SUSE-CU-2026:4881-1: Security update of suse/sle-micro-rancher/5.4
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed May 13 07:23:04 UTC 2026
SUSE Container Update Advisory: suse/sle-micro-rancher/5.4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4881-1
Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.106 , suse/sle-micro-rancher/5.4:latest
Container Release : 4.5.106
Severity : important
Type : security
References : 1065729 1193629 1194869 1196823 1204957 1205567 1206889 1207051
1207088 1207611 1207620 1207622 1207636 1207644 1207646 1207652
1207653 1208570 1208758 1209554 1209799 1210817 1210943 1211690
1213025 1213032 1213093 1213105 1213110 1213111 1213653 1213747
1213867 1214635 1214940 1214962 1214986 1214990 1216062 1220137
1220144 1222465 1223007 1227397 1228015 1229003 1230185 1231084
1233038 1234736 1235905 1236104 1236208 1237885 1237906 1238414
1238754 1238763 1238896 1238917 1238917 1240871 1242006 1244758
1244904 1245110 1245210 1245723 1245751 1246057 1246399 1246602
1246965 1247177 1247432 1247483 1248306 1248377 1248586 1248600
1249156 1249158 1249806 1249827 1249871 1250397 1250553 1250553
1250984 1251786 1252033 1252046 1252267 1252338 1252678 1252768
1252780 1252785 1252862 1253002 1253028 1253043 1253367 1253409
1253431 1253436 1253702 1254157 1254158 1254159 1254160 1254286
1254297 1254441 1254462 1254463 1254464 1254480 1254520 1254559
1254562 1254572 1254578 1254580 1254592 1254608 1254609 1254614
1254615 1254617 1254625 1254631 1254632 1254634 1254644 1254645
1254649 1254653 1254656 1254658 1254660 1254662 1254664 1254666
1254670 1254670 1254671 1254674 1254676 1254677 1254686 1254690
1254692 1254694 1254696 1254698 1254699 1254704 1254706 1254709
1254710 1254711 1254712 1254713 1254714 1254716 1254723 1254725
1254728 1254729 1254743 1254745 1254751 1254756 1254759 1254763
1254767 1254775 1254780 1254781 1254782 1254783 1254785 1254788
1254789 1254792 1254813 1254842 1254843 1254847 1254851 1254878
1254894 1254902 1254915 1254916 1254917 1254920 1254959 1254974
1254986 1254994 1255002 1255005 1255007 1255049 1255060 1255075
1255163 1255165 1255171 1255251 1255377 1255401 1255467 1255469
1255521 1255528 1255546 1255549 1255554 1255555 1255558 1255560
1255562 1255565 1255574 1255576 1255578 1255582 1255594 1255600
1255607 1255608 1255609 1255618 1255619 1255620 1255623 1255624
1255626 1255627 1255628 1255636 1255688 1255690 1255697 1255702
1255704 1255715 1255731 1255732 1255733 1255734 1255749 1255750
1255757 1255758 1255760 1255762 1255769 1255771 1255773 1255780
1255786 1255787 1255789 1255790 1255791 1255792 1255796 1255797
1255800 1255801 1255802 1255803 1255804 1255806 1255808 1255819
1255839 1255843 1255844 1255872 1255875 1255876 1255877 1255878
1255880 1255889 1255901 1255902 1255905 1255906 1255908 1255909
1255910 1255912 1255919 1255922 1255925 1255939 1255950 1255953
1255954 1255962 1255964 1255968 1255969 1255970 1255971 1255978
1255979 1255983 1255985 1255990 1255993 1255994 1255996 1256034
1256040 1256042 1256045 1256046 1256048 1256049 1256053 1256056
1256057 1256062 1256063 1256064 1256065 1256074 1256081 1256086
1256091 1256093 1256095 1256099 1256105 1256114 1256115 1256118
1256119 1256121 1256122 1256124 1256125 1256126 1256127 1256130
1256131 1256132 1256133 1256136 1256137 1256140 1256141 1256142
1256143 1256145 1256149 1256152 1256154 1256155 1256157 1256158
1256162 1256165 1256167 1256172 1256173 1256174 1256177 1256178
1256179 1256182 1256184 1256185 1256186 1256188 1256189 1256191
1256192 1256193 1256194 1256196 1256199 1256200 1256202 1256203
1256204 1256205 1256206 1256207 1256208 1256211 1256215 1256216
1256219 1256220 1256221 1256223 1256228 1256230 1256231 1256235
1256241 1256242 1256244 1256245 1256246 1256248 1256250 1256254
1256260 1256265 1256269 1256271 1256274 1256282 1256285 1256291
1256295 1256300 1256306 1256317 1256320 1256323 1256326 1256328
1256333 1256334 1256335 1256337 1256338 1256341 1256344 1256346
1256349 1256353 1256355 1256368 1256370 1256375 1256382 1256383
1256384 1256386 1256388 1256389 1256390 1256391 1256394 1256395
1256396 1256397 1256423 1256426 1256432 1256483 1256498 1256499
1256500 1256504 1256525 1256526 1256582 1256612 1256623 1256641
1256645 1256675 1256726 1256744 1256766 1256779 1256792 1256804
1256805 1256807 1256808 1256809 1256810 1256811 1256812 1256822
1256834 1256835 1256836 1256837 1256838 1256839 1256840 1257005
1257049 1257144 1257231 1257232 1257236 1257296 1257359 1257364
1257365 1257463 1257473 1257473 1257496 1257593 1257594 1257595
1257732 1257735 1257749 1257771 1257773 1257790 1258002 1258020
1258022 1258045 1258049 1258054 1258080 1258081 1258229 1258340
1258395 1258518 1258568 1258849 1258850 1258859 1259051 1259362
1259362 1259363 1259364 1259365 1259377 1259418 1259543 1259619
1259650 1259697 1259711 1259726 1259729 1259797 1259845 1259857
1259924 1259985 1260005 1260009 1260441 1260442 1260443 1260444
1260445 1260754 1261191 1261271 1261274 1261420 1261678 1261809
1262144 1262573 1262631 1262632 1262635 1262636 1262638 CVE-2022-0854
CVE-2022-48853 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232
CVE-2022-50280 CVE-2022-50614 CVE-2022-50615 CVE-2022-50617 CVE-2022-50618
CVE-2022-50619 CVE-2022-50622 CVE-2022-50623 CVE-2022-50625 CVE-2022-50626
CVE-2022-50629 CVE-2022-50630 CVE-2022-50633 CVE-2022-50635 CVE-2022-50636
CVE-2022-50638 CVE-2022-50640 CVE-2022-50641 CVE-2022-50643 CVE-2022-50644
CVE-2022-50646 CVE-2022-50649 CVE-2022-50652 CVE-2022-50653 CVE-2022-50656
CVE-2022-50658 CVE-2022-50660 CVE-2022-50661 CVE-2022-50662 CVE-2022-50664
CVE-2022-50666 CVE-2022-50668 CVE-2022-50669 CVE-2022-50670 CVE-2022-50671
CVE-2022-50672 CVE-2022-50673 CVE-2022-50675 CVE-2022-50677 CVE-2022-50678
CVE-2022-50679 CVE-2022-50697 CVE-2022-50698 CVE-2022-50699 CVE-2022-50700
CVE-2022-50702 CVE-2022-50703 CVE-2022-50704 CVE-2022-50709 CVE-2022-50715
CVE-2022-50716 CVE-2022-50717 CVE-2022-50718 CVE-2022-50719 CVE-2022-50722
CVE-2022-50724 CVE-2022-50726 CVE-2022-50727 CVE-2022-50728 CVE-2022-50730
CVE-2022-50731 CVE-2022-50732 CVE-2022-50733 CVE-2022-50735 CVE-2022-50736
CVE-2022-50740 CVE-2022-50742 CVE-2022-50744 CVE-2022-50745 CVE-2022-50747
CVE-2022-50749 CVE-2022-50750 CVE-2022-50751 CVE-2022-50752 CVE-2022-50754
CVE-2022-50755 CVE-2022-50756 CVE-2022-50757 CVE-2022-50758 CVE-2022-50760
CVE-2022-50761 CVE-2022-50763 CVE-2022-50767 CVE-2022-50769 CVE-2022-50770
CVE-2022-50773 CVE-2022-50774 CVE-2022-50776 CVE-2022-50777 CVE-2022-50779
CVE-2022-50781 CVE-2022-50782 CVE-2022-50809 CVE-2022-50814 CVE-2022-50819
CVE-2022-50821 CVE-2022-50822 CVE-2022-50823 CVE-2022-50824 CVE-2022-50826
CVE-2022-50827 CVE-2022-50828 CVE-2022-50829 CVE-2022-50830 CVE-2022-50832
CVE-2022-50834 CVE-2022-50835 CVE-2022-50836 CVE-2022-50839 CVE-2022-50840
CVE-2022-50842 CVE-2022-50843 CVE-2022-50844 CVE-2022-50845 CVE-2022-50846
CVE-2022-50848 CVE-2022-50849 CVE-2022-50850 CVE-2022-50851 CVE-2022-50853
CVE-2022-50856 CVE-2022-50858 CVE-2022-50859 CVE-2022-50860 CVE-2022-50861
CVE-2022-50864 CVE-2022-50866 CVE-2022-50868 CVE-2022-50870 CVE-2022-50872
CVE-2022-50876 CVE-2022-50878 CVE-2022-50880 CVE-2022-50881 CVE-2022-50882
CVE-2022-50884 CVE-2022-50885 CVE-2022-50886 CVE-2022-50887 CVE-2022-50888
CVE-2022-50889 CVE-2023-1544 CVE-2023-23559 CVE-2023-52433 CVE-2023-52923
CVE-2023-53178 CVE-2023-53215 CVE-2023-53254 CVE-2023-53407 CVE-2023-53412
CVE-2023-53417 CVE-2023-53418 CVE-2023-53676 CVE-2023-53743 CVE-2023-53744
CVE-2023-53746 CVE-2023-53747 CVE-2023-53751 CVE-2023-53754 CVE-2023-53755
CVE-2023-53761 CVE-2023-53766 CVE-2023-53781 CVE-2023-53783 CVE-2023-53786
CVE-2023-53788 CVE-2023-53792 CVE-2023-53794 CVE-2023-53802 CVE-2023-53803
CVE-2023-53804 CVE-2023-53808 CVE-2023-53811 CVE-2023-53814 CVE-2023-53818
CVE-2023-53819 CVE-2023-53820 CVE-2023-53827 CVE-2023-53830 CVE-2023-53832
CVE-2023-53834 CVE-2023-53837 CVE-2023-53840 CVE-2023-53842 CVE-2023-53844
CVE-2023-53845 CVE-2023-53847 CVE-2023-53850 CVE-2023-53852 CVE-2023-53858
CVE-2023-53862 CVE-2023-53866 CVE-2023-53990 CVE-2023-53991 CVE-2023-53996
CVE-2023-53998 CVE-2023-54001 CVE-2023-54003 CVE-2023-54007 CVE-2023-54009
CVE-2023-54010 CVE-2023-54014 CVE-2023-54015 CVE-2023-54018 CVE-2023-54019
CVE-2023-54020 CVE-2023-54021 CVE-2023-54024 CVE-2023-54025 CVE-2023-54026
CVE-2023-54028 CVE-2023-54036 CVE-2023-54039 CVE-2023-54040 CVE-2023-54042
CVE-2023-54045 CVE-2023-54046 CVE-2023-54048 CVE-2023-54049 CVE-2023-54050
CVE-2023-54051 CVE-2023-54053 CVE-2023-54055 CVE-2023-54058 CVE-2023-54064
CVE-2023-54072 CVE-2023-54076 CVE-2023-54078 CVE-2023-54079 CVE-2023-54083
CVE-2023-54084 CVE-2023-54090 CVE-2023-54091 CVE-2023-54092 CVE-2023-54095
CVE-2023-54096 CVE-2023-54097 CVE-2023-54098 CVE-2023-54100 CVE-2023-54102
CVE-2023-54104 CVE-2023-54108 CVE-2023-54110 CVE-2023-54111 CVE-2023-54115
CVE-2023-54118 CVE-2023-54119 CVE-2023-54120 CVE-2023-54122 CVE-2023-54123
CVE-2023-54126 CVE-2023-54127 CVE-2023-54130 CVE-2023-54131 CVE-2023-54136
CVE-2023-54140 CVE-2023-54142 CVE-2023-54146 CVE-2023-54150 CVE-2023-54153
CVE-2023-54156 CVE-2023-54159 CVE-2023-54166 CVE-2023-54168 CVE-2023-54170
CVE-2023-54171 CVE-2023-54173 CVE-2023-54177 CVE-2023-54179 CVE-2023-54183
CVE-2023-54186 CVE-2023-54189 CVE-2023-54190 CVE-2023-54197 CVE-2023-54198
CVE-2023-54199 CVE-2023-54201 CVE-2023-54202 CVE-2023-54205 CVE-2023-54208
CVE-2023-54211 CVE-2023-54213 CVE-2023-54214 CVE-2023-54219 CVE-2023-54230
CVE-2023-54236 CVE-2023-54242 CVE-2023-54243 CVE-2023-54244 CVE-2023-54245
CVE-2023-54252 CVE-2023-54260 CVE-2023-54264 CVE-2023-54266 CVE-2023-54269
CVE-2023-54270 CVE-2023-54271 CVE-2023-54274 CVE-2023-54275 CVE-2023-54277
CVE-2023-54280 CVE-2023-54284 CVE-2023-54286 CVE-2023-54287 CVE-2023-54289
CVE-2023-54292 CVE-2023-54293 CVE-2023-54294 CVE-2023-54295 CVE-2023-54298
CVE-2023-54299 CVE-2023-54300 CVE-2023-54301 CVE-2023-54302 CVE-2023-54304
CVE-2023-54305 CVE-2023-54309 CVE-2023-54311 CVE-2023-54315 CVE-2023-54317
CVE-2023-54319 CVE-2023-54321 CVE-2023-54325 CVE-2023-54326 CVE-2024-2312
CVE-2024-26581 CVE-2024-26832 CVE-2024-28956 CVE-2024-36348 CVE-2024-36349
CVE-2024-36350 CVE-2024-36357 CVE-2024-44987 CVE-2024-46854 CVE-2024-50143
CVE-2024-54031 CVE-2024-6505 CVE-2025-10158 CVE-2025-10911 CVE-2025-10911
CVE-2025-11234 CVE-2025-12464 CVE-2025-13151 CVE-2025-13601 CVE-2025-14017
CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819
CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-21658 CVE-2025-21738
CVE-2025-21738 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766
CVE-2025-28162 CVE-2025-28164 CVE-2025-38068 CVE-2025-38129 CVE-2025-38159
CVE-2025-38234 CVE-2025-38375 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684
CVE-2025-39967 CVE-2025-39977 CVE-2025-40019 CVE-2025-40040 CVE-2025-40044
CVE-2025-40048 CVE-2025-40121 CVE-2025-40139 CVE-2025-40154 CVE-2025-40204
CVE-2025-40215 CVE-2025-40220 CVE-2025-40233 CVE-2025-40242 CVE-2025-40256
CVE-2025-40257 CVE-2025-40258 CVE-2025-40277 CVE-2025-40280 CVE-2025-40300
CVE-2025-40331 CVE-2025-45582 CVE-2025-53906 CVE-2025-64505 CVE-2025-64506
CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-68160 CVE-2025-68183
CVE-2025-68276 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68468
CVE-2025-68471 CVE-2025-68732 CVE-2025-68813 CVE-2025-68818 CVE-2025-68973
CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-69720
CVE-2025-70873 CVE-2025-71066 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112
CVE-2025-71116 CVE-2025-71120 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058
CVE-2025-9403 CVE-2025-9615 CVE-2026-0861 CVE-2026-0915 CVE-2026-0964
CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0988
CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757 CVE-2026-1965
CVE-2026-1965 CVE-2026-22695 CVE-2026-22795 CVE-2026-22796 CVE-2026-22801
CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23054 CVE-2026-23060
CVE-2026-23074 CVE-2026-23089 CVE-2026-23103 CVE-2026-23191 CVE-2026-23204
CVE-2026-23209 CVE-2026-23243 CVE-2026-23268 CVE-2026-23269 CVE-2026-23272
CVE-2026-23274 CVE-2026-24515 CVE-2026-25210 CVE-2026-25646 CVE-2026-26269
CVE-2026-27135 CVE-2026-2781 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389
CVE-2026-28390 CVE-2026-28417 CVE-2026-29111 CVE-2026-31431 CVE-2026-31789
CVE-2026-31790 CVE-2026-3184 CVE-2026-32776 CVE-2026-32777 CVE-2026-32778
CVE-2026-33412 CVE-2026-33416 CVE-2026-34714 CVE-2026-34982 CVE-2026-35535
CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105
CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958 CVE-2026-6253
CVE-2026-6276 CVE-2026-6429
-----------------------------------------------------------------
The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4362-1
Released: Thu Dec 11 11:08:27 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1253043
This update for gcc15 fixes the following issues:
- Enable the use of _dl_find_object even when not available at build time. [bsc#1253043]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4436-1
Released: Wed Dec 17 14:55:46 2025
Summary: Security update for libpng16
Type: security
Severity: important
References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4504-1
Released: Mon Dec 22 17:29:14 2025
Summary: Security update for glib2
Type: security
Severity: important
References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:29-1
Released: Mon Jan 5 13:58:05 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2025-39967,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033)
The following non-security bugs were fixed:
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:41-1
Released: Tue Jan 6 11:33:23 2026
Summary: Security update for rsync
Type: security
Severity: moderate
References: 1254441,CVE-2025-10158
This update for rsync fixes the following issues:
- CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:43-1
Released: Tue Jan 6 17:02:46 2026
Summary: Security update for qemu
Type: security
Severity: important
References: 1209554,1227397,1252768,1253002,1254286,CVE-2023-1544,CVE-2024-6505,CVE-2025-12464
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious
guest driver to crash the QEMU process on the host (bsc#1209554).
- CVE-2024-6505: heap-based buffer overflow in the virtio-net device operations can be exploited by a malicious
privileged user to crash the QEMU process on the host (bsc#1227397).
- CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious
guest user to crash the QEMU process on the host (bsc#1253002).
Other updates and bugfixes:
- [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too.
- [openSUSE][RPM} spec: delete old specfile constructs.
- block/curl: fix curl internal handles handling (bsc#1252768).
- [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:48-1
Released: Wed Jan 7 09:08:18 2026
Summary: Recommended update for pciutils
Type: recommended
Severity: moderate
References: 1252338
This update for pciutils fixes the following issues:
- Add a strict dependency to libpci to prevent possible segfault (bsc#1252338)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:214-1
Released: Thu Jan 22 13:09:26 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1255715,1256244,1256246,1256390,CVE-2025-68973
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:216-1
Released: Thu Jan 22 13:10:48 2026
Summary: Security update for kernel-firmware
Type: security
Severity: important
References: 1256483
This update for kernel-firmware fixes the following issues:
- Update AMD CPU ucode to 20251203 (bsc#1256483)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:224-1
Released: Thu Jan 22 13:18:20 2026
Summary: Security update for libtasn1
Type: security
Severity: moderate
References: 1256341,CVE-2025-13151
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:360-1
Released: Mon Feb 2 10:55:33 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:432-1
Released: Wed Feb 11 10:11:56 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1248586,1254670,CVE-2025-7709
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:436-1
Released: Wed Feb 11 10:26:07 2026
Summary: Security update for qemu
Type: security
Severity: important
References: 1250984,CVE-2025-11234
This update for qemu fixes the following issues:
- CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service (bsc#1250984).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:458-1
Released: Thu Feb 12 00:28:37 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1257049,CVE-2026-0988
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:508-1
Released: Fri Feb 13 15:50:21 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:510-1
Released: Fri Feb 13 15:52:36 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1254666,CVE-2025-14104
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:577-1
Released: Wed Feb 18 16:49:13 2026
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471
This update for avahi fixes the following issues:
- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:596-1
Released: Mon Feb 23 16:57:20 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1256525,1256526,1257364,1257365,1258020,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646
This update for libpng16 fixes the following issues:
- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:606-1
Released: Tue Feb 24 12:19:29 2026
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1250553,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:617-1
Released: Tue Feb 24 16:18:34 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1193629,1194869,1196823,1204957,1205567,1206889,1207051,1207088,1207611,1207620,1207622,1207636,1207644,1207646,1207652,1207653,1208570,1208758,1209799,1210817,1210943,1211690,1213025,1213032,1213093,1213105,1213110,1213111,1213653,1213747,1213867,1214635,1214940,1214962,1214986,1214990,1216062,1220137,1220144,1223007,1228015,1230185,1231084,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1238896,1238917,1242006,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1249871,1250397,1252046,1252678,1252785,1253028,1253409,1253702,1254462,1254463,1254464,1254520,1254559,1254562,1254572,1254578,1254580,1254592,1254608,1254609,1254614,1254615,1254617,1254625,1254631,1254632,1254634,1254644,1254645,1254649,1254653,1254656,1254658,1254660,1254664,1254671,1254674,1254676,1254677,1254686,1254690,1254692,1254694,1254696,1254698,1254699,1254704,1254706,1254709,1254710,1254711,1254712,1254713,1254714,1
254716,1254723,1254725,1254728,1254729,1254743,1254745,1254751,1254756,1254759,1254763,1254767,1254775,1254780,1254781,1254782,1254783,1254785,1254788,1254789,1254792,1254813,1254842,1254843,1254847,1254851,1254894,1254902,1254915,1254916,1254917,1254920,1254959,1254974,1254986,1254994,1255002,1255005,1255007,1255049,1255060,1255163,1255165,1255171,1255251,1255377,1255401,1255467,1255469,1255521,1255528,1255546,1255549,1255554,1255555,1255558,1255560,1255562,1255565,1255574,1255576,1255578,1255582,1255594,1255600,1255607,1255608,1255609,1255618,1255619,1255620,1255623,1255624,1255626,1255627,1255628,1255636,1255688,1255690,1255697,1255702,1255704,1255749,1255750,1255757,1255758,1255760,1255762,1255769,1255771,1255773,1255780,1255786,1255787,1255789,1255790,1255791,1255792,1255796,1255797,1255800,1255801,1255802,1255803,1255804,1255806,1255808,1255819,1255839,1255843,1255844,1255872,1255875,1255876,1255877,1255878,1255880,1255889,1255901,1255902,1255905,1255906,1255908,1255909,125591
0,1255912,1255919,1255922,1255925,1255939,1255950,1255953,1255954,1255962,1255964,1255968,1255969,1255970,1255971,1255978,1255979,1255983,1255985,1255990,1255993,1255994,1255996,1256034,1256040,1256042,1256045,1256046,1256048,1256049,1256053,1256056,1256057,1256062,1256063,1256064,1256065,1256074,1256081,1256086,1256091,1256093,1256095,1256099,1256114,1256115,1256118,1256119,1256121,1256122,1256124,1256125,1256126,1256127,1256130,1256131,1256132,1256133,1256136,1256137,1256140,1256141,1256142,1256143,1256145,1256149,1256152,1256154,1256155,1256157,1256158,1256162,1256165,1256167,1256172,1256173,1256174,1256177,1256178,1256179,1256182,1256184,1256185,1256186,1256188,1256189,1256191,1256192,1256193,1256194,1256196,1256199,1256200,1256202,1256203,1256204,1256205,1256206,1256207,1256208,1256211,1256215,1256216,1256219,1256220,1256221,1256223,1256228,1256230,1256231,1256235,1256241,1256242,1256245,1256248,1256250,1256254,1256260,1256265,1256269,1256271,1256274,1256282,1256285,1256291,125
6295,1256300,1256306,1256317,1256320,1256323,1256326,1256328,1256333,1256334,1256335,1256337,1256338,1256344,1256346,1256349,1256353,1256355,1256368,1256370,1256375,1256382,1256383,1256384,1256386,1256388,1256391,1256394,1256395,1256396,1256397,1256423,1256426,1256432,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,1257749,1257771,1257790,CVE-2022-0854,CVE-2022-48853,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50614,CVE-2022-50615,CVE-2022-50617,CVE-2022-50618,CVE-2022-50619,CVE-2022-50622,CVE-2022-50623,CVE-2022-50625,CVE-2022-50626,CVE-2022-50629,CVE-2022-50630,CVE-2022-50633,CVE-2022-50635,CVE-2022-50636,CVE-2022-50638,CVE-2022-50640,CVE-2022-50641,CVE-2022-50643,CVE-2022-50644,CVE-2022-50646,CVE-2022-50649,CVE-2022-50652,CVE-2022-50653,CVE-2022-50656,CVE-2022-50658,CVE-2022-50660,CVE-2022-50661,CVE-2022-50662,CVE-2022-50664,CVE-2022-50666,CVE-2022-50668,CVE-2022-50669,CVE-2022-50670,CVE-2022-50671,CVE-2022-
50672,CVE-2022-50673,CVE-2022-50675,CVE-2022-50677,CVE-2022-50678,CVE-2022-50679,CVE-2022-50697,CVE-2022-50698,CVE-2022-50699,CVE-2022-50700,CVE-2022-50702,CVE-2022-50703,CVE-2022-50704,CVE-2022-50709,CVE-2022-50715,CVE-2022-50716,CVE-2022-50717,CVE-2022-50718,CVE-2022-50719,CVE-2022-50722,CVE-2022-50724,CVE-2022-50726,CVE-2022-50727,CVE-2022-50728,CVE-2022-50730,CVE-2022-50731,CVE-2022-50732,CVE-2022-50733,CVE-2022-50735,CVE-2022-50736,CVE-2022-50740,CVE-2022-50742,CVE-2022-50744,CVE-2022-50745,CVE-2022-50747,CVE-2022-50749,CVE-2022-50750,CVE-2022-50751,CVE-2022-50752,CVE-2022-50754,CVE-2022-50755,CVE-2022-50756,CVE-2022-50757,CVE-2022-50758,CVE-2022-50760,CVE-2022-50761,CVE-2022-50763,CVE-2022-50767,CVE-2022-50769,CVE-2022-50770,CVE-2022-50773,CVE-2022-50774,CVE-2022-50776,CVE-2022-50777,CVE-2022-50779,CVE-2022-50781,CVE-2022-50782,CVE-2022-50809,CVE-2022-50814,CVE-2022-50819,CVE-2022-50821,CVE-2022-50822,CVE-2022-50823,CVE-2022-50824,CVE-2022-50826,CVE-2022-50827,CVE-2022-50828,C
VE-2022-50829,CVE-2022-50830,CVE-2022-50832,CVE-2022-50834,CVE-2022-50835,CVE-2022-50836,CVE-2022-50839,CVE-2022-50840,CVE-2022-50842,CVE-2022-50843,CVE-2022-50844,CVE-2022-50845,CVE-2022-50846,CVE-2022-50848,CVE-2022-50849,CVE-2022-50850,CVE-2022-50851,CVE-2022-50853,CVE-2022-50856,CVE-2022-50858,CVE-2022-50859,CVE-2022-50860,CVE-2022-50861,CVE-2022-50864,CVE-2022-50866,CVE-2022-50868,CVE-2022-50870,CVE-2022-50872,CVE-2022-50876,CVE-2022-50878,CVE-2022-50880,CVE-2022-50881,CVE-2022-50882,CVE-2022-50884,CVE-2022-50885,CVE-2022-50886,CVE-2022-50887,CVE-2022-50888,CVE-2022-50889,CVE-2023-23559,CVE-2023-52433,CVE-2023-52923,CVE-2023-53178,CVE-2023-53215,CVE-2023-53254,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53743,CVE-2023-53744,CVE-2023-53746,CVE-2023-53747,CVE-2023-53751,CVE-2023-53754,CVE-2023-53755,CVE-2023-53761,CVE-2023-53766,CVE-2023-53781,CVE-2023-53783,CVE-2023-53786,CVE-2023-53788,CVE-2023-53792,CVE-2023-53794,CVE-2023-53802,CVE-2023-53803,CVE-2023
-53804,CVE-2023-53808,CVE-2023-53811,CVE-2023-53814,CVE-2023-53818,CVE-2023-53819,CVE-2023-53820,CVE-2023-53827,CVE-2023-53830,CVE-2023-53832,CVE-2023-53834,CVE-2023-53837,CVE-2023-53840,CVE-2023-53842,CVE-2023-53844,CVE-2023-53845,CVE-2023-53847,CVE-2023-53850,CVE-2023-53852,CVE-2023-53858,CVE-2023-53862,CVE-2023-53866,CVE-2023-53990,CVE-2023-53991,CVE-2023-53996,CVE-2023-53998,CVE-2023-54001,CVE-2023-54003,CVE-2023-54007,CVE-2023-54009,CVE-2023-54010,CVE-2023-54014,CVE-2023-54015,CVE-2023-54018,CVE-2023-54019,CVE-2023-54020,CVE-2023-54021,CVE-2023-54024,CVE-2023-54025,CVE-2023-54026,CVE-2023-54028,CVE-2023-54036,CVE-2023-54039,CVE-2023-54040,CVE-2023-54042,CVE-2023-54045,CVE-2023-54046,CVE-2023-54048,CVE-2023-54049,CVE-2023-54050,CVE-2023-54051,CVE-2023-54053,CVE-2023-54055,CVE-2023-54058,CVE-2023-54064,CVE-2023-54072,CVE-2023-54076,CVE-2023-54078,CVE-2023-54079,CVE-2023-54083,CVE-2023-54084,CVE-2023-54090,CVE-2023-54091,CVE-2023-54092,CVE-2023-54095,CVE-2023-54096,CVE-2023-54097,
CVE-2023-54098,CVE-2023-54100,CVE-2023-54102,CVE-2023-54104,CVE-2023-54108,CVE-2023-54110,CVE-2023-54111,CVE-2023-54115,CVE-2023-54118,CVE-2023-54119,CVE-2023-54120,CVE-2023-54122,CVE-2023-54123,CVE-2023-54126,CVE-2023-54127,CVE-2023-54130,CVE-2023-54131,CVE-2023-54136,CVE-2023-54140,CVE-2023-54142,CVE-2023-54146,CVE-2023-54150,CVE-2023-54153,CVE-2023-54156,CVE-2023-54159,CVE-2023-54166,CVE-2023-54168,CVE-2023-54170,CVE-2023-54171,CVE-2023-54173,CVE-2023-54177,CVE-2023-54179,CVE-2023-54183,CVE-2023-54186,CVE-2023-54189,CVE-2023-54190,CVE-2023-54197,CVE-2023-54198,CVE-2023-54199,CVE-2023-54201,CVE-2023-54202,CVE-2023-54205,CVE-2023-54208,CVE-2023-54211,CVE-2023-54213,CVE-2023-54214,CVE-2023-54219,CVE-2023-54230,CVE-2023-54236,CVE-2023-54242,CVE-2023-54243,CVE-2023-54244,CVE-2023-54245,CVE-2023-54252,CVE-2023-54260,CVE-2023-54264,CVE-2023-54266,CVE-2023-54269,CVE-2023-54270,CVE-2023-54271,CVE-2023-54274,CVE-2023-54275,CVE-2023-54277,CVE-2023-54280,CVE-2023-54284,CVE-2023-54286,CVE-202
3-54287,CVE-2023-54289,CVE-2023-54292,CVE-2023-54293,CVE-2023-54294,CVE-2023-54295,CVE-2023-54298,CVE-2023-54299,CVE-2023-54300,CVE-2023-54301,CVE-2023-54302,CVE-2023-54304,CVE-2023-54305,CVE-2023-54309,CVE-2023-54311,CVE-2023-54315,CVE-2023-54317,CVE-2023-54319,CVE-2023-54321,CVE-2023-54325,CVE-2023-54326,CVE-2024-26581,CVE-2024-26832,CVE-2024-28956,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44987,CVE-2024-46854,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21738,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-39977,CVE-2025-40019,CVE-2025-40044,CVE-2025-40139,CVE-2025-40215,CVE-2025-40220,CVE-2025-40233,CVE-2025-40256,CVE-2025-40257,CVE-2025-40258,CVE-2025-40277,CVE-2025-40280,CVE-2025-40300,CVE-2025-40331,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68732,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089
,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001,CVE-2026-23074,CVE-2026-23089
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
The following non security issues were fixed:
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
- x86: make page fault handling disable interrupts properly (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:694-1
Released: Fri Feb 27 16:14:32 2026
Summary: Security update for gpg2
Type: security
Severity: moderate
References: 1256389
This update for gpg2 fixes the following issues:
Security fix:
- Fixed GnuPG accepting Path Separators and Path Traversals
in Literal Data (bsc#1256389)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:741-1
Released: Mon Mar 2 09:11:04 2026
Summary: Security update for shim
Type: security
Severity: moderate
References: 1240871,1247432,CVE-2024-2312
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:791-1
Released: Tue Mar 3 16:59:33 2026
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1257463
This update for gcc15 fixes the following issues:
- Fix bogus expression simplification (bsc#1257463)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:801-1
Released: Wed Mar 4 13:33:26 2026
Summary: Security update for libxslt
Type: security
Severity: moderate
References: 1250553,CVE-2025-10911
This update for libxslt fixes the following issues:
- CVE-2025-10911: use-after-free will be fixed on libxml2 side instead (bsc#1250553).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:813-1
Released: Thu Mar 5 09:33:59 2026
Summary: Security update for mozilla-nss
Type: security
Severity: moderate
References: 1258568,CVE-2026-2781
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.3:
* CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:823-1
Released: Thu Mar 5 15:32:08 2026
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1258022
This update for grub2 fixes the following issues:
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:826-1
Released: Thu Mar 5 16:16:29 2026
Summary: Security update for expat
Type: security
Severity: moderate
References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:896-1
Released: Fri Mar 13 16:25:07 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
- CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766)
- CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822)
- CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005)
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:911-1
Released: Tue Mar 17 20:56:12 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:912-1
Released: Wed Mar 18 07:19:42 2026
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1229003,1258002
This update for ca-certificates-mozilla fixes the following issues:
- test for a concretely missing certificate rather than
just the directory, as the latter is now also provided by openssl-3
- Re-create java-cacerts with SOURCE_DATE_EPOCH set
for reproducible builds (bsc#1229003)
- Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user
during install: allow rpm to properly execute %clean when completed.
- Create /var/lib/ca-certificates during build to ensure rpm gives
the %ghost'ed directory proper mode attributes.
- Updated to 2.84 state (bsc#1258002)
* Removed:
+ Baltimore CyberTrust Root
+ CommScope Public Trust ECC Root-01
+ CommScope Public Trust ECC Root-02
+ CommScope Public Trust RSA Root-01
+ CommScope Public Trust RSA Root-02
+ DigiNotar Root CA
* Added:
+ e-Szigno TLS Root CA 2023
+ OISTE Client Root ECC G1
+ OISTE Client Root RSA G1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
+ SwissSign RSA SMIME Root CA 2022 - 1
+ SwissSign RSA TLS Root CA 2022 - 1
+ TrustAsia SMIME ECC Root CA
+ TrustAsia SMIME RSA Root CA
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
- reenable the distrusted certs again. the distrust is only for certs
issued after the distrust date, not for all certs of a CA.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:931-1
Released: Thu Mar 19 09:23:14 2026
Summary: Security update for jq
Type: security
Severity: low
References: 1248600,CVE-2025-9403
This update for jq fixes the following issue:
- CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:982-1
Released: Mon Mar 23 17:48:23 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1258859,CVE-2026-3184
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:984-1
Released: Mon Mar 23 23:20:28 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1238917,1255075,1256645,1257231,1257473,1257732,1257735,1258340,1258395,1258518,1258849,1258850,1259857,CVE-2025-21738,CVE-2025-40242,CVE-2025-71066,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23191,CVE-2026-23204,CVE-2026-23209,CVE-2026-23268,CVE-2026-23269
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non-security bugs were fixed:
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1061-1
Released: Thu Mar 26 11:35:08 2026
Summary: Security update for systemd
Type: security
Severity: important
References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- 6a38d88a42 machined: reject invalid class types when registering machines
- 8c9a592e5a udev: fix review mixup
- b57007a917 udev-builtin-net-id: print cescaped bad attributes
- ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
- 0f63e799e6 udev: ensure tag parsing stays within bounds
- 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
- 5be21460ce udev: check for invalid chars in various fields received from the kernel
- 9559607b16 core/cgroup: avoid one unnecessary strjoina()
- fcae348ca4 core: validate input cgroup path more prudently
- a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
- 08125d6b06 units: add dep on systemd-logind.service by user at .service
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1065-1
Released: Thu Mar 26 11:38:12 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1095-1
Released: Thu Mar 26 19:05:08 2026
Summary: Security update for vim
Type: security
Severity: moderate
References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1166-1
Released: Thu Apr 2 03:08:04 2026
Summary: Security update for expat
Type: security
Severity: important
References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1177-1
Released: Thu Apr 2 17:00:30 2026
Summary: Security update for tar
Type: security
Severity: important
References: 1246399,CVE-2025-45582
This update for tar fixes the following issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1247-1
Released: Fri Apr 10 12:34:39 2026
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1259845,CVE-2026-27135
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1257-1
Released: Fri Apr 10 16:59:14 2026
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1309-1
Released: Tue Apr 14 12:39:22 2026
Summary: Security update for sudo
Type: security
Severity: important
References: 1261420,CVE-2026-35535
This update for sudo fixes the following issue:
- CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1323-1
Released: Tue Apr 14 15:11:50 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1260754,CVE-2026-33416
This update for libpng16 fixes the following issues:
- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
execution (bsc#1260754).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1387-1
Released: Thu Apr 16 11:17:48 2026
Summary: Security update for vim
Type: security
Severity: important
References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982
This update for vim fixes the following issues:
Update to version 9.2.0280.
- CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command
execution (bsc#1261271).
- CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution
(bsc#1261191).
- CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to
arbitrary code execution (bsc#1259985).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1420-1
Released: Thu Apr 16 18:44:55 2026
Summary: Security update for NetworkManager
Type: security
Severity: moderate
References: 1257359,CVE-2025-9615
This update for NetworkManager fixes the following issues:
- CVE-2025-9615: non-admin users are allowed to use certificates from other users (bsc#1257359).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released: Fri Apr 17 12:12:08 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issue:
- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1510-1
Released: Tue Apr 21 08:28:12 2026
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1259924,CVE-2025-69720
This update for ncurses fixes the following issue:
- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1561-1
Released: Thu Apr 23 08:34:49 2026
Summary: Recommended update for mozilla-nss
Type: recommended
Severity: moderate
References:
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.4:
* improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
* Improving the allocation of S/MIME DecryptSymKey.
* store email on subject cache_entry in NSS trust domain.
* Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
* Improve size calculations in CMS content buffering.
* avoid integer overflow while escaping RFC822 Names.
* Reject excessively large ASN.1 SEQUENCE OF in quickder.
* Deep copy profile data in CERT_FindSMimeProfile.
* Improve input validation in DSAU signature decoding.
* avoid integer overflow in RSA_EMSAEncodePSS.
* RSA_EMSAEncodePSS should validate the length of mHash.
* Add a maximum cert uncompressed len and tests.
* Clarify extension negotiation mechanism for TLS Handshakes.
* ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
* Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
* Remove invalid PORT_Free().
* free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
* make ss->ssl3.hs.cookie an owned-copy of the cookie.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1562-1
Released: Thu Apr 23 09:05:52 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1261678,CVE-2026-28390
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1563-1
Released: Thu Apr 23 09:07:39 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1246057,1256504,1256675,1257773,1259797,1260005,1260009,CVE-2025-38234,CVE-2025-68818,CVE-2026-23103,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057).
- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
The following non security issue was fixed:
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1565-1
Released: Thu Apr 23 09:08:29 2026
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1258045,1258049,1258054,1258080,1258081,1259377,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-3731
This update for libssh fixes the following issues:
- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).
- CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1659-1
Released: Wed Apr 29 13:09:06 2026
Summary: Security update for sed
Type: security
Severity: moderate
References: 1262144,CVE-2026-5958
This update for sed fixes the following issues:
- CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file
overwrite (bsc#1262144).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1665-1
Released: Thu Apr 30 16:53:18 2026
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1222465,1234736
This update for util-linux fixes the following issues:
- Recognize fuse 'portal' as a virtual file system (bsc#1234736).
- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1672-1
Released: Sat May 2 08:02:29 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1262573,CVE-2026-31431
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one security issue.
The following security issue was fixed:
- CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1717-1
Released: Wed May 6 14:13:17 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).
- CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).
- CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).
- CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).
- CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).
Other updates and bugfixes:
- sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1757-1
Released: Thu May 7 16:02:15 2026
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1259543
This update for grub2 fixes the following issues:
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
* btrfs: add ability to boot from subvolumes
* btrfs: get default subvolume
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1758-1
Released: Thu May 7 16:03:01 2026
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1261274
This update for dracut fixes the following issues:
- Update to version 055+suse.362.ge7032140:
* fix: make iso-scan trigger udev events (bsc#1261274)
The following package changes have been done:
- NetworkManager-1.38.2-150400.3.6.1 updated
- avahi-0.8-150400.7.26.1 updated
- ca-certificates-mozilla-2.84-150200.44.1 updated
- curl-8.14.1-150400.5.83.1 updated
- dracut-mkinitrd-deprecated-055+suse.362.ge7032140-150400.3.43.1 updated
- dracut-055+suse.362.ge7032140-150400.3.43.1 updated
- glib2-tools-2.70.5-150400.3.34.1 updated
- glibc-locale-base-2.31-150300.98.1 updated
- glibc-2.31-150300.98.1 updated
- gpg2-2.2.27-150300.3.19.1 updated
- grub2-i386-pc-2.06-150400.11.72.2 updated
- grub2-x86_64-efi-2.06-150400.11.72.2 updated
- grub2-2.06-150400.11.72.2 updated
- jq-1.6-150000.3.12.1 updated
- kernel-default-5.14.21-150400.24.205.1 updated
- kernel-firmware-bnx2-20220509-150400.4.31.1 updated
- kernel-firmware-chelsio-20220509-150400.4.31.1 updated
- kernel-firmware-i915-20220509-150400.4.31.1 updated
- kernel-firmware-intel-20220509-150400.4.31.1 updated
- kernel-firmware-iwlwifi-20220509-150400.4.31.1 updated
- kernel-firmware-liquidio-20220509-150400.4.31.1 updated
- kernel-firmware-marvell-20220509-150400.4.31.1 updated
- kernel-firmware-mediatek-20220509-150400.4.31.1 updated
- kernel-firmware-mellanox-20220509-150400.4.31.1 updated
- kernel-firmware-network-20220509-150400.4.31.1 updated
- kernel-firmware-platform-20220509-150400.4.31.1 updated
- kernel-firmware-qlogic-20220509-150400.4.31.1 updated
- kernel-firmware-realtek-20220509-150400.4.31.1 updated
- kernel-firmware-usb-network-20220509-150400.4.31.1 updated
- libavahi-common3-0.8-150400.7.26.1 updated
- libavahi-core7-0.8-150400.7.26.1 updated
- libblkid1-2.37.2-150400.8.44.1 updated
- libcap2-2.63-150400.3.6.1 updated
- libcurl4-8.14.1-150400.5.83.1 updated
- libexpat1-2.7.1-150400.3.37.1 updated
- libfdisk1-2.37.2-150400.8.44.1 updated
- libfreebl3-3.112.4-150400.3.66.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.9.1 updated
- libgio-2_0-0-2.70.5-150400.3.34.1 updated
- libglib-2_0-0-2.70.5-150400.3.34.1 updated
- libgmodule-2_0-0-2.70.5-150400.3.34.1 updated
- libgobject-2_0-0-2.70.5-150400.3.34.1 updated
- libjq1-1.6-150000.3.12.1 updated
- libmount1-2.37.2-150400.8.44.1 updated
- libncurses6-6.1-150000.5.33.1 updated
- libnghttp2-14-1.40.0-150200.22.1 updated
- libnm0-1.38.2-150400.3.6.1 updated
- libopenssl1_1-1.1.1l-150400.7.93.1 updated
- libpci3-3.13.0-150300.13.12.1 updated
- libpng16-16-1.6.34-150000.3.22.1 updated
- libsmartcols1-2.37.2-150400.8.44.1 updated
- libsoftokn3-3.112.4-150400.3.66.1 updated
- libsqlite3-0-3.51.3-150000.3.39.1 updated
- libssh-config-0.9.8-150400.3.17.1 updated
- libssh4-0.9.8-150400.3.17.1 updated
- libstdc++6-15.2.0+git10201-150000.1.9.1 updated
- libsystemd0-249.17-150400.8.55.1 updated
- libtasn1-6-4.13-150000.4.14.1 updated
- libtasn1-4.13-150000.4.14.1 updated
- libudev1-249.17-150400.8.55.1 updated
- libuuid1-2.37.2-150400.8.44.1 updated
- libxml2-2-2.9.14-150400.5.55.1 updated
- libxslt1-1.1.34-150400.3.16.1 updated
- mozilla-nss-certs-3.112.4-150400.3.66.1 updated
- mozilla-nss-3.112.4-150400.3.66.1 updated
- ncurses-utils-6.1-150000.5.33.1 updated
- openssl-1_1-1.1.1l-150400.7.93.1 updated
- pciutils-3.13.0-150300.13.12.1 updated
- qemu-guest-agent-6.2.0-150400.37.49.1 updated
- rsync-3.2.3-150400.3.26.1 updated
- sed-4.4-150300.13.6.1 updated
- shim-16.1-150300.4.31.3 updated
- sudo-1.9.9-150400.4.42.1 updated
- systemd-sysvinit-249.17-150400.8.55.1 updated
- systemd-249.17-150400.8.55.1 updated
- tar-1.34-150000.3.37.1 updated
- terminfo-base-6.1-150000.5.33.1 updated
- udev-249.17-150400.8.55.1 updated
- util-linux-systemd-2.37.2-150400.8.44.1 updated
- util-linux-2.37.2-150400.8.44.1 updated
- vim-data-common-9.2.0280-150000.5.89.1 updated
- vim-small-9.2.0280-150000.5.89.1 updated
More information about the sle-container-updates
mailing list