1
Released: Wed Nov 12 11:34:27 2025
Summary: Security update for runc
Type: security
Severity: important
References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881
This update for runc fixes the following issues:
Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0>
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4107-1
Released: Fri Nov 14 16:54:13 2025
Summary: Security update for bind
Type: security
Severity: important
References: 1252379,1252380,CVE-2025-40778,CVE-2025-40780
This update for bind fixes the following issues:
- CVE-2025-40778: Address various spoofing attacks (bsc#1252379).
- CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4111-1
Released: Sat Nov 15 19:38:39 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1205128,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214954,1214992,1215148,1217366,1236104,1249479,1249608,1249857,1249859,1249988,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251040,1251043,1251045,1251047,1251052,1251057,1251059,1251061,1251063,1251064,1251065,1251066,1251068,1251072,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251154,1251159,1251164,1251166,1251169,1251170,1251173,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251302,1251303,1251306,1251310,1251312,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1
251737,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252069,1252265,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252634,1252688,1252785,1252893,1252904,1252919,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-50488,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50
512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50525,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE-2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53541,CVE-2023-53542,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53559,CVE-2023-53560,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53576,CVE
-2023-53579,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-39742,CVE-2025-39
797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-40018,CVE-2025-40044,CVE-2025-40088,CVE-2025-40102
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
The following non security issues were fixed:
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4112-1
Released: Sat Nov 15 23:38:15 2025
Summary: Security update for openssh
Type: security
Severity: moderate
References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985
This update for openssh fixes the following issues:
- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
- CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4116-1
Released: Mon Nov 17 08:26:11 2025
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714
This update for libxml2 fixes the following issues:
- CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076)
- CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4118-1
Released: Mon Nov 17 09:06:55 2025
Summary: Recommended update for freetype2
Type: recommended
Severity: important
References: 1252148
This update for freetype2 fixes the following issues:
- Fix the %licence tag (bsc#1252148)
* package FTL.TXT and GPLv2.TXT as %license
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4092-1
Released: Mon Nov 24 10:08:22 2025
Summary: Security update for elfutils
Type: security
Severity: moderate
References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4224-1
Released: Tue Nov 25 10:53:48 2025
Summary: Security update for grub2
Type: security
Severity: moderate
References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664
This update for grub2 fixes the following issues:
- CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
Other fixes:
- Bump upstream SBAT generation to 6
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4288-1
Released: Fri Nov 28 09:25:32 2025
Summary: Security update for containerd
Type: security
Severity: important
References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329
This update for containerd fixes the following issues:
- Update to containerd v1.7.29
- CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126)
- CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4290-1
Released: Fri Nov 28 10:04:11 2025
Summary: Security update for cups
Type: security
Severity: moderate
References: 1234225,1244057,1253783,CVE-2025-58436,CVE-2025-61915
This update for cups fixes the following issues:
- CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783)
- CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4309-1
Released: Fri Nov 28 16:39:38 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4319-1
Released: Wed Dec 3 13:34:00 2025
Summary: Security update for cups
Type: security
Severity: important
References: 1254353,CVE-2025-58436
This update for cups fixes the following issues:
- The fix for CVE-2025-58436 causes a regression where
GTK applications will hang. (bsc#1254353)
See also https://github.com/OpenPrinting/cups/issues/1429
The fix has been temporary disabled.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4321-1
Released: Fri Dec 5 08:07:53 2025
Summary: Recommended update for pciutils
Type: recommended
Severity: moderate
References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347
This update for pciutils fixes the following issues:
pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138):
- Highlights of issues fixed:
* Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as
the ML110 Gen11 (bsc#1192862)
* Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228)
* Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094)
* Replaced dependency on pciutil-ids with hwdata
* Potentially disruptive change of PCI IDs Cache:
+ The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0)
This could be a disruptive change if users or scripts are relying on the old path.
- Key New Features and Utilities:
* New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level
diagnostic feature (v3.11.0)
* New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device
(v3.6.2)
* ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe
configuration space (v3.10.0)
* IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0)
- New Hardware and Protocol Decoding:
* Added support for decoding CXL capabilities (v3.9.0)
* Decoding for Advanced Error Reporting (AER) (v3.13.0)
* Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0)
* Decoding for Data Object Exchange (DOE) (v3.8.0)
* Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0)
* Decoding for Multicast capabilities (v3.6.3)
- Improved Output Clarity:
* PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0)
* BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as
'[virtual]' (v3.6.0)
- Command Behavior and System Changes:
* `lspci` Tree View (-t):
+ Can now be combined with `-s` to show only a specific sub-tree (v3.6.3)
+ Improved filtering options (v3.9.0)
+ Improved support of multi-domain systems (v3.10.0)
* `setpci`:
+ Can now check if a named register exists for that device's header type (v3.9.0)
* `update-pciids`:
+ Now supports XZ compression when downloading new ID lists (v3.11.0)
* Database Update:
+ The pci.ids device database was continuously updated across all versions.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4326-1
Released: Tue Dec 9 11:31:28 2025
Summary: Recommended update for runc
Type: recommended
Severity: moderate
References: 1254362
This update for runc fixes the following issues:
- Update to runc v1.3.4 (bsc#1254362)
- libct: fix mips compilation:
* When configuring a tmpfs mount, only set the mode= argument if the
target path already existed.
* Fix various file descriptor leaks and add additional tests to detect them as
comprehensively as possible.
- Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2,
which should make it easier for some downstreams to import runc without
pulling in too many extra packages.
- The runc binary distributed with this release are statically linked with the following
GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library':
* libseccomp: The versions of these libraries were not modified from their upstream versions
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4331-1
Released: Tue Dec 9 12:55:17 2025
Summary: Recommended update for kmod
Type: recommended
Severity: important
References: 1253741
This update for kmod fixes the following issues:
- Fix modprobe.d confusion on man page (bsc#1253741):
* document the config file order handling
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4347-1
Released: Wed Dec 10 14:02:26 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1249055,CVE-2025-7039
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4362-1
Released: Thu Dec 11 11:08:27 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1253043
This update for gcc15 fixes the following issues:
- Enable the use of _dl_find_object even when not available at build time. [bsc#1253043]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4368-1
Released: Thu Dec 11 16:12:16 2025
Summary: Security update for python3
Type: security
Severity: low
References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4425-1
Released: Wed Dec 17 12:20:02 2025
Summary: Security update for cups
Type: security
Severity: moderate
References: 1244057,1254353,CVE-2025-58436
This update for cups fixes the following issues:
Security issues fixed:
- CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other
clients (bsc#1244057).
Other issues fixed:
- Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4436-1
Released: Wed Dec 17 14:55:46 2025
Summary: Security update for libpng16
Type: security
Severity: important
References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4504-1
Released: Mon Dec 22 17:29:14 2025
Summary: Security update for glib2
Type: security
Severity: important
References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4525-1
Released: Fri Dec 26 13:19:00 2025
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1254132,CVE-2025-9820
This update for gnutls fixes the following issues:
- CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:27-1
Released: Mon Jan 5 13:45:08 2026
Summary: Security update for python3
Type: security
Severity: moderate
References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:29-1
Released: Mon Jan 5 13:58:05 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2025-39967,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033)
The following non-security bugs were fixed:
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:48-1
Released: Wed Jan 7 09:08:18 2026
Summary: Recommended update for pciutils
Type: recommended
Severity: moderate
References: 1252338
This update for pciutils fixes the following issues:
- Add a strict dependency to libpci to prevent possible segfault (bsc#1252338)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:214-1
Released: Thu Jan 22 13:09:26 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1255715,1256244,1256246,1256390,CVE-2025-68973
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:224-1
Released: Thu Jan 22 13:18:20 2026
Summary: Security update for libtasn1
Type: security
Severity: moderate
References: 1256341,CVE-2025-13151
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:360-1
Released: Mon Feb 2 10:55:33 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:394-1
Released: Thu Feb 5 16:42:04 2026
Summary: Security update for xen
Type: security
Severity: moderate
References: 1252692,1254180,1256745,1256747,CVE-2025-58149,CVE-2025-58150,CVE-2026-23553
This update for xen fixes the following issues:
Security fixes:
- CVE-2025-58150: Fixed buffer overrun with shadow paging and
tracing (XSA-477) (bsc#1256745)
- CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation
(XSA-479) (bsc#1256747)
- CVE-2025-58149: Fixed incorrect removal od permissions on PCI
device unplug allow PV guests to access memory of devices no
longer assigned to it (XSA-476) (bsc#1252692)
Other fixes:
- Fixed virtxend service restart. Caused by a failure to start
xenstored (bsc#1254180)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:432-1
Released: Wed Feb 11 10:11:56 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1248586,1254670,CVE-2025-7709
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:458-1
Released: Thu Feb 12 00:28:37 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1257049,CVE-2026-0988
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:462-1
Released: Thu Feb 12 08:38:20 2026
Summary: Recommended update for google-guest-configs
Type: recommended
Severity: important
References: 1198323,1256906
This update for google-guest-configs fixes the following issues:
- Update to version 20260116.00 (bsc#1256906)
* set_multiqueue: Only set XPS on 'multinic accelerator platforms'
- Update to version 20260112.00
* Make c4x a 'multinic accelerator platform'
* set_multiqueue xps: stop assuming 2 numa nodes
* Add IDPF irq setting; improve a4x-max performance
* Allow test injection of the root directory and metadata server endpoint
* add nic naming support for connextx VF in baremetal
* bugfix for idpf only rename got skipped.
* add a4x-max to google_set_multiqueue is_multinic_accelerator_platform
* remove unnecessary link up and down
* fix inconsistent NIC index between smart NICs and GPU NICs.
- Mark %{_modprobedir}/gce-blacklist.conf as %config(noreplace) (bsc#1198323)
- Update to version 20251014.00
- Update to version 20250913.00
* Swap guest-config rule from checking the build VM OS to taking in a variable for target version
- from version 20250826.00
* Moved tx/rx IRQ logging after assignment
* Fix core assignment in set_irq_range
* Correct IRQ tx/rx affinity core assignment
- Update to version 20250807.00
* Avoid duplicate entries for the metadata server in /etc/hosts
- Update to version 20250709.00
* Add comments in scripts to document the behavior in google hostname setting.
* Always use primary NIC IP for NetworkManager dispatcher hook.
- from version 20250626.00
* Fix spelling error: 'explicilty' to 'explicitly'
- Update to version 20250605.00
* Added comment to the bitmap conversion functions
* Remove IRQ affinity overwrite to XPS affinity
* Update XPS affinity to assign the remaining unassigned CPUs
to the last queue when populating the last queue
* Fix set_xps_affinity to correctly parse cpus array
* Update XPS CPU assignment logic
* Update CPU assignment algorithm in XPS affinity
* Remove commented code
* Update XPS affinity vCPU distribution algorithm s.t. the vCPUs assigned
to a queue are on the same core - fixed IRQ affinity on NUMA1 not using
the correct bind_cores_index
* Fixed NUMA comparison error in set_xps_affinity
* Update XPS affinity setup to be NUMA aware and support 64 bit CPU mask calculation
- from version 20250604.00
* Bug fix: bind_cores_begin to bind_cores_index
* Name smart NICs in lexicographic order
- Run %postun to modify %{_sysconfdir}/sysconfig/network/ifcfg-eth0
during uninstall only to avoid removal of POST_UP_SCRIPT on upgrade
- Update to version 20250516.00
* Remove unused fset
* Remove unused lines
* Update google_set_multiqueue to unpack IRQ ranges before core assignment
- Update to version 20250501.00
* Configure local domain as route only domain to support cloud dns local
domain but avoid adding it to the search path.
- from version 20250409.00
* Change RDMA test condition to ensure renaming race conditions can be detected.
- from version 20250328.00
* Revert 'Include systemd-networkd hook in Ubuntu packaging'
- from version 20250326.00
* Update google_set_multiqueue to check pnic_ids
- from version 20250221.00
* Make google_set_multiqueue aware A4X is multinic_accelerator_platform
- from version 20250207.00
* Update google_set_multiqueue to adapt A4 platform
* Merge branch 'GoogleCloudPlatform:master' into master
* Fix IS_A3_PLATFORM syntax
* Correct IS_A3_PLATFORM to save is_a3_platform results
* Remove excess empty line.
* Store is_a3_platform results into a global variable to avoid redundant curl calls
* Skip tx affinity binding on non-gvnic interfaces only on A3 platforms.
* Update comments for get_vcpu_ranges_on_accelerator_platform to reflect the expected vcpu ranges
* rename get_vcpu_ranges to get_vcpu_ranges_on_accelerator_platform
* Avoid IRQ binding on vCPU 0
* Fix returned value for get_vcpu_ranges
* Update get_vcpu_ranges to read from sys file instead of hardcoded value
* Update google_set_multiqueue to set vCPU ranges based on platform
* Add comment for handling IRQ binding on non-gvnic devices
* Update is_gvnic to include gvnic driver checks
* revert removed echo lines
* Update google_set_multiqueue to skip set_irq if nic is not a gvnic device.
* Update google_set_multiqueue to enable on A3Ultra family
- from version 20250124.00
* Fix missing files. This is a no-op.
* Also force virtio_scsi
- from version 20250116.00
* Add GPL-2 to licensing information
- from version 20250107.00
* Restore IDPF devices for renaming rules
- from version 20241213.00
* Remove Pat from owners file
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:463-1
Released: Thu Feb 12 08:40:25 2026
Summary: Recommended update for supportutils
Type: recommended
Severity: important
References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1256709
This update for supportutils fixes the following issues:
- scplugin.rc is restored in package 3.2.12.1 for continued compatibility (bsc#1256709)
- Changes to version 3.2.12:
* Optimized lsof usage and honors OPTION_OFILES (bsc#1232351)
* Run in containers without errors (bsc#1245667)
* Removed pmap PID from memory.txt (bsc#1246011)
* Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025)
* Improved database perforce with kGraft patching (bsc#1249657)
* Using last boot for journalctl for optimization (bsc#1250224)
* Fixed extraction failures (bsc#1252318)
* Update supportconfig.conf path in docs (bsc#1254425)
* drm_sub_info: Catch error when dir doesn't exist
* Replace remaining `egrep` with `grep -E`
* Add process affinity to slert logs
* Reintroduce cgroup statistics (and v2)
* Minor changes to basic-health-check: improve information level
* Collect important machine health counters
* powerpc: collect hot-pluggable PCI and PHB slots
* podman: collect podman disk usage
* Exclude binary files in crondir
* kexec/kdump: collect everything under /sys/kernel/kexec dir
* Use short-iso for journalctl
- Changes to version 3.2.11:
* Collect rsyslog frule files (bsc#1244003)
* Remove proxy passwords (bsc#1244011)
* Missing NetworkManager information (bsc#1241284)
* Include agama logs bsc#1244937)
* Additional NFS conf files
* New fadump sysfs files
* Fixed change log dates
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:508-1
Released: Fri Feb 13 15:50:21 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:510-1
Released: Fri Feb 13 15:52:36 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1254666,CVE-2025-14104
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:575-1
Released: Wed Feb 18 10:10:36 2026
Summary: Security update for libpcap
Type: security
Severity: low
References: 1255765,CVE-2025-11961
This update for libpcap fixes the following issues:
- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
read and write (bsc#1255765).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:577-1
Released: Wed Feb 18 16:49:13 2026
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471
This update for avahi fixes the following issues:
- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:596-1
Released: Mon Feb 23 16:57:20 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646
This update for libpng16 fixes the following issues:
- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:606-1
Released: Tue Feb 24 12:19:29 2026
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:617-1
Released: Tue Feb 24 16:18:34 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1193629,1194869,1196823,1204957,1205567,1206889,1207051,1207088,1207611,1207620,1207622,1207636,1207644,1207646,1207652,1207653,1208570,1208758,1209799,1210817,1210943,1211690,1213025,1213032,1213093,1213105,1213110,1213111,1213653,1213747,1213867,1214635,1214940,1214962,1214986,1214990,1216062,1220137,1220144,1223007,1228015,1230185,1231084,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1238896,1238917,1242006,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1249871,1250397,1252046,1252678,1252785,1253028,1253409,1253702,1254462,1254463,1254464,1254520,1254559,1254562,1254572,1254578,1254580,1254592,1254608,1254609,1254614,1254615,1254617,1254625,1254631,1254632,1254634,1254644,1254645,1254649,1254653,1254656,1254658,1254660,1254664,1254671,1254674,1254676,1254677,1254686,1254690,1254692,1254694,1254696,1254698,1254699,1254704,1254706,1254709,1254710,1254711,1254712,1254713,1254714,1
254716,1254723,1254725,1254728,1254729,1254743,1254745,1254751,1254756,1254759,1254763,1254767,1254775,1254780,1254781,1254782,1254783,1254785,1254788,1254789,1254792,1254813,1254842,1254843,1254847,1254851,1254894,1254902,1254915,1254916,1254917,1254920,1254959,1254974,1254986,1254994,1255002,1255005,1255007,1255049,1255060,1255163,1255165,1255171,1255251,1255377,1255401,1255467,1255469,1255521,1255528,1255546,1255549,1255554,1255555,1255558,1255560,1255562,1255565,1255574,1255576,1255578,1255582,1255594,1255600,1255607,1255608,1255609,1255618,1255619,1255620,1255623,1255624,1255626,1255627,1255628,1255636,1255688,1255690,1255697,1255702,1255704,1255749,1255750,1255757,1255758,1255760,1255762,1255769,1255771,1255773,1255780,1255786,1255787,1255789,1255790,1255791,1255792,1255796,1255797,1255800,1255801,1255802,1255803,1255804,1255806,1255808,1255819,1255839,1255843,1255844,1255872,1255875,1255876,1255877,1255878,1255880,1255889,1255901,1255902,1255905,1255906,1255908,1255909,125591
0,1255912,1255919,1255922,1255925,1255939,1255950,1255953,1255954,1255962,1255964,1255968,1255969,1255970,1255971,1255978,1255979,1255983,1255985,1255990,1255993,1255994,1255996,1256034,1256040,1256042,1256045,1256046,1256048,1256049,1256053,1256056,1256057,1256062,1256063,1256064,1256065,1256074,1256081,1256086,1256091,1256093,1256095,1256099,1256114,1256115,1256118,1256119,1256121,1256122,1256124,1256125,1256126,1256127,1256130,1256131,1256132,1256133,1256136,1256137,1256140,1256141,1256142,1256143,1256145,1256149,1256152,1256154,1256155,1256157,1256158,1256162,1256165,1256167,1256172,1256173,1256174,1256177,1256178,1256179,1256182,1256184,1256185,1256186,1256188,1256189,1256191,1256192,1256193,1256194,1256196,1256199,1256200,1256202,1256203,1256204,1256205,1256206,1256207,1256208,1256211,1256215,1256216,1256219,1256220,1256221,1256223,1256228,1256230,1256231,1256235,1256241,1256242,1256245,1256248,1256250,1256254,1256260,1256265,1256269,1256271,1256274,1256282,1256285,1256291,125
6295,1256300,1256306,1256317,1256320,1256323,1256326,1256328,1256333,1256334,1256335,1256337,1256338,1256344,1256346,1256349,1256353,1256355,1256368,1256370,1256375,1256382,1256383,1256384,1256386,1256388,1256391,1256394,1256395,1256396,1256397,1256423,1256426,1256432,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,1257749,1257771,1257790,CVE-2022-0854,CVE-2022-48853,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50614,CVE-2022-50615,CVE-2022-50617,CVE-2022-50618,CVE-2022-50619,CVE-2022-50622,CVE-2022-50623,CVE-2022-50625,CVE-2022-50626,CVE-2022-50629,CVE-2022-50630,CVE-2022-50633,CVE-2022-50635,CVE-2022-50636,CVE-2022-50638,CVE-2022-50640,CVE-2022-50641,CVE-2022-50643,CVE-2022-50644,CVE-2022-50646,CVE-2022-50649,CVE-2022-50652,CVE-2022-50653,CVE-2022-50656,CVE-2022-50658,CVE-2022-50660,CVE-2022-50661,CVE-2022-50662,CVE-2022-50664,CVE-2022-50666,CVE-2022-50668,CVE-2022-50669,CVE-2022-50670,CVE-2022-50671,CVE-2022-
50672,CVE-2022-50673,CVE-2022-50675,CVE-2022-50677,CVE-2022-50678,CVE-2022-50679,CVE-2022-50697,CVE-2022-50698,CVE-2022-50699,CVE-2022-50700,CVE-2022-50702,CVE-2022-50703,CVE-2022-50704,CVE-2022-50709,CVE-2022-50715,CVE-2022-50716,CVE-2022-50717,CVE-2022-50718,CVE-2022-50719,CVE-2022-50722,CVE-2022-50724,CVE-2022-50726,CVE-2022-50727,CVE-2022-50728,CVE-2022-50730,CVE-2022-50731,CVE-2022-50732,CVE-2022-50733,CVE-2022-50735,CVE-2022-50736,CVE-2022-50740,CVE-2022-50742,CVE-2022-50744,CVE-2022-50745,CVE-2022-50747,CVE-2022-50749,CVE-2022-50750,CVE-2022-50751,CVE-2022-50752,CVE-2022-50754,CVE-2022-50755,CVE-2022-50756,CVE-2022-50757,CVE-2022-50758,CVE-2022-50760,CVE-2022-50761,CVE-2022-50763,CVE-2022-50767,CVE-2022-50769,CVE-2022-50770,CVE-2022-50773,CVE-2022-50774,CVE-2022-50776,CVE-2022-50777,CVE-2022-50779,CVE-2022-50781,CVE-2022-50782,CVE-2022-50809,CVE-2022-50814,CVE-2022-50819,CVE-2022-50821,CVE-2022-50822,CVE-2022-50823,CVE-2022-50824,CVE-2022-50826,CVE-2022-50827,CVE-2022-50828,C
VE-2022-50829,CVE-2022-50830,CVE-2022-50832,CVE-2022-50834,CVE-2022-50835,CVE-2022-50836,CVE-2022-50839,CVE-2022-50840,CVE-2022-50842,CVE-2022-50843,CVE-2022-50844,CVE-2022-50845,CVE-2022-50846,CVE-2022-50848,CVE-2022-50849,CVE-2022-50850,CVE-2022-50851,CVE-2022-50853,CVE-2022-50856,CVE-2022-50858,CVE-2022-50859,CVE-2022-50860,CVE-2022-50861,CVE-2022-50864,CVE-2022-50866,CVE-2022-50868,CVE-2022-50870,CVE-2022-50872,CVE-2022-50876,CVE-2022-50878,CVE-2022-50880,CVE-2022-50881,CVE-2022-50882,CVE-2022-50884,CVE-2022-50885,CVE-2022-50886,CVE-2022-50887,CVE-2022-50888,CVE-2022-50889,CVE-2023-23559,CVE-2023-52433,CVE-2023-52923,CVE-2023-53178,CVE-2023-53215,CVE-2023-53254,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53743,CVE-2023-53744,CVE-2023-53746,CVE-2023-53747,CVE-2023-53751,CVE-2023-53754,CVE-2023-53755,CVE-2023-53761,CVE-2023-53766,CVE-2023-53781,CVE-2023-53783,CVE-2023-53786,CVE-2023-53788,CVE-2023-53792,CVE-2023-53794,CVE-2023-53802,CVE-2023-53803,CVE-2023
-53804,CVE-2023-53808,CVE-2023-53811,CVE-2023-53814,CVE-2023-53818,CVE-2023-53819,CVE-2023-53820,CVE-2023-53827,CVE-2023-53830,CVE-2023-53832,CVE-2023-53834,CVE-2023-53837,CVE-2023-53840,CVE-2023-53842,CVE-2023-53844,CVE-2023-53845,CVE-2023-53847,CVE-2023-53850,CVE-2023-53852,CVE-2023-53858,CVE-2023-53862,CVE-2023-53866,CVE-2023-53990,CVE-2023-53991,CVE-2023-53996,CVE-2023-53998,CVE-2023-54001,CVE-2023-54003,CVE-2023-54007,CVE-2023-54009,CVE-2023-54010,CVE-2023-54014,CVE-2023-54015,CVE-2023-54018,CVE-2023-54019,CVE-2023-54020,CVE-2023-54021,CVE-2023-54024,CVE-2023-54025,CVE-2023-54026,CVE-2023-54028,CVE-2023-54036,CVE-2023-54039,CVE-2023-54040,CVE-2023-54042,CVE-2023-54045,CVE-2023-54046,CVE-2023-54048,CVE-2023-54049,CVE-2023-54050,CVE-2023-54051,CVE-2023-54053,CVE-2023-54055,CVE-2023-54058,CVE-2023-54064,CVE-2023-54072,CVE-2023-54076,CVE-2023-54078,CVE-2023-54079,CVE-2023-54083,CVE-2023-54084,CVE-2023-54090,CVE-2023-54091,CVE-2023-54092,CVE-2023-54095,CVE-2023-54096,CVE-2023-54097,
CVE-2023-54098,CVE-2023-54100,CVE-2023-54102,CVE-2023-54104,CVE-2023-54108,CVE-2023-54110,CVE-2023-54111,CVE-2023-54115,CVE-2023-54118,CVE-2023-54119,CVE-2023-54120,CVE-2023-54122,CVE-2023-54123,CVE-2023-54126,CVE-2023-54127,CVE-2023-54130,CVE-2023-54131,CVE-2023-54136,CVE-2023-54140,CVE-2023-54142,CVE-2023-54146,CVE-2023-54150,CVE-2023-54153,CVE-2023-54156,CVE-2023-54159,CVE-2023-54166,CVE-2023-54168,CVE-2023-54170,CVE-2023-54171,CVE-2023-54173,CVE-2023-54177,CVE-2023-54179,CVE-2023-54183,CVE-2023-54186,CVE-2023-54189,CVE-2023-54190,CVE-2023-54197,CVE-2023-54198,CVE-2023-54199,CVE-2023-54201,CVE-2023-54202,CVE-2023-54205,CVE-2023-54208,CVE-2023-54211,CVE-2023-54213,CVE-2023-54214,CVE-2023-54219,CVE-2023-54230,CVE-2023-54236,CVE-2023-54242,CVE-2023-54243,CVE-2023-54244,CVE-2023-54245,CVE-2023-54252,CVE-2023-54260,CVE-2023-54264,CVE-2023-54266,CVE-2023-54269,CVE-2023-54270,CVE-2023-54271,CVE-2023-54274,CVE-2023-54275,CVE-2023-54277,CVE-2023-54280,CVE-2023-54284,CVE-2023-54286,CVE-202
3-54287,CVE-2023-54289,CVE-2023-54292,CVE-2023-54293,CVE-2023-54294,CVE-2023-54295,CVE-2023-54298,CVE-2023-54299,CVE-2023-54300,CVE-2023-54301,CVE-2023-54302,CVE-2023-54304,CVE-2023-54305,CVE-2023-54309,CVE-2023-54311,CVE-2023-54315,CVE-2023-54317,CVE-2023-54319,CVE-2023-54321,CVE-2023-54325,CVE-2023-54326,CVE-2024-26581,CVE-2024-26832,CVE-2024-28956,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44987,CVE-2024-46854,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21738,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-39977,CVE-2025-40019,CVE-2025-40044,CVE-2025-40139,CVE-2025-40215,CVE-2025-40220,CVE-2025-40233,CVE-2025-40256,CVE-2025-40257,CVE-2025-40258,CVE-2025-40277,CVE-2025-40280,CVE-2025-40300,CVE-2025-40331,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68732,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089
,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001,CVE-2026-23074,CVE-2026-23089
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
The following non security issues were fixed:
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
- x86: make page fault handling disable interrupts properly (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:664-1
Released: Thu Feb 26 16:15:04 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:694-1
Released: Fri Feb 27 16:14:32 2026
Summary: Security update for gpg2
Type: security
Severity: moderate
References: 1256389
This update for gpg2 fixes the following issues:
Security fix:
- Fixed GnuPG accepting Path Separators and Path Traversals
in Literal Data (bsc#1256389)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:741-1
Released: Mon Mar 2 09:11:04 2026
Summary: Security update for shim
Type: security
Severity: moderate
References: 1240871,1247432,CVE-2024-2312
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:791-1
Released: Tue Mar 3 16:59:33 2026
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1257463
This update for gcc15 fixes the following issues:
- Fix bogus expression simplification (bsc#1257463)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:823-1
Released: Thu Mar 5 15:32:08 2026
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1258022
This update for grub2 fixes the following issues:
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:826-1
Released: Thu Mar 5 16:16:29 2026
Summary: Security update for expat
Type: security
Severity: moderate
References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:837-1
Released: Fri Mar 6 08:30:05 2026
Summary: Recommended update for syslogd
Type: recommended
Severity: moderate
References:
This update for syslogd fixes the following issues:
- Drop last sysvinit Requirement/Provide (jsc#PED-13698)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:862-1
Released: Wed Mar 11 10:59:55 2026
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1257960,CVE-2025-14831
This update for gnutls fixes the following issues:
- CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing
a large number of name constraints and subject alternative names (SANs) (bsc#1257960).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:896-1
Released: Fri Mar 13 16:25:07 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
- CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766)
- CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822)
- CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005)
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:911-1
Released: Tue Mar 17 20:56:12 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:912-1
Released: Wed Mar 18 07:19:42 2026
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1229003,1258002
This update for ca-certificates-mozilla fixes the following issues:
- test for a concretely missing certificate rather than
just the directory, as the latter is now also provided by openssl-3
- Re-create java-cacerts with SOURCE_DATE_EPOCH set
for reproducible builds (bsc#1229003)
- Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user
during install: allow rpm to properly execute %clean when completed.
- Create /var/lib/ca-certificates during build to ensure rpm gives
the %ghost'ed directory proper mode attributes.
- Updated to 2.84 state (bsc#1258002)
* Removed:
+ Baltimore CyberTrust Root
+ CommScope Public Trust ECC Root-01
+ CommScope Public Trust ECC Root-02
+ CommScope Public Trust RSA Root-01
+ CommScope Public Trust RSA Root-02
+ DigiNotar Root CA
* Added:
+ e-Szigno TLS Root CA 2023
+ OISTE Client Root ECC G1
+ OISTE Client Root RSA G1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
+ SwissSign RSA SMIME Root CA 2022 - 1
+ SwissSign RSA TLS Root CA 2022 - 1
+ TrustAsia SMIME ECC Root CA
+ TrustAsia SMIME RSA Root CA
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
- reenable the distrusted certs again. the distrust is only for certs
issued after the distrust date, not for all certs of a CA.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:931-1
Released: Thu Mar 19 09:23:14 2026
Summary: Security update for jq
Type: security
Severity: low
References: 1248600,CVE-2025-9403
This update for jq fixes the following issue:
- CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:949-1
Released: Fri Mar 20 19:08:19 2026
Summary: Security update for runc
Type: security
Severity: important
References:
This update for runc rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:982-1
Released: Mon Mar 23 17:48:23 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1258859,CVE-2026-3184
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:984-1
Released: Mon Mar 23 23:20:28 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1238917,1255075,1256645,1257231,1257473,1257732,1257735,1258340,1258395,1258518,1258849,1258850,1259857,CVE-2025-21738,CVE-2025-40242,CVE-2025-71066,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23191,CVE-2026-23204,CVE-2026-23209,CVE-2026-23268,CVE-2026-23269
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non-security bugs were fixed:
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1061-1
Released: Thu Mar 26 11:35:08 2026
Summary: Security update for systemd
Type: security
Severity: important
References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- 6a38d88a42 machined: reject invalid class types when registering machines
- 8c9a592e5a udev: fix review mixup
- b57007a917 udev-builtin-net-id: print cescaped bad attributes
- ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
- 0f63e799e6 udev: ensure tag parsing stays within bounds
- 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
- 5be21460ce udev: check for invalid chars in various fields received from the kernel
- 9559607b16 core/cgroup: avoid one unnecessary strjoina()
- fcae348ca4 core: validate input cgroup path more prudently
- a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
- 08125d6b06 units: add dep on systemd-logind.service by user at .service
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1065-1
Released: Thu Mar 26 11:38:12 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1090-1
Released: Thu Mar 26 18:44:54 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257181,CVE-2026-1299
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1095-1
Released: Thu Mar 26 19:05:08 2026
Summary: Security update for vim
Type: security
Severity: moderate
References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1105-1
Released: Fri Mar 27 08:03:05 2026
Summary: Security update for containerd
Type: security
Severity: important
References:
This update for containerd rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1166-1
Released: Thu Apr 2 03:08:04 2026
Summary: Security update for expat
Type: security
Severity: important
References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1177-1
Released: Thu Apr 2 17:00:30 2026
Summary: Security update for tar
Type: security
Severity: important
References: 1246399,CVE-2025-45582
This update for tar fixes the following issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1247-1
Released: Fri Apr 10 12:34:39 2026
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1259845,CVE-2026-27135
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1257-1
Released: Fri Apr 10 16:59:14 2026
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1309-1
Released: Tue Apr 14 12:39:22 2026
Summary: Security update for sudo
Type: security
Severity: important
References: 1261420,CVE-2026-35535
This update for sudo fixes the following issue:
- CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2026:1315-1
Released: Tue Apr 14 13:26:20 2026
Summary: Optional update for rsyslog
Type: optional
Severity: moderate
References:
This update for rsyslog fixes the following issue:
- add the rsyslog-module-ossl (openssl TLS support).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1323-1
Released: Tue Apr 14 15:11:50 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1260754,CVE-2026-33416
This update for libpng16 fixes the following issues:
- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
execution (bsc#1260754).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1383-1
Released: Thu Apr 16 11:14:40 2026
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: important
References: 1230861,1239439,1241002,1244550,1257490,1257625,1257667,1257825,1261155
This update for suseconnect-ng fixes the following issues:
- Update version to 1.21.1:
* Fix nil token handling (bsc#1261155)
* Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
* Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226).
* Support new profile based metric collection
* Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667)
* Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260).
* Removed backport patch
* Add missing product id to allow yast2-registration to not break (bsc#1257825)
* Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
* Ignore product in announce call (bsc#1257490)
* Registration to SMT server with failed (bsc#1257625)
- Update version to 1.20:
* Update error message for Public Cloud instances with registercloudguest installed.
SUSEConnect -d is disabled on PYAG and BYOS when
the registercloudguest command is available. (bsc#1230861)
* Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
* Fixed modules and extension link to point to version less documentation. (bsc#1239439)
* Fixed SAP instance detection (bsc#1244550)
* Remove link to extensions documentation (bsc#1239439)
* Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the new golang public library
which can be consumed without the need to interface with SUSEConnect directly.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1387-1
Released: Thu Apr 16 11:17:48 2026
Summary: Security update for vim
Type: security
Severity: important
References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982
This update for vim fixes the following issues:
Update to version 9.2.0280.
- CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command
execution (bsc#1261271).
- CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution
(bsc#1261191).
- CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to
arbitrary code execution (bsc#1259985).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1399-1
Released: Thu Apr 16 12:44:14 2026
Summary: Security update for cups
Type: security
Severity: important
References: 1261568,CVE-2026-34990
This update for cups fixes the following issue:
- CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1428-1
Released: Fri Apr 17 12:00:40 2026
Summary: Security update for bind
Type: security
Severity: important
References: 1260805,CVE-2026-1519
This update for bind fixes the following issues:
- CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released: Fri Apr 17 12:12:08 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issue:
- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1487-1
Released: Mon Apr 20 17:52:11 2026
Summary: Security update for runc
Type: security
Severity: important
References:
This update for runc rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1495-1
Released: Mon Apr 20 17:59:12 2026
Summary: Security update for containerd
Type: security
Severity: important
References:
This update for containerd rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1510-1
Released: Tue Apr 21 08:28:12 2026
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1259924,CVE-2025-69720
This update for ncurses fixes the following issue:
- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1562-1
Released: Thu Apr 23 09:05:52 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1261678,CVE-2026-28390
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1563-1
Released: Thu Apr 23 09:07:39 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1246057,1256504,1256675,1257773,1259797,1260005,1260009,CVE-2025-38234,CVE-2025-68818,CVE-2026-23103,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057).
- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
The following non security issue was fixed:
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1565-1
Released: Thu Apr 23 09:08:29 2026
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731
This update for libssh fixes the following issues:
- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).
- CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1659-1
Released: Wed Apr 29 13:09:06 2026
Summary: Security update for sed
Type: security
Severity: moderate
References: 1262144,CVE-2026-5958
This update for sed fixes the following issues:
- CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file
overwrite (bsc#1262144).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1665-1
Released: Thu Apr 30 16:53:18 2026
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1222465,1234736
This update for util-linux fixes the following issues:
- Recognize fuse 'portal' as a virtual file system (bsc#1234736).
- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1672-1
Released: Sat May 2 08:02:29 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1262573,CVE-2026-31431
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one security issue.
The following security issue was fixed:
- CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1692-1
Released: Tue May 5 10:03:54 2026
Summary: Security update for xen
Type: security
Severity: moderate
References: 1262178,1262180,1262428,CVE-2025-54505,CVE-2026-23557,CVE-2026-23558
This update for xen fixes the following issues:
- CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 (bsc#1262428).
- CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178).
- CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1715-1
Released: Wed May 6 14:09:30 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100
This update for python3 fixes the following issues:
- CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to
misinterpretation of tar archives (bsc#1259611).
- CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969).
- CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be
processed (bsc#1261970).
- CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass
(bsc#1259734).
- CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
- CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser
command line option injection (bsc#1260026).
- CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection
(bsc#1262319).
- CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654).
- CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is
under memory pressure(bsc#1262098).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1717-1
Released: Wed May 6 14:13:17 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).
- CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).
- CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).
- CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).
- CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).
Other updates and bugfixes:
- sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1721-1
Released: Wed May 6 16:43:37 2026
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: important
References: 1253223,1258406,1258730
This update for cloud-netconfig fixes the following issues:
- Update to version 1.19:
* Make sure IPADDR variable is stripped of netmask
- Update to version 1.18:
* Fix issue with link-local address routing (bsc#1258730)
- Update to version 1.17:
* Do not set broadcast address explicitly (bsc#1258406)
- Update to version 1.16:
* Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223)
* Fix variable names in the README
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1757-1
Released: Thu May 7 16:02:15 2026
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1259543
This update for grub2 fixes the following issues:
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
* btrfs: add ability to boot from subvolumes
* btrfs: get default subvolume
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1758-1
Released: Thu May 7 16:03:01 2026
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1261274
This update for dracut fixes the following issues:
- Update to version 055+suse.362.ge7032140:
* fix: make iso-scan trigger udev events (bsc#1261274)
The following package changes have been done:
- bash-sh-4.4-150400.27.6.1 updated
- bash-4.4-150400.27.6.1 updated
- bind-utils-9.16.50-150400.5.59.1 updated
- ca-certificates-mozilla-2.84-150200.44.1 updated
- chrony-pool-suse-4.1-150400.21.8.1 updated
- chrony-4.1-150400.21.8.1 updated
- cifs-utils-6.15-150400.3.18.1 updated
- cloud-netconfig-gce-1.19-150000.25.31.1 updated
- containerd-ctr-1.7.29-150000.132.1 updated
- containerd-1.7.29-150000.132.1 updated
- cups-config-2.2.7-150000.3.86.1 updated
- curl-8.14.1-150400.5.83.1 updated
- dracut-055+suse.362.ge7032140-150400.3.43.1 updated
- e2fsprogs-1.46.4-150400.3.9.2 added
- elfutils-0.185-150400.5.8.3 updated
- glibc-locale-base-2.31-150300.98.1 updated
- glibc-locale-2.31-150300.98.1 updated
- glibc-2.31-150300.98.1 updated
- google-guest-configs-20260116.00-150400.13.25.1 updated
- gpg2-2.2.27-150300.3.19.1 updated
- grub2-i386-pc-2.06-150400.11.72.2 updated
- grub2-x86_64-efi-2.06-150400.11.72.2 updated
- grub2-2.06-150400.11.72.2 updated
- iptables-1.8.7-1.1 added
- jq-1.6-150000.3.12.1 updated
- kernel-default-5.14.21-150400.24.205.1 updated
- kmod-29-150300.4.18.1 updated
- libasm1-0.185-150400.5.8.3 updated
- libavahi-client3-0.8-150400.7.26.1 updated
- libavahi-common3-0.8-150400.7.26.1 updated
- libblkid1-2.37.2-150400.8.44.1 updated
- libcap2-2.63-150400.3.6.1 updated
- libcups2-2.2.7-150000.3.86.1 updated
- libcurl4-8.14.1-150400.5.83.1 updated
- libdw1-0.185-150400.5.8.3 updated
- libelf1-0.185-150400.5.8.3 updated
- libexpat1-2.7.1-150400.3.37.1 updated
- libext2fs2-1.46.4-150400.3.9.2 added
- libfdisk1-2.37.2-150400.8.44.1 updated
- libfreetype6-2.10.4-150000.4.25.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.9.1 updated
- libglib-2_0-0-2.70.5-150400.3.34.1 updated
- libgnutls30-3.7.3-150400.4.56.1 updated
- libip6tc2-1.8.7-1.1 added
- libjq1-1.6-150000.3.12.1 updated
- libkmod2-29-150300.4.18.1 updated
- libmount1-2.37.2-150400.8.44.1 updated
- libncurses6-6.1-150000.5.33.1 updated
- libnftnl11-1.2.0-150400.1.6 added
- libnghttp2-14-1.40.0-150200.22.1 updated
- libopenssl1_1-1.1.1l-150400.7.93.1 updated
- libpcap1-1.10.1-150400.3.9.1 updated
- libpci3-3.13.0-150300.13.12.1 updated
- libpng16-16-1.6.34-150000.3.22.1 updated
- libprocps8-3.3.17-150000.7.42.1 added
- libpython3_6m1_0-3.6.15-150300.10.118.1 updated
- libreadline7-7.0-150400.27.6.1 updated
- libsmartcols1-2.37.2-150400.8.44.1 updated
- libsqlite3-0-3.51.3-150000.3.39.1 updated
- libssh-config-0.9.8-150400.3.17.1 updated
- libssh4-0.9.8-150400.3.17.1 updated
- libstdc++6-15.2.0+git10201-150000.1.9.1 updated
- libsystemd0-249.17-150400.8.55.1 updated
- libtasn1-6-4.13-150000.4.14.1 updated
- libtasn1-4.13-150000.4.14.1 updated
- libudev1-249.17-150400.8.55.1 updated
- libuuid1-2.37.2-150400.8.44.1 updated
- libxml2-2-2.9.14-150400.5.55.1 updated
- ncurses-utils-6.1-150000.5.33.1 updated
- openssh-clients-8.4p1-150300.3.57.1 updated
- openssh-common-8.4p1-150300.3.57.1 updated
- openssh-server-8.4p1-150300.3.57.1 updated
- openssh-8.4p1-150300.3.57.1 updated
- openssl-1_1-1.1.1l-150400.7.93.1 updated
- pciutils-3.13.0-150300.13.12.1 updated
- procps-3.3.17-150000.7.42.1 added
- python3-base-3.6.15-150300.10.118.1 updated
- python3-bind-9.16.50-150400.5.59.1 updated
- python3-3.6.15-150300.10.118.1 updated
- rsyslog-module-relp-8.2306.0-150400.5.35.1 updated
- rsyslog-8.2306.0-150400.5.35.1 updated
- runc-1.3.4-150000.92.1 updated
- sed-4.4-150300.13.6.1 updated
- shim-16.1-150300.4.31.3 updated
- sudo-1.9.9-150400.4.42.1 updated
- supportutils-3.2.12.1-150300.7.35.39.1 updated
- suseconnect-ng-1.21.1-150400.3.49.1 updated
- syslog-service-2.0-150300.13.3.1 updated
- systemd-sysvinit-249.17-150400.8.55.1 updated
- systemd-249.17-150400.8.55.1 updated
- tar-1.34-150000.3.37.1 updated
- terminfo-base-6.1-150000.5.33.1 updated
- terminfo-6.1-150000.5.33.1 updated
- udev-249.17-150400.8.55.1 updated
- util-linux-systemd-2.37.2-150400.8.44.1 updated
- util-linux-2.37.2-150400.8.44.1 updated
- vim-data-common-9.2.0280-150000.5.89.1 updated
- vim-9.2.0280-150000.5.89.1 updated
- xen-libs-4.16.7_08-150400.4.81.2 updated
- xtables-plugins-1.8.7-1.1 added
- iproute2-5.14-150400.3.3.1 removed
More information about the sle-container-updates
mailing list