From null at suse.de Wed Apr 1 12:30:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:30:20 -0000 Subject: SUSE-SU-2026:20947-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177504662082.568.14376660744636486027@634a8d224e68> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20947-1 Release Date: 2026-03-25T18:17:14Z Rating: important References: * bsc#1255052 * bsc#1255053 * bsc#1255378 * bsc#1255402 * bsc#1255895 * bsc#1256624 * bsc#1256644 * bsc#1257669 Cross-References: * CVE-2025-40214 * CVE-2025-40258 * CVE-2025-40284 * CVE-2025-40297 * CVE-2025-68284 * CVE-2025-68285 * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-40214 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40258 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40284 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40297 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68284 ( SUSE ): 7.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68285 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052). * CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053). * CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669). * CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895). * CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378). * CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402). * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-448=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-4-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40214.html * https://www.suse.com/security/cve/CVE-2025-40258.html * https://www.suse.com/security/cve/CVE-2025-40284.html * https://www.suse.com/security/cve/CVE-2025-40297.html * https://www.suse.com/security/cve/CVE-2025-68284.html * https://www.suse.com/security/cve/CVE-2025-68285.html * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1255052 * https://bugzilla.suse.com/show_bug.cgi?id=1255053 * https://bugzilla.suse.com/show_bug.cgi?id=1255378 * https://bugzilla.suse.com/show_bug.cgi?id=1255402 * https://bugzilla.suse.com/show_bug.cgi?id=1255895 * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 * https://bugzilla.suse.com/show_bug.cgi?id=1257669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:30:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:30:36 -0000 Subject: SUSE-SU-2026:20946-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177504663633.568.12403792443098723555@634a8d224e68> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20946-1 Release Date: 2026-03-25T18:09:48Z Rating: important References: * bsc#1247240 * bsc#1255052 * bsc#1255053 * bsc#1255378 * bsc#1255402 * bsc#1255895 * bsc#1256624 * bsc#1256644 * bsc#1257669 Cross-References: * CVE-2025-38488 * CVE-2025-40214 * CVE-2025-40258 * CVE-2025-40284 * CVE-2025-40297 * CVE-2025-68284 * CVE-2025-68285 * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-38488 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38488 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38488 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40214 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40258 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40284 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40297 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68284 ( SUSE ): 7.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68285 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240). * CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052). * CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053). * CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669). * CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895). * CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378). * CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402). * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-446=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-debuginfo-8-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-8-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-8-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-38488.html * https://www.suse.com/security/cve/CVE-2025-40214.html * https://www.suse.com/security/cve/CVE-2025-40258.html * https://www.suse.com/security/cve/CVE-2025-40284.html * https://www.suse.com/security/cve/CVE-2025-40297.html * https://www.suse.com/security/cve/CVE-2025-68284.html * https://www.suse.com/security/cve/CVE-2025-68285.html * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1247240 * https://bugzilla.suse.com/show_bug.cgi?id=1255052 * https://bugzilla.suse.com/show_bug.cgi?id=1255053 * https://bugzilla.suse.com/show_bug.cgi?id=1255378 * https://bugzilla.suse.com/show_bug.cgi?id=1255402 * https://bugzilla.suse.com/show_bug.cgi?id=1255895 * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 * https://bugzilla.suse.com/show_bug.cgi?id=1257669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:30:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:30:49 -0000 Subject: SUSE-SU-2026:20945-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177504664996.568.11771704448850085920@634a8d224e68> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20945-1 Release Date: 2026-03-25T18:08:48Z Rating: important References: * bsc#1255052 * bsc#1255053 * bsc#1255378 * bsc#1255402 * bsc#1255895 * bsc#1256624 * bsc#1256644 * bsc#1257669 Cross-References: * CVE-2025-40214 * CVE-2025-40258 * CVE-2025-40284 * CVE-2025-40297 * CVE-2025-68284 * CVE-2025-68285 * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-40214 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40258 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40284 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40297 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68284 ( SUSE ): 7.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68285 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052). * CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053). * CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669). * CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895). * CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378). * CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402). * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-447=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-6-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40214.html * https://www.suse.com/security/cve/CVE-2025-40258.html * https://www.suse.com/security/cve/CVE-2025-40284.html * https://www.suse.com/security/cve/CVE-2025-40297.html * https://www.suse.com/security/cve/CVE-2025-68284.html * https://www.suse.com/security/cve/CVE-2025-68285.html * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1255052 * https://bugzilla.suse.com/show_bug.cgi?id=1255053 * https://bugzilla.suse.com/show_bug.cgi?id=1255378 * https://bugzilla.suse.com/show_bug.cgi?id=1255402 * https://bugzilla.suse.com/show_bug.cgi?id=1255895 * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 * https://bugzilla.suse.com/show_bug.cgi?id=1257669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:31:02 -0000 Subject: SUSE-SU-2026:20944-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177504666222.568.3086656311664036013@634a8d224e68> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20944-1 Release Date: 2026-03-25T06:45:19Z Rating: important References: * bsc#1255052 * bsc#1255053 * bsc#1255378 * bsc#1255402 * bsc#1255895 * bsc#1256624 * bsc#1256644 Cross-References: * CVE-2025-40214 * CVE-2025-40258 * CVE-2025-40297 * CVE-2025-68284 * CVE-2025-68285 * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-40214 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40258 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40297 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68284 ( SUSE ): 7.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68285 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052). * CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053). * CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895). * CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378). * CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402). * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-441=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_8-default-3-160000.1.1 * kernel-livepatch-SLE16_Update_3-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40214.html * https://www.suse.com/security/cve/CVE-2025-40258.html * https://www.suse.com/security/cve/CVE-2025-40297.html * https://www.suse.com/security/cve/CVE-2025-68284.html * https://www.suse.com/security/cve/CVE-2025-68285.html * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1255052 * https://bugzilla.suse.com/show_bug.cgi?id=1255053 * https://bugzilla.suse.com/show_bug.cgi?id=1255378 * https://bugzilla.suse.com/show_bug.cgi?id=1255402 * https://bugzilla.suse.com/show_bug.cgi?id=1255895 * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:31:06 -0000 Subject: SUSE-SU-2026:20943-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177504666665.568.7087284196186819845@634a8d224e68> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20943-1 Release Date: 2026-03-25T05:42:56Z Rating: important References: * bsc#1256624 * bsc#1256644 Cross-References: * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-440=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_9-default-debuginfo-2-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:31:07 -0000 Subject: SUSE-SU-2026:20942-1: important: Security update for the initial kernel livepatch Message-ID: <177504666784.568.16692244699814977534@634a8d224e68> # Security update for the initial kernel livepatch Announcement ID: SUSE-SU-2026:20942-1 Release Date: 2026-03-24T20:14:20Z Rating: important References: Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that can now be installed. ## Description: This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-436=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_27-default-1-160000.1.1 * kernel-livepatch-SLE16_Update_6-debugsource-1-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-debuginfo-1-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:31:17 -0000 Subject: SUSE-SU-2026:20941-1: moderate: Security update for ucode-intel Message-ID: <177504667743.568.11069114517554922718@634a8d224e68> # Security update for ucode-intel Announcement ID: SUSE-SU-2026:20941-1 Release Date: 2026-03-19T09:31:38Z Rating: moderate References: * bsc#1229129 * bsc#1230400 * bsc#1249138 * bsc#1253319 * bsc#1258046 Cross-References: * CVE-2024-24853 * CVE-2025-31648 CVSS scores: * CVE-2024-24853 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-24853 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H * CVE-2025-31648 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-31648 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2025-31648 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-31648 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities and has three fixes can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Intel CPU Microcode was updated to the 20260210 release (bsc#1258046): * CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access (bsc#1229129). * CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege (bsc#1258046). * Intel CPU Microcode was updated to the 20251111 release (bsc#1253319): * Update for functional issues. * switch the supplements to use supplements + kernel to allow moving a installation to Intel hardware (bsc#1249138) * Intel CPU Microcode was updated to the 20241029 release (bsc#1230400): * Update for functional issues. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-415=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * ucode-intel-20260210-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-24853.html * https://www.suse.com/security/cve/CVE-2025-31648.html * https://bugzilla.suse.com/show_bug.cgi?id=1229129 * https://bugzilla.suse.com/show_bug.cgi?id=1230400 * https://bugzilla.suse.com/show_bug.cgi?id=1249138 * https://bugzilla.suse.com/show_bug.cgi?id=1253319 * https://bugzilla.suse.com/show_bug.cgi?id=1258046 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:31:39 -0000 Subject: SUSE-SU-2026:20940-1: moderate: Security update for net-tools Message-ID: <177504669906.568.15245737443668383070@634a8d224e68> # Security update for net-tools Announcement ID: SUSE-SU-2026:20940-1 Release Date: 2026-03-26T15:12:43Z Rating: moderate References: * bsc#1243581 * bsc#1248410 * bsc#1248687 * bsc#142461 * bsc#430864 * bsc#544339 Cross-References: * CVE-2025-46836 CVSS scores: * CVE-2025-46836 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-46836 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-46836 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability and has five fixes can now be installed. ## Description: This update for net-tools fixes the following issues: * Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58). * Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq- cmw2-cq59). * Avoid unsafe memcpy in ifconfig (bsc#1248687). * Prevent overflow in ax25 and netrom (bsc#1248687) * Keep possibility to enter long interface names, even if they are not accepted by the kernel, because it was always possible up to CVE-2025-46836 fix. But issue a warning about an interface name concatenation (bsc#1248410). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-454=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * net-tools-debugsource-2.10-160000.3.1 * net-tools-2.10-160000.3.1 * net-tools-debuginfo-2.10-160000.3.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * net-tools-lang-2.10-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1243581 * https://bugzilla.suse.com/show_bug.cgi?id=1248410 * https://bugzilla.suse.com/show_bug.cgi?id=1248687 * https://bugzilla.suse.com/show_bug.cgi?id=142461 * https://bugzilla.suse.com/show_bug.cgi?id=430864 * https://bugzilla.suse.com/show_bug.cgi?id=544339 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:31:51 -0000 Subject: SUSE-SU-2026:20936-1: important: Security update for openexr Message-ID: <177504671194.568.12192576081699283429@634a8d224e68> # Security update for openexr Announcement ID: SUSE-SU-2026:20936-1 Release Date: 2026-03-26T10:03:06Z Rating: important References: * bsc#1259177 Cross-References: * CVE-2026-27622 CVSS scores: * CVE-2026-27622 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-27622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27622 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for openexr fixes the following issue: * CVE-2026-27622: crafted multipart deep EXR can cause an heap out-of-bound write (bsc#1259177). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-450=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * openexr-debuginfo-3.2.2-160000.5.1 * libIex-3_2-31-debuginfo-3.2.2-160000.5.1 * libOpenEXR-3_2-31-3.2.2-160000.5.1 * libIlmThread-3_2-31-debuginfo-3.2.2-160000.5.1 * libOpenEXRCore-3_2-31-debuginfo-3.2.2-160000.5.1 * libOpenEXRUtil-3_2-31-debuginfo-3.2.2-160000.5.1 * openexr-3.2.2-160000.5.1 * openexr-debugsource-3.2.2-160000.5.1 * libIlmThread-3_2-31-3.2.2-160000.5.1 * libOpenEXRCore-3_2-31-3.2.2-160000.5.1 * libIex-3_2-31-3.2.2-160000.5.1 * libOpenEXRUtil-3_2-31-3.2.2-160000.5.1 * libOpenEXR-3_2-31-debuginfo-3.2.2-160000.5.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * openexr-doc-3.2.2-160000.5.1 * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libOpenEXRCore-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 * libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libIex-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 * libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libOpenEXR-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 * libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libIlmThread-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 * libOpenEXRUtil-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27622.html * https://bugzilla.suse.com/show_bug.cgi?id=1259177 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:31:54 -0000 Subject: SUSE-SU-2026:20935-1: moderate: Security update for fetchmail Message-ID: <177504671467.568.2032144423203099424@634a8d224e68> # Security update for fetchmail Announcement ID: SUSE-SU-2026:20935-1 Release Date: 2026-03-26T09:57:56Z Rating: moderate References: * bsc#1251194 Cross-References: * CVE-2025-61962 CVSS scores: * CVE-2025-61962 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61962 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for fetchmail fixes the following issues: * CVE-2025-61962: Fixed denial of service (bsc#1251194) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-449=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * fetchmail-debugsource-6.5.2-160000.3.1 * fetchmail-6.5.2-160000.3.1 * fetchmail-debuginfo-6.5.2-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61962.html * https://bugzilla.suse.com/show_bug.cgi?id=1251194 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:31:57 -0000 Subject: SUSE-SU-2026:20934-1: important: Security update for python-PyJWT Message-ID: <177504671773.568.4653906107112459867@634a8d224e68> # Security update for python-PyJWT Announcement ID: SUSE-SU-2026:20934-1 Release Date: 2026-03-25T18:08:48Z Rating: important References: * bsc#1259616 Cross-References: * CVE-2026-32597 CVSS scores: * CVE-2026-32597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyJWT fixes the following issue: Update to PyJWT 2.12.1: * CVE-2026-32597: PyJWT accepts unknown `crit` header extensions (bsc#1259616). Changelog: Update to 2.12.1: * Add missing typing_extensions dependency for Python < 3.11 in #1150 Update to 2.12.0: * Annotate PyJWKSet.keys for pyright by @tamird in #1134 * Close HTTPError response to prevent ResourceWarning on Python 3.14 by @veeceey in #1133 * Do not keep algorithms dict in PyJWK instances by @akx in #1143 * Use PyJWK algorithm when encoding without explicit algorithm in #1148 * Docs: Add PyJWKClient API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache). Update to 2.11.0: * Enforce ECDSA curve validation per RFC 7518 Section 3.4. * Fix build system warnings by @kurtmckee in #1105 * Validate key against allowed types for Algorithm family in #964 * Add iterator for JWKSet in #1041 * Validate iss claim is a string during encoding and decoding by @pachewise in #1040 * Improve typing/logic for options in decode, decode_complete by @pachewise in #1045 * Declare float supported type for lifespan and timeout by @nikitagashkov in #1068 * Fix SyntaxWarnings/DeprecationWarnings caused by invalid escape sequences by @kurtmckee in #1103 * Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in #1114 * Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @kurtmckee in #1112 * Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in #1104 * Development: Migrate to build to test package building in CI by @kurtmckee in #1108 * Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in #1115 * Docs: Standardize CHANGELOG links to PRs by @kurtmckee in #1110 * Docs: Fix Read the Docs builds by @kurtmckee in #1111 * Docs: Add example of using leeway with nbf by @djw8605 in #1034 * Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @pachewise in #1045 * Docs: Documentation improvements for "sub" and "jti" claims by @cleder in #1088 * Development: Add pyupgrade as a pre-commit hook by @kurtmckee in #1109 * Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead. * Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-445=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * python313-PyJWT-2.12.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32597.html * https://bugzilla.suse.com/show_bug.cgi?id=1259616 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:32:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:32:02 -0000 Subject: SUSE-SU-2026:20933-1: moderate: Security update for python-ldap Message-ID: <177504672205.568.17582113302707612269@634a8d224e68> # Security update for python-ldap Announcement ID: SUSE-SU-2026:20933-1 Release Date: 2026-03-25T10:40:32Z Rating: moderate References: * bsc#1251912 * bsc#1251913 Cross-References: * CVE-2025-61911 * CVE-2025-61912 CVSS scores: * CVE-2025-61911 ( SUSE ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-61911 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-61911 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-61911 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-61912 ( SUSE ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-61912 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-61912 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-61912 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-ldap fixes the following issues: * CVE-2025-61911: Enforce str for escape_filter_chars (bsc#1251912). * CVE-2025-61912: Escape NULs as per RFC 4514 in escape_dn_chars (bsc#1251913). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-443=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * python313-ldap-debuginfo-3.4.4-160000.3.1 * python-ldap-debugsource-3.4.4-160000.3.1 * python313-ldap-3.4.4-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61911.html * https://www.suse.com/security/cve/CVE-2025-61912.html * https://bugzilla.suse.com/show_bug.cgi?id=1251912 * https://bugzilla.suse.com/show_bug.cgi?id=1251913 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:32:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:32:04 -0000 Subject: SUSE-SU-2026:20932-1: moderate: Security update for ffmpeg-7 Message-ID: <177504672497.568.9184614220527382126@634a8d224e68> # Security update for ffmpeg-7 Announcement ID: SUSE-SU-2026:20932-1 Release Date: 2026-03-25T10:03:00Z Rating: moderate References: * bsc#1246790 Cross-References: * CVE-2025-7700 CVSS scores: * CVE-2025-7700 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-7700 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-7700 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ffmpeg-7 fixes the following issues: * Updated to version 7.1.2: * avcodec/librsvgdec: fix compilation with librsvg 2.50.3 * libavfilter/af_firequalizer: Add check for av_malloc_array() * avcodec/libsvtav1: unbreak build with latest svtav1 * avformat/hls: Fix Youtube AAC * Various bugfixes. * CVE-2025-7700: Fixed NULL Pointer Dereference in ALS Decoder (bsc#1246790) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-442=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libavformat61-debuginfo-7.1.2-160000.1.1 * libavcodec61-debuginfo-7.1.2-160000.1.1 * ffmpeg-7-debuginfo-7.1.2-160000.1.1 * libavdevice61-debuginfo-7.1.2-160000.1.1 * libavdevice61-7.1.2-160000.1.1 * libavfilter10-7.1.2-160000.1.1 * libavutil59-debuginfo-7.1.2-160000.1.1 * libpostproc58-7.1.2-160000.1.1 * ffmpeg-7-7.1.2-160000.1.1 * libpostproc58-debuginfo-7.1.2-160000.1.1 * libswscale8-7.1.2-160000.1.1 * libswscale8-debuginfo-7.1.2-160000.1.1 * libavutil59-7.1.2-160000.1.1 * libavformat61-7.1.2-160000.1.1 * libswresample5-7.1.2-160000.1.1 * ffmpeg-7-debugsource-7.1.2-160000.1.1 * libswresample5-debuginfo-7.1.2-160000.1.1 * libavfilter10-debuginfo-7.1.2-160000.1.1 * libavcodec61-7.1.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-7700.html * https://bugzilla.suse.com/show_bug.cgi?id=1246790 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:37:30 -0000 Subject: SUSE-SU-2026:20931-1: important: Security update for the Linux Kernel Message-ID: <177504705035.568.5633339227306733070@634a8d224e68> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:20931-1 Release Date: 2026-03-25T08:49:52Z Rating: important References: * bsc#1234634 * bsc#1249590 * bsc#1250748 * bsc#1251135 * bsc#1251966 * bsc#1251971 * bsc#1252008 * bsc#1252266 * bsc#1252911 * bsc#1252924 * bsc#1253129 * bsc#1253691 * bsc#1254817 * bsc#1254928 * bsc#1255129 * bsc#1255144 * bsc#1255148 * bsc#1255311 * bsc#1255490 * bsc#1255572 * bsc#1255721 * bsc#1255868 * bsc#1256640 * bsc#1256675 * bsc#1256679 * bsc#1256708 * bsc#1256732 * bsc#1256784 * bsc#1256802 * bsc#1256865 * bsc#1256867 * bsc#1257154 * bsc#1257174 * bsc#1257209 * bsc#1257222 * bsc#1257228 * bsc#1257231 * bsc#1257246 * bsc#1257332 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257551 * bsc#1257552 * bsc#1257553 * bsc#1257554 * bsc#1257556 * bsc#1257557 * bsc#1257559 * bsc#1257560 * bsc#1257561 * bsc#1257562 * bsc#1257565 * bsc#1257570 * bsc#1257572 * bsc#1257573 * bsc#1257576 * bsc#1257579 * bsc#1257580 * bsc#1257581 * bsc#1257586 * bsc#1257600 * bsc#1257631 * bsc#1257635 * bsc#1257679 * bsc#1257682 * bsc#1257686 * bsc#1257687 * bsc#1257688 * bsc#1257704 * bsc#1257705 * bsc#1257706 * bsc#1257707 * bsc#1257709 * bsc#1257714 * bsc#1257715 * bsc#1257716 * bsc#1257718 * bsc#1257722 * bsc#1257723 * bsc#1257726 * bsc#1257729 * bsc#1257730 * bsc#1257732 * bsc#1257734 * bsc#1257735 * bsc#1257737 * bsc#1257739 * bsc#1257740 * bsc#1257741 * bsc#1257742 * bsc#1257743 * bsc#1257745 * bsc#1257749 * bsc#1257750 * bsc#1257755 * bsc#1257757 * bsc#1257758 * bsc#1257759 * bsc#1257761 * bsc#1257762 * bsc#1257763 * bsc#1257765 * bsc#1257768 * bsc#1257770 * bsc#1257772 * bsc#1257775 * bsc#1257776 * bsc#1257788 * bsc#1257789 * bsc#1257790 * bsc#1257805 * bsc#1257808 * bsc#1257809 * bsc#1257811 * bsc#1257813 * bsc#1257814 * bsc#1257815 * bsc#1257816 * bsc#1257817 * bsc#1257818 * bsc#1257830 * bsc#1257942 * bsc#1257952 * bsc#1258153 * bsc#1258181 * bsc#1258184 * bsc#1258222 * bsc#1258232 * bsc#1258234 * bsc#1258237 * bsc#1258245 * bsc#1258249 * bsc#1258252 * bsc#1258256 * bsc#1258258 * bsc#1258259 * bsc#1258272 * bsc#1258273 * bsc#1258276 * bsc#1258277 * bsc#1258279 * bsc#1258286 * bsc#1258289 * bsc#1258290 * bsc#1258297 * bsc#1258298 * bsc#1258299 * bsc#1258303 * bsc#1258304 * bsc#1258308 * bsc#1258309 * bsc#1258313 * bsc#1258317 * bsc#1258321 * bsc#1258323 * bsc#1258324 * bsc#1258326 * bsc#1258331 * bsc#1258338 * bsc#1258349 * bsc#1258354 * bsc#1258355 * bsc#1258358 * bsc#1258374 * bsc#1258376 * bsc#1258377 * bsc#1258379 * bsc#1258389 * bsc#1258394 * bsc#1258395 * bsc#1258397 * bsc#1258411 * bsc#1258415 * bsc#1258419 * bsc#1258421 * bsc#1258422 * bsc#1258424 * bsc#1258429 * bsc#1258430 * bsc#1258442 * bsc#1258455 * bsc#1258461 * bsc#1258464 * bsc#1258465 * bsc#1258468 * bsc#1258469 * bsc#1258483 * bsc#1258484 * bsc#1258489 * bsc#1258517 * bsc#1258518 * bsc#1258519 * bsc#1258520 * bsc#1258524 * bsc#1258544 * bsc#1258660 * bsc#1258672 * bsc#1258824 * bsc#1259329 * jsc#PED-11563 * jsc#PED-14156 Cross-References: * CVE-2025-39753 * CVE-2025-39964 * CVE-2025-40099 * CVE-2025-40103 * CVE-2025-40230 * CVE-2025-68173 * CVE-2025-68186 * CVE-2025-68292 * CVE-2025-68295 * CVE-2025-68329 * CVE-2025-68371 * CVE-2025-68745 * CVE-2025-68785 * CVE-2025-68810 * CVE-2025-68818 * CVE-2025-71071 * CVE-2025-71104 * CVE-2025-71125 * CVE-2025-71134 * CVE-2025-71161 * CVE-2025-71182 * CVE-2025-71183 * CVE-2025-71184 * CVE-2025-71185 * CVE-2025-71186 * CVE-2025-71188 * CVE-2025-71189 * CVE-2025-71190 * CVE-2025-71191 * CVE-2025-71192 * CVE-2025-71193 * CVE-2025-71194 * CVE-2025-71195 * CVE-2025-71196 * CVE-2025-71197 * CVE-2025-71198 * CVE-2025-71199 * CVE-2025-71200 * CVE-2025-71222 * CVE-2025-71224 * CVE-2025-71225 * CVE-2025-71229 * CVE-2025-71231 * CVE-2025-71232 * CVE-2025-71233 * CVE-2025-71234 * CVE-2025-71235 * CVE-2025-71236 * CVE-2026-22979 * CVE-2026-22980 * CVE-2026-22998 * CVE-2026-23003 * CVE-2026-23004 * CVE-2026-23010 * CVE-2026-23017 * CVE-2026-23018 * CVE-2026-23021 * CVE-2026-23022 * CVE-2026-23023 * CVE-2026-23024 * CVE-2026-23026 * CVE-2026-23030 * CVE-2026-23031 * CVE-2026-23033 * CVE-2026-23035 * CVE-2026-23037 * CVE-2026-23038 * CVE-2026-23042 * CVE-2026-23047 * CVE-2026-23049 * CVE-2026-23050 * CVE-2026-23053 * CVE-2026-23054 * CVE-2026-23055 * CVE-2026-23056 * CVE-2026-23057 * CVE-2026-23058 * CVE-2026-23059 * CVE-2026-23060 * CVE-2026-23061 * CVE-2026-23062 * CVE-2026-23063 * CVE-2026-23064 * CVE-2026-23065 * CVE-2026-23066 * CVE-2026-23068 * CVE-2026-23069 * CVE-2026-23070 * CVE-2026-23071 * CVE-2026-23073 * CVE-2026-23074 * CVE-2026-23076 * CVE-2026-23078 * CVE-2026-23080 * CVE-2026-23082 * CVE-2026-23083 * CVE-2026-23084 * CVE-2026-23085 * CVE-2026-23086 * CVE-2026-23088 * CVE-2026-23089 * CVE-2026-23090 * CVE-2026-23091 * CVE-2026-23094 * CVE-2026-23095 * CVE-2026-23096 * CVE-2026-23097 * CVE-2026-23099 * CVE-2026-23100 * CVE-2026-23101 * CVE-2026-23102 * CVE-2026-23104 * CVE-2026-23105 * CVE-2026-23107 * CVE-2026-23108 * CVE-2026-23110 * CVE-2026-23111 * CVE-2026-23112 * CVE-2026-23116 * CVE-2026-23119 * CVE-2026-23121 * CVE-2026-23123 * CVE-2026-23128 * CVE-2026-23129 * CVE-2026-23131 * CVE-2026-23133 * CVE-2026-23135 * CVE-2026-23136 * CVE-2026-23137 * CVE-2026-23139 * CVE-2026-23141 * CVE-2026-23142 * CVE-2026-23144 * CVE-2026-23145 * CVE-2026-23146 * CVE-2026-23148 * CVE-2026-23150 * CVE-2026-23151 * CVE-2026-23152 * CVE-2026-23154 * CVE-2026-23155 * CVE-2026-23156 * CVE-2026-23157 * CVE-2026-23158 * CVE-2026-23161 * CVE-2026-23163 * CVE-2026-23166 * CVE-2026-23167 * CVE-2026-23169 * CVE-2026-23170 * CVE-2026-23171 * CVE-2026-23172 * CVE-2026-23173 * CVE-2026-23176 * CVE-2026-23177 * CVE-2026-23178 * CVE-2026-23179 * CVE-2026-23182 * CVE-2026-23188 * CVE-2026-23189 * CVE-2026-23190 * CVE-2026-23191 * CVE-2026-23198 * CVE-2026-23202 * CVE-2026-23207 * CVE-2026-23208 * CVE-2026-23209 * CVE-2026-23210 * CVE-2026-23213 * CVE-2026-23214 * CVE-2026-23221 * CVE-2026-23222 * CVE-2026-23223 * CVE-2026-23224 * CVE-2026-23229 * CVE-2026-23230 CVSS scores: * CVE-2025-39753 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39964 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39964 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-39964 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40099 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40099 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-40103 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40103 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40230 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68173 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68173 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68186 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68186 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68292 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68295 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68329 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68329 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68371 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68745 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68745 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68785 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68785 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2025-68810 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71071 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-71071 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71104 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-71104 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-71104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71134 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71134 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71161 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71182 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71182 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71184 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71186 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71186 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71186 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71188 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71189 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71189 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71189 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71190 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71190 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71190 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71191 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71191 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71191 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71192 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-71192 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-71193 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71193 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71194 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71195 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71195 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71196 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71196 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71197 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-71198 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71198 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71199 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71199 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71200 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71200 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71222 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71222 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71222 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71224 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71224 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71225 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71225 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-71225 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-71229 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71229 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71229 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71232 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71232 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71233 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71233 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71233 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71234 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71234 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71234 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71235 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71235 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71235 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71236 ( SUSE ): 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71236 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71236 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22979 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22979 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22980 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22980 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22998 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23003 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23003 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23010 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23010 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23017 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23017 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23018 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23018 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23021 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23021 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23022 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23023 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23023 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23023 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23024 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23024 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23026 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23026 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23026 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23031 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23033 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23033 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23035 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23035 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23037 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23037 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23038 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23038 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23042 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23042 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23049 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23049 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23050 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23050 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23053 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23053 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23055 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23056 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23056 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23057 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23057 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23058 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23058 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23059 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23059 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23060 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23060 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23060 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23061 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23061 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23062 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23062 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23062 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23063 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23063 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23063 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23064 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23064 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23065 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23065 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23065 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23066 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23066 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23068 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23068 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23070 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23070 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23071 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23071 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23073 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23073 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23076 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23076 ( SUSE ): 5.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23076 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23078 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23078 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23078 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23080 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23080 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23082 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23083 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23083 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23083 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23084 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23085 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23086 ( SUSE ): 6.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H * CVE-2026-23086 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23086 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23089 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23089 ( SUSE ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23090 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23090 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23090 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23091 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23091 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23091 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23094 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23094 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23094 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23095 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23095 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23096 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23097 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23097 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23097 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23099 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23099 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23099 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23100 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23100 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23100 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23101 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23101 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23101 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23102 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23102 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23102 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23104 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23104 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23105 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23105 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23105 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23107 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23107 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23108 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23108 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23108 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23110 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23110 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23110 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23112 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23112 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23112 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23116 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23116 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23119 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23119 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23121 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23121 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23121 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23123 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23123 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23123 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23128 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23128 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23128 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23129 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23131 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23131 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23131 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23133 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23133 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23135 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23135 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23135 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23137 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23137 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23137 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23139 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23139 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23139 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23141 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23141 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23141 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23142 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23142 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23142 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23144 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23144 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23145 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23145 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23145 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23146 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23146 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23148 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23148 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23150 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23150 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23150 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23151 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23151 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23152 ( SUSE ): 5.9 CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23152 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23152 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23155 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23155 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23156 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-23156 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2026-23156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23158 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23158 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23158 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23161 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23161 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23161 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23163 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23163 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23166 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23167 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23167 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23167 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23170 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23170 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23170 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23171 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23172 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23172 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23173 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23173 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23173 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23176 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23176 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23177 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23177 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23178 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23179 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23179 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23182 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23182 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23188 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23189 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23189 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23189 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23190 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23190 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23190 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23198 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23198 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23208 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23210 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23210 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23210 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23213 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23213 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23213 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23214 ( SUSE ): 5.1 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23214 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23214 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23221 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23221 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23222 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-23222 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2026-23222 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23223 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-23223 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2026-23223 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23224 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23224 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23224 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23229 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23229 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23229 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23230 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23230 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23230 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves 176 vulnerabilities, contains two features and has 24 fixes can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues. The following security issues were fixed: * CVE-2025-39753: gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590). * CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966). * CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911). * CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924). * CVE-2025-40230: mm: prevent poison consumption when splitting THP (bsc#1254817). * CVE-2025-68173: ftrace: Fix softlockup in ftrace_module_enable (bsc#1255311). * CVE-2025-68186: ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (bsc#1255144). * CVE-2025-68292: mm/memfd: fix information leak in hugetlb folios (bsc#1255148). * CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129). * CVE-2025-68329: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (bsc#1255490). * CVE-2025-68371: scsi: smartpqi: Fix device resources accessed after device removal (bsc#1255572). * CVE-2025-68745: scsi: qla2xxx: Clear cmds after chip reset (bsc#1255721). * CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640). * CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679). * CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802). * CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71134: mm/page_alloc: change all pageblocks migrate type on coalescing (bsc#1256732). * CVE-2025-71161: dm-verity: disable recursive forward error correction (bsc#1257174). * CVE-2025-71184: btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635). * CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686). * CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411). * CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228). * CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209). * CVE-2026-23003: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1257246). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). * CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332). * CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552). * CVE-2026-23022: idpf: fix memory leak in idpf_vc_core_deinit() (bsc#1257581). * CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556). * CVE-2026-23024: idpf: fix memory leak of flow steer list on rmmod (bsc#1257572). * CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559). * CVE-2026-23042: idpf: fix aux device unplugging when rdma is not supported by vport (bsc#1257705). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718). * CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740). * CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765). * CVE-2026-23066: rxrpc: Fix recvmsg() unconditional requeue (bsc#1257726). * CVE-2026-23068: spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). * CVE-2026-23083: tools: ynl-gen: use big-endian netlink attribute types (bsc#1257745). * CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830). * CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758). * CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808). * CVE-2026-23097: migrate: correct lock ordering for hugetlb file folios (bsc#1257815). * CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816). * CVE-2026-23100: mm/hugetlb: fix hugetlb_pmd_shared() (bsc#1257817). * CVE-2026-23102: arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772). * CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763). * CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775). * CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762). * CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181). * CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184). * CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277). * CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304). * CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377). * CVE-2026-23142: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (bsc#1258289). * CVE-2026-23144: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (bsc#1258290). * CVE-2026-23148: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (bsc#1258258). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23161: mm/shmem, swap: fix race of truncate and swap entry split (bsc#1258355). * CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23171: bonding: fix use-after-free due to enslave fail after slave array update (bsc#1258349). * CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520). * CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394). * CVE-2026-23189: ceph: fix NULL pointer dereference in ceph_mds_auth_match() (bsc#1258308). * CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321). * CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). * CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517). * CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464). * CVE-2026-23223: xfs: fix UAF in xchk_btree_check_block_owner (bsc#1258483). * CVE-2026-23224: erofs: fix UAF issue for file-backed mounts w/ directio option (bsc#1258461). The following non security issues were fixed: * ALSA: usb-audio: Update the number of packets properly at receiving (stable- fixes). * ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). * ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git- fixes). * Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). * HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). * HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). * PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). * PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) * PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) * PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). * Refresh and move upstreamed ath12k patch into sorted section * Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) * add bugnumber to existing mana change (bsc#1252266). * arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) * bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git- fixes). * clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). * clocksource: Print durations for sync check unconditionally (bsc#1257818). * clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). * clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). * dm: Fix deadlock when reloading a multipath table (bsc#1254928). * drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). * ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). * gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). * i3c: master: Update hot-join flag only on success (git-fixes). * ktls, sockmap: Fix missing uncharge operation (bsc#1252008). * media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). * modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * platform/x86/amd: amd_3d_vcache: Add AMD 3D V-Cache optimizer driver (jsc#PED-11563). * sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634). * sched/deadline: Fix race in push_dl_task() (bsc#1234634). * sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634). * sched/fair: Fix pelt clock sync when entering idle (bsc#1234634). * sched/fair: Fix pelt lost idle time detection (bsc#1234634). * staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). * wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-435=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * kernel-docs-html-6.12.0-160000.27.1 * kernel-macros-6.12.0-160000.27.1 * kernel-source-6.12.0-160000.27.1 * kernel-devel-6.12.0-160000.27.1 * kernel-source-vanilla-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debuginfo-6.12.0-160000.27.1 * kernel-default-base-6.12.0-160000.27.1.160000.2.8 * kernel-kvmsmall-devel-6.12.0-160000.27.1 * kernel-kvmsmall-debugsource-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64) * kernel-64kb-debugsource-6.12.0-160000.27.1 * kernel-64kb-extra-debuginfo-6.12.0-160000.27.1 * kernel-64kb-debuginfo-6.12.0-160000.27.1 * kernel-64kb-extra-6.12.0-160000.27.1 * kernel-64kb-devel-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 nosrc x86_64) * kernel-azure-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 x86_64) * kernel-azure-extra-6.12.0-160000.27.1 * kernel-azure-debugsource-6.12.0-160000.27.1 * kernel-azure-debuginfo-6.12.0-160000.27.1 * kernel-azure-extra-debuginfo-6.12.0-160000.27.1 * kernel-azure-devel-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * kernel-default-extra-6.12.0-160000.27.1 * kernel-syms-6.12.0-160000.27.1 * kernel-default-debuginfo-6.12.0-160000.27.1 * kernel-default-devel-6.12.0-160000.27.1 * kernel-obs-qa-6.12.0-160000.27.1 * kernel-default-extra-debuginfo-6.12.0-160000.27.1 * kernel-default-debugsource-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.27.1 * kernel-kvmsmall-vdso-6.12.0-160000.27.1 * kernel-azure-vdso-6.12.0-160000.27.1 * kernel-azure-devel-debuginfo-6.12.0-160000.27.1 * kernel-default-vdso-6.12.0-160000.27.1 * kernel-azure-vdso-debuginfo-6.12.0-160000.27.1 * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.27.1 * kernel-default-devel-debuginfo-6.12.0-160000.27.1 * kernel-default-vdso-debuginfo-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (nosrc s390x) * kernel-zfcpdump-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (s390x) * kernel-zfcpdump-debugsource-6.12.0-160000.27.1 * kernel-zfcpdump-debuginfo-6.12.0-160000.27.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39753.html * https://www.suse.com/security/cve/CVE-2025-39964.html * https://www.suse.com/security/cve/CVE-2025-40099.html * https://www.suse.com/security/cve/CVE-2025-40103.html * https://www.suse.com/security/cve/CVE-2025-40230.html * https://www.suse.com/security/cve/CVE-2025-68173.html * https://www.suse.com/security/cve/CVE-2025-68186.html * https://www.suse.com/security/cve/CVE-2025-68292.html * https://www.suse.com/security/cve/CVE-2025-68295.html * https://www.suse.com/security/cve/CVE-2025-68329.html * https://www.suse.com/security/cve/CVE-2025-68371.html * https://www.suse.com/security/cve/CVE-2025-68745.html * https://www.suse.com/security/cve/CVE-2025-68785.html * https://www.suse.com/security/cve/CVE-2025-68810.html * https://www.suse.com/security/cve/CVE-2025-68818.html * https://www.suse.com/security/cve/CVE-2025-71071.html * https://www.suse.com/security/cve/CVE-2025-71104.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71134.html * https://www.suse.com/security/cve/CVE-2025-71161.html * https://www.suse.com/security/cve/CVE-2025-71182.html * https://www.suse.com/security/cve/CVE-2025-71183.html * https://www.suse.com/security/cve/CVE-2025-71184.html * https://www.suse.com/security/cve/CVE-2025-71185.html * https://www.suse.com/security/cve/CVE-2025-71186.html * https://www.suse.com/security/cve/CVE-2025-71188.html * https://www.suse.com/security/cve/CVE-2025-71189.html * https://www.suse.com/security/cve/CVE-2025-71190.html * https://www.suse.com/security/cve/CVE-2025-71191.html * https://www.suse.com/security/cve/CVE-2025-71192.html * https://www.suse.com/security/cve/CVE-2025-71193.html * https://www.suse.com/security/cve/CVE-2025-71194.html * https://www.suse.com/security/cve/CVE-2025-71195.html * https://www.suse.com/security/cve/CVE-2025-71196.html * https://www.suse.com/security/cve/CVE-2025-71197.html * https://www.suse.com/security/cve/CVE-2025-71198.html * https://www.suse.com/security/cve/CVE-2025-71199.html * https://www.suse.com/security/cve/CVE-2025-71200.html * https://www.suse.com/security/cve/CVE-2025-71222.html * https://www.suse.com/security/cve/CVE-2025-71224.html * https://www.suse.com/security/cve/CVE-2025-71225.html * https://www.suse.com/security/cve/CVE-2025-71229.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71232.html * https://www.suse.com/security/cve/CVE-2025-71233.html * https://www.suse.com/security/cve/CVE-2025-71234.html * https://www.suse.com/security/cve/CVE-2025-71235.html * https://www.suse.com/security/cve/CVE-2025-71236.html * https://www.suse.com/security/cve/CVE-2026-22979.html * https://www.suse.com/security/cve/CVE-2026-22980.html * https://www.suse.com/security/cve/CVE-2026-22998.html * https://www.suse.com/security/cve/CVE-2026-23003.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23010.html * https://www.suse.com/security/cve/CVE-2026-23017.html * https://www.suse.com/security/cve/CVE-2026-23018.html * https://www.suse.com/security/cve/CVE-2026-23021.html * https://www.suse.com/security/cve/CVE-2026-23022.html * https://www.suse.com/security/cve/CVE-2026-23023.html * https://www.suse.com/security/cve/CVE-2026-23024.html * https://www.suse.com/security/cve/CVE-2026-23026.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23031.html * https://www.suse.com/security/cve/CVE-2026-23033.html * https://www.suse.com/security/cve/CVE-2026-23035.html * https://www.suse.com/security/cve/CVE-2026-23037.html * https://www.suse.com/security/cve/CVE-2026-23038.html * https://www.suse.com/security/cve/CVE-2026-23042.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23049.html * https://www.suse.com/security/cve/CVE-2026-23050.html * https://www.suse.com/security/cve/CVE-2026-23053.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23055.html * https://www.suse.com/security/cve/CVE-2026-23056.html * https://www.suse.com/security/cve/CVE-2026-23057.html * https://www.suse.com/security/cve/CVE-2026-23058.html * https://www.suse.com/security/cve/CVE-2026-23059.html * https://www.suse.com/security/cve/CVE-2026-23060.html * https://www.suse.com/security/cve/CVE-2026-23061.html * https://www.suse.com/security/cve/CVE-2026-23062.html * https://www.suse.com/security/cve/CVE-2026-23063.html * https://www.suse.com/security/cve/CVE-2026-23064.html * https://www.suse.com/security/cve/CVE-2026-23065.html * https://www.suse.com/security/cve/CVE-2026-23066.html * https://www.suse.com/security/cve/CVE-2026-23068.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23070.html * https://www.suse.com/security/cve/CVE-2026-23071.html * https://www.suse.com/security/cve/CVE-2026-23073.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23076.html * https://www.suse.com/security/cve/CVE-2026-23078.html * https://www.suse.com/security/cve/CVE-2026-23080.html * https://www.suse.com/security/cve/CVE-2026-23082.html * https://www.suse.com/security/cve/CVE-2026-23083.html * https://www.suse.com/security/cve/CVE-2026-23084.html * https://www.suse.com/security/cve/CVE-2026-23085.html * https://www.suse.com/security/cve/CVE-2026-23086.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23089.html * https://www.suse.com/security/cve/CVE-2026-23090.html * https://www.suse.com/security/cve/CVE-2026-23091.html * https://www.suse.com/security/cve/CVE-2026-23094.html * https://www.suse.com/security/cve/CVE-2026-23095.html * https://www.suse.com/security/cve/CVE-2026-23096.html * https://www.suse.com/security/cve/CVE-2026-23097.html * https://www.suse.com/security/cve/CVE-2026-23099.html * https://www.suse.com/security/cve/CVE-2026-23100.html * https://www.suse.com/security/cve/CVE-2026-23101.html * https://www.suse.com/security/cve/CVE-2026-23102.html * https://www.suse.com/security/cve/CVE-2026-23104.html * https://www.suse.com/security/cve/CVE-2026-23105.html * https://www.suse.com/security/cve/CVE-2026-23107.html * https://www.suse.com/security/cve/CVE-2026-23108.html * https://www.suse.com/security/cve/CVE-2026-23110.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23112.html * https://www.suse.com/security/cve/CVE-2026-23116.html * https://www.suse.com/security/cve/CVE-2026-23119.html * https://www.suse.com/security/cve/CVE-2026-23121.html * https://www.suse.com/security/cve/CVE-2026-23123.html * https://www.suse.com/security/cve/CVE-2026-23128.html * https://www.suse.com/security/cve/CVE-2026-23129.html * https://www.suse.com/security/cve/CVE-2026-23131.html * https://www.suse.com/security/cve/CVE-2026-23133.html * https://www.suse.com/security/cve/CVE-2026-23135.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23137.html * https://www.suse.com/security/cve/CVE-2026-23139.html * https://www.suse.com/security/cve/CVE-2026-23141.html * https://www.suse.com/security/cve/CVE-2026-23142.html * https://www.suse.com/security/cve/CVE-2026-23144.html * https://www.suse.com/security/cve/CVE-2026-23145.html * https://www.suse.com/security/cve/CVE-2026-23146.html * https://www.suse.com/security/cve/CVE-2026-23148.html * https://www.suse.com/security/cve/CVE-2026-23150.html * https://www.suse.com/security/cve/CVE-2026-23151.html * https://www.suse.com/security/cve/CVE-2026-23152.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23155.html * https://www.suse.com/security/cve/CVE-2026-23156.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23158.html * https://www.suse.com/security/cve/CVE-2026-23161.html * https://www.suse.com/security/cve/CVE-2026-23163.html * https://www.suse.com/security/cve/CVE-2026-23166.html * https://www.suse.com/security/cve/CVE-2026-23167.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23170.html * https://www.suse.com/security/cve/CVE-2026-23171.html * https://www.suse.com/security/cve/CVE-2026-23172.html * https://www.suse.com/security/cve/CVE-2026-23173.html * https://www.suse.com/security/cve/CVE-2026-23176.html * https://www.suse.com/security/cve/CVE-2026-23177.html * https://www.suse.com/security/cve/CVE-2026-23178.html * https://www.suse.com/security/cve/CVE-2026-23179.html * https://www.suse.com/security/cve/CVE-2026-23182.html * https://www.suse.com/security/cve/CVE-2026-23188.html * https://www.suse.com/security/cve/CVE-2026-23189.html * https://www.suse.com/security/cve/CVE-2026-23190.html * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23198.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23208.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://www.suse.com/security/cve/CVE-2026-23210.html * https://www.suse.com/security/cve/CVE-2026-23213.html * https://www.suse.com/security/cve/CVE-2026-23214.html * https://www.suse.com/security/cve/CVE-2026-23221.html * https://www.suse.com/security/cve/CVE-2026-23222.html * https://www.suse.com/security/cve/CVE-2026-23223.html * https://www.suse.com/security/cve/CVE-2026-23224.html * https://www.suse.com/security/cve/CVE-2026-23229.html * https://www.suse.com/security/cve/CVE-2026-23230.html * https://bugzilla.suse.com/show_bug.cgi?id=1234634 * https://bugzilla.suse.com/show_bug.cgi?id=1249590 * https://bugzilla.suse.com/show_bug.cgi?id=1250748 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251966 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252008 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1252911 * https://bugzilla.suse.com/show_bug.cgi?id=1252924 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1253691 * https://bugzilla.suse.com/show_bug.cgi?id=1254817 * https://bugzilla.suse.com/show_bug.cgi?id=1254928 * https://bugzilla.suse.com/show_bug.cgi?id=1255129 * https://bugzilla.suse.com/show_bug.cgi?id=1255144 * https://bugzilla.suse.com/show_bug.cgi?id=1255148 * https://bugzilla.suse.com/show_bug.cgi?id=1255311 * https://bugzilla.suse.com/show_bug.cgi?id=1255490 * https://bugzilla.suse.com/show_bug.cgi?id=1255572 * https://bugzilla.suse.com/show_bug.cgi?id=1255721 * https://bugzilla.suse.com/show_bug.cgi?id=1255868 * https://bugzilla.suse.com/show_bug.cgi?id=1256640 * https://bugzilla.suse.com/show_bug.cgi?id=1256675 * https://bugzilla.suse.com/show_bug.cgi?id=1256679 * https://bugzilla.suse.com/show_bug.cgi?id=1256708 * https://bugzilla.suse.com/show_bug.cgi?id=1256732 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1256802 * https://bugzilla.suse.com/show_bug.cgi?id=1256865 * https://bugzilla.suse.com/show_bug.cgi?id=1256867 * https://bugzilla.suse.com/show_bug.cgi?id=1257154 * https://bugzilla.suse.com/show_bug.cgi?id=1257174 * https://bugzilla.suse.com/show_bug.cgi?id=1257209 * https://bugzilla.suse.com/show_bug.cgi?id=1257222 * https://bugzilla.suse.com/show_bug.cgi?id=1257228 * https://bugzilla.suse.com/show_bug.cgi?id=1257231 * https://bugzilla.suse.com/show_bug.cgi?id=1257246 * https://bugzilla.suse.com/show_bug.cgi?id=1257332 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257551 * https://bugzilla.suse.com/show_bug.cgi?id=1257552 * https://bugzilla.suse.com/show_bug.cgi?id=1257553 * https://bugzilla.suse.com/show_bug.cgi?id=1257554 * https://bugzilla.suse.com/show_bug.cgi?id=1257556 * https://bugzilla.suse.com/show_bug.cgi?id=1257557 * https://bugzilla.suse.com/show_bug.cgi?id=1257559 * https://bugzilla.suse.com/show_bug.cgi?id=1257560 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257562 * https://bugzilla.suse.com/show_bug.cgi?id=1257565 * https://bugzilla.suse.com/show_bug.cgi?id=1257570 * https://bugzilla.suse.com/show_bug.cgi?id=1257572 * https://bugzilla.suse.com/show_bug.cgi?id=1257573 * https://bugzilla.suse.com/show_bug.cgi?id=1257576 * https://bugzilla.suse.com/show_bug.cgi?id=1257579 * https://bugzilla.suse.com/show_bug.cgi?id=1257580 * https://bugzilla.suse.com/show_bug.cgi?id=1257581 * https://bugzilla.suse.com/show_bug.cgi?id=1257586 * https://bugzilla.suse.com/show_bug.cgi?id=1257600 * https://bugzilla.suse.com/show_bug.cgi?id=1257631 * https://bugzilla.suse.com/show_bug.cgi?id=1257635 * https://bugzilla.suse.com/show_bug.cgi?id=1257679 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257686 * https://bugzilla.suse.com/show_bug.cgi?id=1257687 * https://bugzilla.suse.com/show_bug.cgi?id=1257688 * https://bugzilla.suse.com/show_bug.cgi?id=1257704 * https://bugzilla.suse.com/show_bug.cgi?id=1257705 * https://bugzilla.suse.com/show_bug.cgi?id=1257706 * https://bugzilla.suse.com/show_bug.cgi?id=1257707 * https://bugzilla.suse.com/show_bug.cgi?id=1257709 * https://bugzilla.suse.com/show_bug.cgi?id=1257714 * https://bugzilla.suse.com/show_bug.cgi?id=1257715 * https://bugzilla.suse.com/show_bug.cgi?id=1257716 * https://bugzilla.suse.com/show_bug.cgi?id=1257718 * https://bugzilla.suse.com/show_bug.cgi?id=1257722 * https://bugzilla.suse.com/show_bug.cgi?id=1257723 * https://bugzilla.suse.com/show_bug.cgi?id=1257726 * https://bugzilla.suse.com/show_bug.cgi?id=1257729 * https://bugzilla.suse.com/show_bug.cgi?id=1257730 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257734 * https://bugzilla.suse.com/show_bug.cgi?id=1257735 * https://bugzilla.suse.com/show_bug.cgi?id=1257737 * https://bugzilla.suse.com/show_bug.cgi?id=1257739 * https://bugzilla.suse.com/show_bug.cgi?id=1257740 * https://bugzilla.suse.com/show_bug.cgi?id=1257741 * https://bugzilla.suse.com/show_bug.cgi?id=1257742 * https://bugzilla.suse.com/show_bug.cgi?id=1257743 * https://bugzilla.suse.com/show_bug.cgi?id=1257745 * https://bugzilla.suse.com/show_bug.cgi?id=1257749 * https://bugzilla.suse.com/show_bug.cgi?id=1257750 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257757 * https://bugzilla.suse.com/show_bug.cgi?id=1257758 * https://bugzilla.suse.com/show_bug.cgi?id=1257759 * https://bugzilla.suse.com/show_bug.cgi?id=1257761 * https://bugzilla.suse.com/show_bug.cgi?id=1257762 * https://bugzilla.suse.com/show_bug.cgi?id=1257763 * https://bugzilla.suse.com/show_bug.cgi?id=1257765 * https://bugzilla.suse.com/show_bug.cgi?id=1257768 * https://bugzilla.suse.com/show_bug.cgi?id=1257770 * https://bugzilla.suse.com/show_bug.cgi?id=1257772 * https://bugzilla.suse.com/show_bug.cgi?id=1257775 * https://bugzilla.suse.com/show_bug.cgi?id=1257776 * https://bugzilla.suse.com/show_bug.cgi?id=1257788 * https://bugzilla.suse.com/show_bug.cgi?id=1257789 * https://bugzilla.suse.com/show_bug.cgi?id=1257790 * https://bugzilla.suse.com/show_bug.cgi?id=1257805 * https://bugzilla.suse.com/show_bug.cgi?id=1257808 * https://bugzilla.suse.com/show_bug.cgi?id=1257809 * https://bugzilla.suse.com/show_bug.cgi?id=1257811 * https://bugzilla.suse.com/show_bug.cgi?id=1257813 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257815 * https://bugzilla.suse.com/show_bug.cgi?id=1257816 * https://bugzilla.suse.com/show_bug.cgi?id=1257817 * https://bugzilla.suse.com/show_bug.cgi?id=1257818 * https://bugzilla.suse.com/show_bug.cgi?id=1257830 * https://bugzilla.suse.com/show_bug.cgi?id=1257942 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258153 * https://bugzilla.suse.com/show_bug.cgi?id=1258181 * https://bugzilla.suse.com/show_bug.cgi?id=1258184 * https://bugzilla.suse.com/show_bug.cgi?id=1258222 * https://bugzilla.suse.com/show_bug.cgi?id=1258232 * https://bugzilla.suse.com/show_bug.cgi?id=1258234 * https://bugzilla.suse.com/show_bug.cgi?id=1258237 * https://bugzilla.suse.com/show_bug.cgi?id=1258245 * https://bugzilla.suse.com/show_bug.cgi?id=1258249 * https://bugzilla.suse.com/show_bug.cgi?id=1258252 * https://bugzilla.suse.com/show_bug.cgi?id=1258256 * https://bugzilla.suse.com/show_bug.cgi?id=1258258 * https://bugzilla.suse.com/show_bug.cgi?id=1258259 * https://bugzilla.suse.com/show_bug.cgi?id=1258272 * https://bugzilla.suse.com/show_bug.cgi?id=1258273 * https://bugzilla.suse.com/show_bug.cgi?id=1258276 * https://bugzilla.suse.com/show_bug.cgi?id=1258277 * https://bugzilla.suse.com/show_bug.cgi?id=1258279 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258289 * https://bugzilla.suse.com/show_bug.cgi?id=1258290 * https://bugzilla.suse.com/show_bug.cgi?id=1258297 * https://bugzilla.suse.com/show_bug.cgi?id=1258298 * https://bugzilla.suse.com/show_bug.cgi?id=1258299 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258304 * https://bugzilla.suse.com/show_bug.cgi?id=1258308 * https://bugzilla.suse.com/show_bug.cgi?id=1258309 * https://bugzilla.suse.com/show_bug.cgi?id=1258313 * https://bugzilla.suse.com/show_bug.cgi?id=1258317 * https://bugzilla.suse.com/show_bug.cgi?id=1258321 * https://bugzilla.suse.com/show_bug.cgi?id=1258323 * https://bugzilla.suse.com/show_bug.cgi?id=1258324 * https://bugzilla.suse.com/show_bug.cgi?id=1258326 * https://bugzilla.suse.com/show_bug.cgi?id=1258331 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258349 * https://bugzilla.suse.com/show_bug.cgi?id=1258354 * https://bugzilla.suse.com/show_bug.cgi?id=1258355 * https://bugzilla.suse.com/show_bug.cgi?id=1258358 * https://bugzilla.suse.com/show_bug.cgi?id=1258374 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258377 * https://bugzilla.suse.com/show_bug.cgi?id=1258379 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258394 * https://bugzilla.suse.com/show_bug.cgi?id=1258395 * https://bugzilla.suse.com/show_bug.cgi?id=1258397 * https://bugzilla.suse.com/show_bug.cgi?id=1258411 * https://bugzilla.suse.com/show_bug.cgi?id=1258415 * https://bugzilla.suse.com/show_bug.cgi?id=1258419 * https://bugzilla.suse.com/show_bug.cgi?id=1258421 * https://bugzilla.suse.com/show_bug.cgi?id=1258422 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258429 * https://bugzilla.suse.com/show_bug.cgi?id=1258430 * https://bugzilla.suse.com/show_bug.cgi?id=1258442 * https://bugzilla.suse.com/show_bug.cgi?id=1258455 * https://bugzilla.suse.com/show_bug.cgi?id=1258461 * https://bugzilla.suse.com/show_bug.cgi?id=1258464 * https://bugzilla.suse.com/show_bug.cgi?id=1258465 * https://bugzilla.suse.com/show_bug.cgi?id=1258468 * https://bugzilla.suse.com/show_bug.cgi?id=1258469 * https://bugzilla.suse.com/show_bug.cgi?id=1258483 * https://bugzilla.suse.com/show_bug.cgi?id=1258484 * https://bugzilla.suse.com/show_bug.cgi?id=1258489 * https://bugzilla.suse.com/show_bug.cgi?id=1258517 * https://bugzilla.suse.com/show_bug.cgi?id=1258518 * https://bugzilla.suse.com/show_bug.cgi?id=1258519 * https://bugzilla.suse.com/show_bug.cgi?id=1258520 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258544 * https://bugzilla.suse.com/show_bug.cgi?id=1258660 * https://bugzilla.suse.com/show_bug.cgi?id=1258672 * https://bugzilla.suse.com/show_bug.cgi?id=1258824 * https://bugzilla.suse.com/show_bug.cgi?id=1259329 * https://jira.suse.com/browse/PED-11563 * https://jira.suse.com/browse/PED-14156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:37:36 -0000 Subject: SUSE-SU-2026:20930-1: important: Security update for python-pyOpenSSL Message-ID: <177504705630.568.7522656010035632309@634a8d224e68> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:20930-1 Release Date: 2026-03-25T03:41:11Z Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27459 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). * CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-439=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * python313-pyOpenSSL-25.0.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 * https://bugzilla.suse.com/show_bug.cgi?id=1259808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:37:39 -0000 Subject: SUSE-SU-2026:20929-1: important: Security update for python-pyasn1 Message-ID: <177504705965.568.4617033729942882518@634a8d224e68> # Security update for python-pyasn1 Announcement ID: SUSE-SU-2026:20929-1 Release Date: 2026-03-25T03:09:26Z Rating: important References: * bsc#1259803 Cross-References: * CVE-2026-30922 CVSS scores: * CVE-2026-30922 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30922 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-30922 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-pyasn1 fixes the following issue: * CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-438=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * python313-pyasn1-0.6.1-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-30922.html * https://bugzilla.suse.com/show_bug.cgi?id=1259803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:37:46 -0000 Subject: SUSE-SU-2026:20928-1: important: Security update for python-black Message-ID: <177504706622.568.18062556047143768019@634a8d224e68> # Security update for python-black Announcement ID: SUSE-SU-2026:20928-1 Release Date: 2026-03-24T19:41:09Z Rating: important References: * bsc#1259546 * bsc#1259608 Cross-References: * CVE-2026-31900 * CVE-2026-32274 CVSS scores: * CVE-2026-31900 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31900 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31900 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31900 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32274 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32274 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-32274 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32274 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-black fixes the following issues: * CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution (bsc#1259546). * CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name (bsc#1259608). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-437=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * python313-black-25.1.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31900.html * https://www.suse.com/security/cve/CVE-2026-32274.html * https://bugzilla.suse.com/show_bug.cgi?id=1259546 * https://bugzilla.suse.com/show_bug.cgi?id=1259608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:37:50 -0000 Subject: SUSE-SU-2026:20927-1: important: Security update for 389-ds Message-ID: <177504707091.568.8521209867926531868@634a8d224e68> # Security update for 389-ds Announcement ID: SUSE-SU-2026:20927-1 Release Date: 2026-03-24T17:50:31Z Rating: important References: * bsc#1258727 Cross-References: * CVE-2025-14905 CVSS scores: * CVE-2025-14905 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-14905 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-14905 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for 389-ds fixes the following issue: Update to 389-ds 3.0.6~git249.6688af9b2: * CVE-2025-14905: heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` can lead to DoS and RCE (bsc#1258727). Changelog: * Issue 7277 - UI - Fix Japanese translation for "Successfully updated group" in Cockpit UI (#7278) * Issue 7275 - UI - Improve password policy field validation in Cockpit UI (#7276) * Issue 7279 - UI - Fix typo in export certificate dialog (#7280) * Issue 7273 - In a chaining environment binding as remote user causes an invalid error in the logs * Issue 7271 - plugins that create threads need to update active thread count * Issue 5853 - Update concread to 0.5.10 * Issue 7053 - Remove memberof_del_dn_from_groups from MemberOf plugin (#7064) * Issue 7223 - Remove integerOrderingMatch requirement for parentid (#7264) * Issue 7066/7052 - allow password history to be set to zero and remove history * Issue 7223 - Use lexicographical order for ancestorid (#7256) * Issue 7213 - (2nd) MDB_BAD_VALSIZE error while handling VLV (#7258) * Issue 7184 - (2nd) argparse.HelpFormatter _format_actions_usage() is deprecated (#7257) * Issue - CLI - dsctl db2index needs some hardening with MBD * Issue 7248 - CLI - attribute uniqueness - fix usage for exclude subtree option * Issue 7231 - Sync repl tests fail in FIPS mode due to non FIPS compliant crypto (#7232) * Issue 7121 - (2nd) LeakSanitizer: various leaks during replication (#7212) * Issue 6947 - Fix health_system_indexes_test.py * Issue 7076 - Fix revert_cache() never called in modrdn (#7220) * Issue 7076, 6992, 6784, 6214 - Fix CI test failures (#7077) * Issue 7096 - (2nd) During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7205) * Issue 3555 - UI - Fix audit issue with npm - @isaacs/brace-expansion (#7228) * Issue 7223 - Add dsctl index-check command for offline index repair * Issue 7223 - Detect and log index ordering mismatch during backend startup * Issue 7223 - Add upgrade function to remove ancestorid index config entry * Issue 7223 - Add upgrade function to remove nsIndexIDListScanLimit from parentid * Issue 7223 - Revert index scan limits for system indexes * Issue 6542 - RPM build errors on Fedora 42 * Issue 7224 - CI Test - Simplify test_reserve_descriptor_validation (#7225) * Issue 7194 - Repl Log Analysis - Add CSN propagation details (#7195) * Issue 7213 - MDB_BAD_VALSIZE error while handling VLV (#7214) * Issue 7027 - (2nd) 389-ds-base OpenScanHub Leaks Detected (#7211) * Issue 7184 - argparse.HelpFormatter _format_actions_usage() is deprecated * Issue 7198 - Web console doesn't show sub-suffix when parent-suffix points to an entry (#7202) * Issue 7189 - DSBLE0007 generates incorrect remediation commands for scan limits * Bump lodash from 4.17.21 to 4.17.23 in /src/cockpit/389-console (#7203) * Issue 7172 - (2nd) Index ordering mismatch after upgrade (#7180) * Issue 7172 - Index ordering mismatch after upgrade (#7173) * Issue - Revise paged result search locking * Issue 7096 - During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7145) * Revert "Issue 7160 - Add lib389 version sync check to configure (#7165)" * Issue 7160 - Add lib389 version sync check to configure (#7165) * Issue 7049 - RetroCL plugin generates invalid LDIF * Issue 7150 - Compressed access log rotations skipped, accesslog-list out of sync (#7151) * Restore definition for slapi_entry_attr_get_valuearray * Issue 1793 - RFE - Dynamic lists - UI and CLI updates * Issue 7119 - Fix DNA shared config replication test (#7143) * Issue 7081 - Repl Log Analysis - Implement data sampling with performance and timezone fixes (#7086) * Issue 1793 - RFE - Implement dynamic lists * Issue 6753 - Port ticket tests * Issue 6753 - Port and fix ticket 47823 tests * Issue 6753 - Add 'add_exclude_subtree' and 'remove_exclude_subtree' methods to Attribute uniqueness plugin * Issue 6753 - Port ticket test 48026 * Issue 7128 - memory corruption in alias entry plugin (#7131) * Issue 7091 - Duplicate local password policy entries listed (#7092) * Issue 7124 - BDB cursor race condition with transaction isolation (#7125) * Issue 7132 - Keep alive entry updated too soon after an offline import (#7133) * Issue 7121 - LeakSanitizer: various leaks during replication (#7122) * Issue 7115 - LeakSanitizer: leak in `slapd_bind_local_user()` (#7116) * Issue 7109 - AddressSanitizer: SEGV ldap/servers/slapd/csnset.c:302 in csnset_dup (#7114) * Issue 7056 - DSBLE0007 doesn't generate remediation steps for missing indexes * Issue 7119 - Harden DNA plugin locking for shared server list operations (#7120) * Issue 7084 - UI - schema - sorting attributes breaks expanded row * Issue 7007 - Improve paged result search locking * Issue 3555 - UI - Fix audit issue with npm - glob (#7107) * Issue 6846 - Attribute uniqueness is not enforced with modrdn (#7026) * Issue 6901 - Update changelog trimming logging - fix tests * Issue 6901 - Update changelog trimming logging * Bump js-yaml from 4.1.0 to 4.1.1 in /src/cockpit/389-console (#7097) * Issue 7069 - Fix error reporting in HAProxy trusted IP parsing (#7094) * Issue 7055 - Online initialization of consumers fails with error -23 (#7075) * Issue 7042 - Enable global_backend_lock when memberofallbackend is enabled (#7043) * Issue 7078 - audit json logging does not encode binary values * Issue 7069 - Add Subnet/CIDR Support for HAProxy Trusted IPs (#7070) * Issue 6660 - CLI, UI - Improve replication log analyzer usability (#7062) * Issue 7065 - A search filter containing a non normalized DN assertion does not return matching entries (#7068) * Issue 7071 - search filter (&(cn:dn:=groups)) no longer returns results * Issue 7073 - Add NDN cache size configuration and enforcement tests (#7074) * Issue 7041 - CLI/UI - memberOf - no way to add/remove specific group filters * Issue 7061 - CLI/UI - Improve error messages for dsconf localpwp list * Issue 7059 - UI - unable to upload pem file * Issue 7032 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue (#7036) * Issue 7047 - MemberOf plugin logs null attribute name on fixup task completion (#7048) * Issue 7044 - RFE - index sudoHost by default (#7046) * Issue 6979 - Improve the way to detect asynchronous operations in the access logs (#6980) * Issue 7035 - RFE - memberOf - adding scoping for specific groups * Issue - CLI/UI - Add option to delete all replication conflict entries * Issue 7033 - lib389 - basic plugin status not in JSON * Issue 7023 - UI - if first instance that is loaded is stopped it breaks parts of the UI * Issue 7027 - 389-ds-base OpenScanHub Leaks Detected (#7028) * Issue 6966 - On large DB, unlimited IDL scan limit reduce the SRCH performance (#6967) * Issue 6660 - UI - Improve replication log analysis charts and usability (#6968) * Issue 6982 - UI - MemberOf shared config does not validate DN properly (#6983) * Issue 7021 - Units for changing MDB max size are not consistent across different tools (#7022) * Issue 6954 - do not delete referrals on chain_on_update backend * Issue 7018 - BUG - prevent stack depth being hit (#7019) * Issue 6928 - The parentId attribute is indexed with improper matching rule * Issue 6933 - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default (#6935) * Issue 6904 - Fix config_test.py::test_lmdb_config * Issue 7014 - memberOf - ignored deferred updates with LMDB * Issue 7012 - improve dscrl dbverify result when backend does not exists (#7013) * Issue 6929 - Compilation failure with rust-1.89 on Fedora ELN * Issue 6990 - UI - Replace deprecated Select components with new TypeaheadSelect (#6996) * Issue 6990 - UI - Fix typeahead Select fields losing values on Enter keypress (#6991) * Issue 6887 - Enhance logconv.py to add support for JSON access logs (#6889) * Issue 6985 - Some logconv CI tests fail with BDB (#6986) * Issue 6891 - JSON logging - add wrapper function that checks for NULL * Issue 6977 - UI - Show error message when trying to use unavailable ports (#6978) * Issue 6956 - More UI fixes * Issue 6947 - Revise time skew check in healthcheck tool and add option to exclude checks * Issue 6805 - RFE - Multiple backend entry cache tuning * Issue 6843 - Add CI tests for logconv.py (#6856) * Issue - UI - update Radio handlers and LDAP entries last modified time * Issue 6660 - UI - Fix minor typo (#6955) * Issue 6910 - Fix latest coverity issues * Issue 6919 - numSubordinates/tombstoneNumSubordinates are inconsisten... (#6920) * Issue 6663 - Fix NULL subsystem crash in JSON error logging (#6883) * Issue 6940 - dsconf monitor server fails with ldapi:// due to absent server ID (#6941) * Issue 6936 - Make user/subtree policy creation idempotent (#6937) * Issue 6865 - AddressSanitizer: leak in agmt_update_init_status * Issue 6848 - AddressSanitizer: leak in do_search * Issue 6850 - AddressSanitizer: memory leak in mdb_init * Issue 6778 - Memory leak in roles_cache_create_object_from_entry part 2 * Issue 6778 - Memory leak in roles_cache_create_object_from_entry * Issue 6181 - RFE - Allow system to manage uid/gid at startup * Issues 6913, 6886, 6250 - Adjust xfail marks (#6914) * Issue 6768 - ns-slapd crashes when a referral is added (#6780) * Issue 6468 - CLI - Fix default error log level * Issue 6339 - Address Coverity scan issues in memberof and bdb_layer (#6353) * Issue 6897 - Fix disk monitoring test failures and improve test maintainability (#6898) * Issue 6884 - Mask password hashes in audit logs (#6885) * Issue 6594 - Add test for numSubordinates replication consistency with tombstones (#6862) * Issue 6250 - Add test for entryUSN overflow on failed add operations (#6821) * Issue 6895 - Crash if repl keep alive entry can not be created * Issue 6893 - Log user that is updated during password modify extended operation * Issue 6772 - dsconf - Replicas with the "consumer" role allow for viewing and modification of their changelog. (#6773) * Issue 6888 - Missing access JSON logging for TLS/Client auth * Issue 6680 - instance read-only mode is broken (#6681) * Issue 6878 - Prevent repeated disconnect logs during shutdown (#6879) * Issue 6872 - compressed log rotation creates files with world readable permission * Issue 6859 - str2filter is not fully applying matching rules * Issue 6868 - UI - schema attribute table expansion break after moving to a new page * Issue 6854 - Refactor for improved data management (#6855) * Issue 6756 - CLI, UI - Properly handle disabled NDN cache (#6757) * Issue 6857 - uiduniq: allow specifying match rules in the filter * Issue 6838 - lib389/replica.py is using nonexistent datetime.UTC in Python 3.9 * Issue 6822 - Backend creation cleanup and Database UI tab error handling (#6823) * Issue 6782 - Improve paged result locking * Issue 6825 - RootDN Access Control Plugin with wildcards for IP addre... (#6826) * Issue 6736 - Exception thrown by dsconf instance repl get_ruv (#6742) * Issue 6819 - Incorrect pwdpolicysubentry returned for an entry with user password policy * Issue 6553 - Update concread to 0.5.6 (#6824) * Issue 1081 - Add a CI test (#6063) * Issue 6761 - Password modify extended operation should skip password policy checks when executed by root DN * Issue 6791 - crash in liblmdb during instance shutdown (#6793) * Issue 6641 - modrdn fails when a user is member of multiple groups (#6643) * Issue 6776 - Enabling audit log makes slapd coredump * Issue 6534 - CI fails with Fedora 41 and DNF5 * Issue 6787 - Improve error message when bulk import connection is closed * Issue 6727 - RFE - database compaction interval should be persistent * Issue 6438 - Add basic dsidm organizational unit tests * Issue 6439 - Fix dsidm service get_dn option * Issue 5120 - ns-slapd doesn't start in referral mode (#6763) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-434=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * 389-ds-snmp-debuginfo-3.0.6~git249.6688af9b2-160000.1.1 * libsvrcore0-debuginfo-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-debuginfo-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-snmp-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-devel-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-debugsource-3.0.6~git249.6688af9b2-160000.1.1 * lib389-3.0.6~git249.6688af9b2-160000.1.1 * libsvrcore0-3.0.6~git249.6688af9b2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14905.html * https://bugzilla.suse.com/show_bug.cgi?id=1258727 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:38:00 -0000 Subject: SUSE-SU-2026:20926-1: important: Security update for tomcat11 Message-ID: <177504708011.568.11540796631092847223@634a8d224e68> # Security update for tomcat11 Announcement ID: SUSE-SU-2026:20926-1 Release Date: 2026-03-24T16:08:32Z Rating: important References: * bsc#1253460 * bsc#1258371 * bsc#1258385 * bsc#1258387 Cross-References: * CVE-2025-66614 * CVE-2026-24733 * CVE-2026-24734 CVSS scores: * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2026-24733 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24733 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24733 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-24733 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24734 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-24734 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-24734 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: * CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). * CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). * CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: * Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) * Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) * Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) * Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) * Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) * Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) * Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) * Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) * Fix: Add log warnings for additional Host appBase suspicious values. (remm) * Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) * Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) * Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) * Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) * Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) * Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Cluster * Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering * Fix: Correct a regression introduced in 11.0.11 that broke some clustering configurations. (markt) * Coyote * Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) * Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) * Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) * Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) * Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) * Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) * Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) * Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) * Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) * Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) * Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) * Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) * Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. * Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) * Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) * Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) * Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) * Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) * Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) * Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. * Jasper * Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) * Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) * Fix: Fix populating the classpath with the webapp classloader repositories. (remm) * Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool * Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications * Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) * Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) * Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket * Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Other * Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) * Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) * Update: Update the internal fork of Commons Pool to 2.13.1. (markt) * Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) * Update: Update Commons Daemon to 1.5.1. (markt) * Update: Update to the Eclipse JDT compiler 4.37. (markt) * Update: Update ByteBuddy to 1.18.3. (markt) * Update: Update UnboundID to 7.0.4. (markt) * Update: Update Checkstyle to 12.3.1. (markt) * Add: Improvements to French translations. (markt) * Add: Improvements to Japanese translations provided by tak7iji. (markt) * Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) * Update: Update Tomcat Native to 2.0.12. (markt) * Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile= to run specific test subsets without using patterns directly. Profile patterns are defined in test- profiles.properties. (csutherl) * Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) * Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) * Update: Update Commons Daemon to 1.5.0. (markt) * Update: Update Byte Buddy to 1.18.2. (markt) * Update: Update Checkstyle to 12.2.0. (markt) * Add: Improvements to Spanish translations provided by White Vogel. (markt) * Add: Improvements to French translations. (remm) * Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) * Update: Update to Byte Buddy 1.17.8. (markt) * Update: Update to Checkstyle 12.1.1. (markt) * Update: Update to Jacoco 0.8.14. (markt) * Update: Update to SpotBugs 4.9.8. (markt) * Update: Update to JSign 7.4. (markt) * Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-433=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * tomcat11-servlet-6_1-api-11.0.18-160000.1.1 * tomcat11-el-6_0-api-11.0.18-160000.1.1 * tomcat11-jsp-4_0-api-11.0.18-160000.1.1 * tomcat11-docs-webapp-11.0.18-160000.1.1 * tomcat11-webapps-11.0.18-160000.1.1 * tomcat11-11.0.18-160000.1.1 * tomcat11-jsvc-11.0.18-160000.1.1 * tomcat11-admin-webapps-11.0.18-160000.1.1 * tomcat11-doc-11.0.18-160000.1.1 * tomcat11-embed-11.0.18-160000.1.1 * tomcat11-lib-11.0.18-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24733.html * https://www.suse.com/security/cve/CVE-2026-24734.html * https://bugzilla.suse.com/show_bug.cgi?id=1253460 * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1258385 * https://bugzilla.suse.com/show_bug.cgi?id=1258387 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:38:02 -0000 Subject: SUSE-SU-2026:20925-1: important: Security update for nghttp2 Message-ID: <177504708297.568.18324207017266919102@634a8d224e68> # Security update for nghttp2 Announcement ID: SUSE-SU-2026:20925-1 Release Date: 2026-03-24T12:30:27Z Rating: important References: * bsc#1259845 Cross-References: * CVE-2026-27135 CVSS scores: * CVE-2026-27135 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27135 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issue: * CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-432=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libnghttp2-devel-1.64.0-160000.3.1 * libnghttp2-14-debuginfo-1.64.0-160000.3.1 * libnghttp2-14-1.64.0-160000.3.1 * nghttp2-1.64.0-160000.3.1 * nghttp2-debuginfo-1.64.0-160000.3.1 * nghttp2-debugsource-1.64.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27135.html * https://bugzilla.suse.com/show_bug.cgi?id=1259845 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:38:19 -0000 Subject: SUSE-SU-2026:20923-1: important: Security update for exiv2 Message-ID: <177504709909.568.8023156975349528928@634a8d224e68> # Security update for exiv2 Announcement ID: SUSE-SU-2026:20923-1 Release Date: 2026-03-23T09:44:37Z Rating: important References: * bsc#1219870 * bsc#1219871 * bsc#1227528 * bsc#1237347 * bsc#1248962 * bsc#1248963 * bsc#1259083 * bsc#1259084 * bsc#1259085 Cross-References: * CVE-2024-24826 * CVE-2024-25112 * CVE-2024-39695 * CVE-2025-26623 * CVE-2025-54080 * CVE-2025-55304 * CVE-2026-25884 * CVE-2026-27596 * CVE-2026-27631 CVSS scores: * CVE-2024-24826 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-24826 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-24826 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-25112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-25112 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-25112 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-39695 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2024-39695 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-26623 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-26623 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-26623 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-54080 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-54080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54080 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-55304 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-55304 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-55304 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25884 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25884 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-25884 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-27596 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27596 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27596 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27631 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27631 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27631 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: * CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder (bsc#1219870). * CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder (bsc#1219871). * CVE-2024-39695: out-of-bounds read in AsfVideo: streamProperties (bsc#1227528). * CVE-2025-26623: heap buffer overflow via writing metadata into a crafted image file (bsc#1237347). * CVE-2025-54080: out-of-bounds read in `Exiv2: EpsImage: writeMetadata()` when writing metadata into a crafted image file (bsc#1248962). * CVE-2025-55304: quadratic performance algorithm in the ICC profile parsing code of `JpegBase: readMetadata` (bsc#1248963). * CVE-2026-25884: out-of-bounds read in `CrwMap: decode0x0805` (bsc#1259083). * CVE-2026-27596: integer overflow in `LoaderNative: getData()` leads to out- of-bounds read (bsc#1259084). * CVE-2026-27631: crash due to uncaught exception when trying to create `std: vector` larger than `max_size()` (bsc#1259085). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-424=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * exiv2-debugsource-0.28.8-160000.1.1 * libexiv2-28-0.28.8-160000.1.1 * libexiv2-28-debuginfo-0.28.8-160000.1.1 * exiv2-debuginfo-0.28.8-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * libexiv2-28-x86-64-v3-0.28.8-160000.1.1 * libexiv2-28-x86-64-v3-debuginfo-0.28.8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-24826.html * https://www.suse.com/security/cve/CVE-2024-25112.html * https://www.suse.com/security/cve/CVE-2024-39695.html * https://www.suse.com/security/cve/CVE-2025-26623.html * https://www.suse.com/security/cve/CVE-2025-54080.html * https://www.suse.com/security/cve/CVE-2025-55304.html * https://www.suse.com/security/cve/CVE-2026-25884.html * https://www.suse.com/security/cve/CVE-2026-27596.html * https://www.suse.com/security/cve/CVE-2026-27631.html * https://bugzilla.suse.com/show_bug.cgi?id=1219870 * https://bugzilla.suse.com/show_bug.cgi?id=1219871 * https://bugzilla.suse.com/show_bug.cgi?id=1227528 * https://bugzilla.suse.com/show_bug.cgi?id=1237347 * https://bugzilla.suse.com/show_bug.cgi?id=1248962 * https://bugzilla.suse.com/show_bug.cgi?id=1248963 * https://bugzilla.suse.com/show_bug.cgi?id=1259083 * https://bugzilla.suse.com/show_bug.cgi?id=1259084 * https://bugzilla.suse.com/show_bug.cgi?id=1259085 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:38:21 -0000 Subject: SUSE-SU-2026:20922-1: moderate: Security update for harfbuzz Message-ID: <177504710192.568.12463500191327760909@634a8d224e68> # Security update for harfbuzz Announcement ID: SUSE-SU-2026:20922-1 Release Date: 2026-03-20T15:26:24Z Rating: moderate References: * bsc#1256459 Cross-References: * CVE-2026-22693 CVSS scores: * CVE-2026-22693 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22693 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22693 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: * CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459). Other fixes: * Bug fixes for ?AAT? shaping, and other shaping micro optimizations. * Fix a shaping regression affecting mark glyphs in certain fonts. * Fix pruning of mark filtering sets when subsetting fonts, which caused changes in shaping behaviour. * Make shaping fail much faster for certain malformed fonts (e.g., those that trigger infinite recursion). * Fix undefined behaviour introduced in 11.4.2. * Fix detection of the ?Cambria Math? font when fonts are scaled, so the workaround for the bad MATH table constant is applied. * Various performance and memory usage improvements. * The hb-shape command line tool can now be built with the amalgamated harfbuzz.cc source. * Fix regression in handling version 2 of avar table. * Increase various buffer length limits for better handling of fonts that generate huge number of glyphs per codepoint (e.g. Noto Sans Duployan). * Improvements to the harfrust shaper for more accurate testing. * Fix clang compiler warnings. * General shaping and subsetting speedups. * Fix in Graphite shaping backend when glyph advances became negative. * Subsetting improvements, pruning empty mark-attachment lookups. * Don't use the macro name _S, which is reserved by system liberaries. * Build fixes and speedup. * Add a kbts shaping backend that calls into the kb_text_shape single-header shaping library. This is purely for testing and performance evaluation and we do NOT recommend using it for any other purposes. * Fix bug in vertical shaping of fonts without the vmtx table. * Fix build with non-compliant C++11 compilers that don't recognize the "and" keyword. * Fix crasher in the glyph_v_origin function introduced in 11.3.0. * Speed up handling fonts with very large number of variations. * Speed up getting horizontal and vertical glyph advances by up to 24%. * Significantly speed up vertical text shaping. * Various documentation improvements. * Various build improvements. * Various subsetting improvements. * Various improvements to Rust font functions (fontations integration) and shaper (HarfRust integration). * Rename harfruzz option and shaper to harfrust following upstream rename. * Implement hb_face_reference_blob() for DirectWrite font functions. * Various build improvements. * Fix build with HB_NO_DRAW and HB_NO_PAINT. * Add an optional harfruzz shaper that uses HarfRuzz; an ongoing Rust port of HarfBuzz shaping. This shaper is mainly used for testing the output of the Rust implementation. * Fix regression that caused applying unsafe_to_break() to the whole buffer to be ignored. * Update USE data files. * Fix getting advances of out-of-rage glyph indices in DirectWrite font functions. * Painting of COLRv1 fonts without clip boxes is now about 10 times faster. * Synthetic bold/slant of a sub font is now respected, instead of using the parent?s. * Glyph extents for fonts synthetic bold/slant are now accurately calculated. * Various build fixes. * Include bidi mirroring variants of the requested codepoints when subsetting. The new HB_SUBSET_FLAGS_NO_BIDI_CLOSURE can be used to disable this behaviour. * Various bug fixes. * Various build fixes and improvements. * Various test suite improvements. * The change in version 10.3.0 to apply ?trak? table tracking values to glyph advances directly has been reverted as it required every font functions implementation to handle it, which breaks existing custom font functions. Tracking is instead back to being applied during shaping. * When directwrite integration is enabled, we now link to dwrite.dll instead of dynamically loading it. * A new experimental APIs for getting raw ?CFF? and ?CFF2? CharStrings. * We now provide manpages for the various command line utilities. Building manpages requires ?help2man? and will be skipped if it is not present. * The command line utilities now set different return value for different kinds of failures. Details are provided in the manpages. * Various fixes and improvements to fontations font functions. * All shaping operations using the ot shaper have become memory allocation- free. * Glyph extents returned by hb-ot and hb-ft font functions are now rounded in stead of flooring/ceiling them, which also matches what other font libraries do. * Fix ?AAT? deleted glyph marks interfering with fallback mark positioning. * Glyph outlines emboldening have been moved out of hb-ot and hb-ft font functions to the HarfBuzz font layer, so that it works with any font functions implementation. * Fix our fallback C++11 atomics integration, which seems to not be widely used. * Various testing fixes and improvements. * Various subsetting fixes and improvements. * Various other fixes and improvements. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-423=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * harfbuzz-debugsource-11.4.5-160000.1.1 * libharfbuzz-cairo0-debuginfo-11.4.5-160000.1.1 * harfbuzz-tools-11.4.5-160000.1.1 * libharfbuzz-subset0-debuginfo-11.4.5-160000.1.1 * libharfbuzz0-debuginfo-11.4.5-160000.1.1 * libharfbuzz-gobject0-debuginfo-11.4.5-160000.1.1 * libharfbuzz-icu0-11.4.5-160000.1.1 * typelib-1_0-HarfBuzz-0_0-11.4.5-160000.1.1 * libharfbuzz-icu0-debuginfo-11.4.5-160000.1.1 * libharfbuzz-gobject0-11.4.5-160000.1.1 * harfbuzz-tools-debuginfo-11.4.5-160000.1.1 * libharfbuzz0-11.4.5-160000.1.1 * libharfbuzz-cairo0-11.4.5-160000.1.1 * harfbuzz-devel-11.4.5-160000.1.1 * libharfbuzz-subset0-11.4.5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22693.html * https://bugzilla.suse.com/show_bug.cgi?id=1256459 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:38:42 -0000 Subject: SUSE-SU-2026:20921-1: important: Security update for postgresql18 Message-ID: <177504712285.568.12768007276507853581@634a8d224e68> # Security update for postgresql18 Announcement ID: SUSE-SU-2026:20921-1 Release Date: 2026-03-20T14:50:43Z Rating: important References: * bsc#1258008 * bsc#1258009 * bsc#1258010 * bsc#1258011 * bsc#1258012 * bsc#1258754 Cross-References: * CVE-2026-2003 * CVE-2026-2004 * CVE-2026-2005 * CVE-2026-2006 * CVE-2026-2007 CVSS scores: * CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2007 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-2007 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves five vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql18 fixes the following issues: * Update to version 18.3. (bsc#1258754) * CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) * CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) * CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) * CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) * CVE-2026-2007: Harden contrib/pg_trgm against changes in string lowercasing behavior. (bsc#1258012) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-422=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * postgresql18-server-18.3-160000.1.1 * postgresql18-debuginfo-18.3-160000.1.1 * libpq5-debuginfo-18.3-160000.1.1 * postgresql18-server-debuginfo-18.3-160000.1.1 * postgresql18-server-devel-18.3-160000.1.1 * postgresql18-plperl-18.3-160000.1.1 * postgresql18-18.3-160000.1.1 * postgresql18-plpython-debuginfo-18.3-160000.1.1 * postgresql18-contrib-18.3-160000.1.1 * postgresql18-contrib-debuginfo-18.3-160000.1.1 * libecpg6-debuginfo-18.3-160000.1.1 * libecpg6-18.3-160000.1.1 * postgresql18-devel-18.3-160000.1.1 * postgresql18-pltcl-18.3-160000.1.1 * postgresql18-debugsource-18.3-160000.1.1 * postgresql18-devel-debuginfo-18.3-160000.1.1 * postgresql18-pltcl-debuginfo-18.3-160000.1.1 * libpq5-18.3-160000.1.1 * postgresql18-plpython-18.3-160000.1.1 * postgresql18-plperl-debuginfo-18.3-160000.1.1 * postgresql18-server-devel-debuginfo-18.3-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * postgresql18-docs-18.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2003.html * https://www.suse.com/security/cve/CVE-2026-2004.html * https://www.suse.com/security/cve/CVE-2026-2005.html * https://www.suse.com/security/cve/CVE-2026-2006.html * https://www.suse.com/security/cve/CVE-2026-2007.html * https://bugzilla.suse.com/show_bug.cgi?id=1258008 * https://bugzilla.suse.com/show_bug.cgi?id=1258009 * https://bugzilla.suse.com/show_bug.cgi?id=1258010 * https://bugzilla.suse.com/show_bug.cgi?id=1258011 * https://bugzilla.suse.com/show_bug.cgi?id=1258012 * https://bugzilla.suse.com/show_bug.cgi?id=1258754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:38:46 -0000 Subject: SUSE-SU-2026:20920-1: moderate: Security update for python-orjson Message-ID: <177504712676.568.421954034568892811@634a8d224e68> # Security update for python-orjson Announcement ID: SUSE-SU-2026:20920-1 Release Date: 2026-03-20T12:07:21Z Rating: moderate References: * bsc#1257121 Cross-References: * CVE-2025-67221 CVSS scores: * CVE-2025-67221 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67221 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67221 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-orjson fixes the following issues: * CVE-2025-67221: Fixed write outsize of allocated memory on json dump (bsc#1257121). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-421=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * python313-orjson-3.10.15-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67221.html * https://bugzilla.suse.com/show_bug.cgi?id=1257121 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:38:50 -0000 Subject: SUSE-SU-2026:20919-1: important: Security update for python-tornado6 Message-ID: <177504713080.568.17016804999896231841@634a8d224e68> # Security update for python-tornado6 Announcement ID: SUSE-SU-2026:20919-1 Release Date: 2026-03-20T10:53:33Z Rating: important References: * bsc#1259553 * bsc#1259630 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for python-tornado6 fixes the following issues: * CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). * incomplete validation of cookie attributes allows for injection of user- controlled values in other cookie attributes (bsc#1259630). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-420=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * python313-tornado6-debuginfo-6.5-160000.4.1 * python313-tornado6-6.5-160000.4.1 * python-tornado6-debugsource-6.5-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259630 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:38:57 -0000 Subject: SUSE-SU-2026:20918-1: important: Security update for curl Message-ID: <177504713791.568.13055515027526332795@634a8d224e68> # Security update for curl Announcement ID: SUSE-SU-2026:20918-1 Release Date: 2026-03-20T09:36:45Z Rating: important References: * bsc#1259362 * bsc#1259363 * bsc#1259364 * bsc#1259365 Cross-References: * CVE-2026-1965 * CVE-2026-3783 * CVE-2026-3784 * CVE-2026-3805 CVSS scores: * CVE-2026-1965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-1965 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-1965 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3783 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-3783 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-3783 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-3784 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-3784 ( SUSE ): 4.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N * CVE-2026-3784 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3805 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-3805 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-3805 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). * CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). * CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). * CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-418=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.14.1-160000.5.1 * libcurl4-8.14.1-160000.5.1 * curl-mini-debugsource-8.14.1-160000.5.1 * curl-debuginfo-8.14.1-160000.5.1 * libcurl4-debuginfo-8.14.1-160000.5.1 * curl-8.14.1-160000.5.1 * libcurl-devel-8.14.1-160000.5.1 * libcurl-mini4-debuginfo-8.14.1-160000.5.1 * libcurl-mini4-8.14.1-160000.5.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * curl-zsh-completion-8.14.1-160000.5.1 * libcurl-devel-doc-8.14.1-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1965.html * https://www.suse.com/security/cve/CVE-2026-3783.html * https://www.suse.com/security/cve/CVE-2026-3784.html * https://www.suse.com/security/cve/CVE-2026-3805.html * https://bugzilla.suse.com/show_bug.cgi?id=1259362 * https://bugzilla.suse.com/show_bug.cgi?id=1259363 * https://bugzilla.suse.com/show_bug.cgi?id=1259364 * https://bugzilla.suse.com/show_bug.cgi?id=1259365 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:39:24 -0000 Subject: SUSE-SU-2026:20917-1: important: Security update for ImageMagick Message-ID: <177504716400.568.13035047470774469114@634a8d224e68> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:20917-1 Release Date: 2026-03-20T09:31:54Z Rating: important References: * bsc#1258790 * bsc#1259446 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259464 * bsc#1259466 * bsc#1259467 * bsc#1259468 * bsc#1259469 * bsc#1259497 * bsc#1259528 Cross-References: * CVE-2026-24484 * CVE-2026-28493 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30929 * CVE-2026-30931 * CVE-2026-30935 * CVE-2026-30936 * CVE-2026-30937 * CVE-2026-31853 CVSS scores: * CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28493 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28493 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28493 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30929 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30929 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30929 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-30929 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30931 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30931 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30931 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30935 ( SUSE ): 4.8 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-30935 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30935 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30936 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). * CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469). * CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497). * CVE-2026-30936: heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464). * CVE-2026-30937: heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-419=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libMagick++-devel-7.1.2.0-160000.7.1 * perl-PerlMagick-7.1.2.0-160000.7.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.2.0-160000.7.1 * ImageMagick-extra-7.1.2.0-160000.7.1 * ImageMagick-debugsource-7.1.2.0-160000.7.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.2.0-160000.7.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.2.0-160000.7.1 * libMagickWand-7_Q16HDRI10-7.1.2.0-160000.7.1 * perl-PerlMagick-debuginfo-7.1.2.0-160000.7.1 * ImageMagick-extra-debuginfo-7.1.2.0-160000.7.1 * libMagickCore-7_Q16HDRI10-7.1.2.0-160000.7.1 * libMagick++-7_Q16HDRI5-7.1.2.0-160000.7.1 * ImageMagick-7.1.2.0-160000.7.1 * ImageMagick-devel-7.1.2.0-160000.7.1 * ImageMagick-debuginfo-7.1.2.0-160000.7.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * ImageMagick-config-7-upstream-open-7.1.2.0-160000.7.1 * ImageMagick-config-7-upstream-limited-7.1.2.0-160000.7.1 * ImageMagick-config-7-upstream-secure-7.1.2.0-160000.7.1 * ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.7.1 * ImageMagick-config-7-SUSE-7.1.2.0-160000.7.1 * ImageMagick-doc-7.1.2.0-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24484.html * https://www.suse.com/security/cve/CVE-2026-28493.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30929.html * https://www.suse.com/security/cve/CVE-2026-30931.html * https://www.suse.com/security/cve/CVE-2026-30935.html * https://www.suse.com/security/cve/CVE-2026-30936.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://bugzilla.suse.com/show_bug.cgi?id=1258790 * https://bugzilla.suse.com/show_bug.cgi?id=1259446 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259464 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259468 * https://bugzilla.suse.com/show_bug.cgi?id=1259469 * https://bugzilla.suse.com/show_bug.cgi?id=1259497 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:39:29 -0000 Subject: SUSE-SU-2026:20916-1: important: Security update for vim Message-ID: <177504716975.568.3467988432790302955@634a8d224e68> # Security update for vim Announcement ID: SUSE-SU-2026:20916-1 Release Date: 2026-03-20T03:15:00Z Rating: important References: * bsc#1246602 * bsc#1258229 * bsc#1259051 Cross-References: * CVE-2025-53906 * CVE-2026-26269 * CVE-2026-28417 CVSS scores: * CVE-2025-53906 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L * CVE-2025-53906 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2025-53906 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2026-26269 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-26269 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26269 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-28417 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28417 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-28417 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-28417 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update Vim to version 9.2.0110 that includes security fixes for: * CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). * CVE-2026-26269: stack buffer overflow in Vim's NetBeans integration when processing the specialKeys command (bsc#1258229). * CVE-2025-53906: path traversal in Vim's zip.vim plugin (bsc#1246602). * Other changes: * Add wayland-client to BuildRequires and enable Wayland support. * Add Wayland include path to CFLAGS to fix clipboard compilation. * Package new Swedish (sv) man pages and clean up duplicate encodings (sv.ISO8859-1 and sv.UTF-8). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-417=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.2.0110-160000.1.1 * vim-debugsource-9.2.0110-160000.1.1 * vim-9.2.0110-160000.1.1 * vim-small-debuginfo-9.2.0110-160000.1.1 * xxd-9.2.0110-160000.1.1 * xxd-debuginfo-9.2.0110-160000.1.1 * gvim-debuginfo-9.2.0110-160000.1.1 * vim-small-9.2.0110-160000.1.1 * gvim-9.2.0110-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * vim-data-common-9.2.0110-160000.1.1 * vim-data-9.2.0110-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-53906.html * https://www.suse.com/security/cve/CVE-2026-26269.html * https://www.suse.com/security/cve/CVE-2026-28417.html * https://bugzilla.suse.com/show_bug.cgi?id=1246602 * https://bugzilla.suse.com/show_bug.cgi?id=1258229 * https://bugzilla.suse.com/show_bug.cgi?id=1259051 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:39:34 -0000 Subject: SUSE-SU-2026:20915-1: important: Security update for gstreamer-plugins-ugly Message-ID: <177504717428.568.1865804527615166490@634a8d224e68> # Security update for gstreamer-plugins-ugly Announcement ID: SUSE-SU-2026:20915-1 Release Date: 2026-03-19T13:48:14Z Rating: important References: * bsc#1259367 * bsc#1259370 Cross-References: * CVE-2026-2920 * CVE-2026-2922 CVSS scores: * CVE-2026-2920 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-2920 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-2922 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-2922 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-ugly fixes the following issues: * CVE-2026-2920: GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability (bsc#1259367). * CVE-2026-2922: GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability (bsc#1259370). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-416=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-ugly-debugsource-1.26.7-160000.2.1 * gstreamer-plugins-ugly-1.26.7-160000.2.1 * gstreamer-plugins-ugly-debuginfo-1.26.7-160000.2.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * gstreamer-plugins-ugly-lang-1.26.7-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2920.html * https://www.suse.com/security/cve/CVE-2026-2922.html * https://bugzilla.suse.com/show_bug.cgi?id=1259367 * https://bugzilla.suse.com/show_bug.cgi?id=1259370 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:39:39 -0000 Subject: SUSE-SU-2026:20913-1: moderate: Security update for libsodium Message-ID: <177504717994.568.7391052772631757092@634a8d224e68> # Security update for libsodium Announcement ID: SUSE-SU-2026:20913-1 Release Date: 2026-03-19T08:18:59Z Rating: moderate References: * bsc#1256070 Cross-References: * CVE-2025-15444 CVSS scores: * CVE-2025-15444 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-15444 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for libsodium fixes the following issues: * CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-413=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libsodium26-1.0.20-160000.3.1 * libsodium-debugsource-1.0.20-160000.3.1 * libsodium26-debuginfo-1.0.20-160000.3.1 * libsodium-devel-1.0.20-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15444.html * https://bugzilla.suse.com/show_bug.cgi?id=1256070 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:39:42 -0000 Subject: SUSE-SU-2026:20912-1: critical: Security update for keylime Message-ID: <177504718263.568.7654800407057270618@634a8d224e68> # Security update for keylime Announcement ID: SUSE-SU-2026:20912-1 Release Date: 2026-03-19T08:18:59Z Rating: critical References: * bsc#1257895 * jsc#PED-14735 Cross-References: * CVE-2026-1709 CVSS scores: * CVE-2026-1709 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-1709 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-1709 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-1709 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for keylime fixes the following issues: * Update to version 7.14.0+0 (CVE-2026-1709, bsc#1257895): * CVE-2026-1709: Fixed an authentication bypass which may allow unauthorized administrative operations due to missing client-side TLS authentication. (bsc#1257895) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-412=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * keylime-logrotate-7.14.0+0-160000.1.1 * keylime-registrar-7.14.0+0-160000.1.1 * keylime-firewalld-7.14.0+0-160000.1.1 * keylime-verifier-7.14.0+0-160000.1.1 * keylime-tpm_cert_store-7.14.0+0-160000.1.1 * keylime-tenant-7.14.0+0-160000.1.1 * python313-keylime-7.14.0+0-160000.1.1 * keylime-config-7.14.0+0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1709.html * https://bugzilla.suse.com/show_bug.cgi?id=1257895 * https://jira.suse.com/browse/PED-14735 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:39:50 -0000 Subject: SUSE-SU-2026:20911-1: moderate: Security update for poppler Message-ID: <177504719002.568.10511472733255683567@634a8d224e68> # Security update for poppler Announcement ID: SUSE-SU-2026:20911-1 Release Date: 2026-03-19T08:11:15Z Rating: moderate References: * bsc#1252337 Cross-References: * CVE-2025-11896 CVSS scores: * CVE-2025-11896 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-11896 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-11896 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-411=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libpoppler148-debuginfo-25.04.0-160000.4.1 * poppler-debugsource-25.04.0-160000.4.1 * libpoppler-glib8-debuginfo-25.04.0-160000.4.1 * typelib-1_0-Poppler-0_18-25.04.0-160000.4.1 * libpoppler-cpp2-25.04.0-160000.4.1 * libpoppler-qt6-devel-25.04.0-160000.4.1 * libpoppler-glib8-25.04.0-160000.4.1 * libpoppler-qt6-3-debuginfo-25.04.0-160000.4.1 * libpoppler-devel-25.04.0-160000.4.1 * libpoppler-qt6-3-25.04.0-160000.4.1 * libpoppler-cpp2-debuginfo-25.04.0-160000.4.1 * libpoppler148-25.04.0-160000.4.1 * poppler-tools-25.04.0-160000.4.1 * poppler-qt6-debugsource-25.04.0-160000.4.1 * poppler-tools-debuginfo-25.04.0-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11896.html * https://bugzilla.suse.com/show_bug.cgi?id=1252337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:39:56 -0000 Subject: SUSE-SU-2026:20910-1: moderate: Security update for librsvg Message-ID: <177504719628.568.16224375525113709993@634a8d224e68> # Security update for librsvg Announcement ID: SUSE-SU-2026:20910-1 Release Date: 2026-03-19T08:11:15Z Rating: moderate References: * bsc#1229376 * bsc#1229950 * bsc#1243867 Cross-References: * CVE-2024-12224 * CVE-2024-43806 CVSS scores: * CVE-2024-12224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-12224 ( NVD ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-43806 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for librsvg fixes the following issues: Update to version 2.60.2: * CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243867). * CVE-2024-43806: Fixed memory explosion in rustix (bsc#1229950). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-410=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * librsvg-2-2-debuginfo-2.60.2-160000.1.1 * librsvg-2-2-2.60.2-160000.1.1 * typelib-1_0-Rsvg-2_0-2.60.2-160000.1.1 * gdk-pixbuf-loader-rsvg-2.60.2-160000.1.1 * rsvg-convert-2.60.2-160000.1.1 * librsvg-devel-2.60.2-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * rsvg-thumbnailer-2.60.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12224.html * https://www.suse.com/security/cve/CVE-2024-43806.html * https://bugzilla.suse.com/show_bug.cgi?id=1229376 * https://bugzilla.suse.com/show_bug.cgi?id=1229950 * https://bugzilla.suse.com/show_bug.cgi?id=1243867 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:40:21 -0000 Subject: SUSE-SU-2026:20907-1: moderate: Security update for protobuf Message-ID: <177504722158.568.12689534077773541749@634a8d224e68> # Security update for protobuf Announcement ID: SUSE-SU-2026:20907-1 Release Date: 2026-03-18T18:15:53Z Rating: moderate References: * bsc#1244663 * bsc#1244918 * bsc#1257173 Cross-References: * CVE-2025-4565 * CVE-2026-0994 CVSS scores: * CVE-2025-4565 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-4565 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4565 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-4565 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0994 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0994 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0994 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for protobuf fixes the following issues: Security fixes: * CVE-2025-4565: Fixed parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that could lead to crash due to RecursionError (bsc#1244663). * CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173). Other fixes: * Fixed import issues of reverse-dependency packages within the google namespace (bsc#1244918). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-408=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * protobuf-devel-28.3-160000.3.1 * libutf8_range-28_3_0-28.3-160000.3.1 * protobuf-devel-debuginfo-28.3-160000.3.1 * libprotobuf28_3_0-28.3-160000.3.1 * libprotobuf-lite28_3_0-debuginfo-28.3-160000.3.1 * libprotobuf28_3_0-debuginfo-28.3-160000.3.1 * libprotoc28_3_0-28.3-160000.3.1 * libutf8_range-28_3_0-debuginfo-28.3-160000.3.1 * python313-protobuf-debuginfo-5.28.3-160000.3.1 * libprotobuf-lite28_3_0-28.3-160000.3.1 * python313-protobuf-5.28.3-160000.3.1 * protobuf-debugsource-28.3-160000.3.1 * python-protobuf-debugsource-5.28.3-160000.3.1 * libprotoc28_3_0-debuginfo-28.3-160000.3.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * protobuf-java-28.3-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4565.html * https://www.suse.com/security/cve/CVE-2026-0994.html * https://bugzilla.suse.com/show_bug.cgi?id=1244663 * https://bugzilla.suse.com/show_bug.cgi?id=1244918 * https://bugzilla.suse.com/show_bug.cgi?id=1257173 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:40:32 -0000 Subject: SUSE-SU-2026:20906-1: important: Security update for postgresql17 Message-ID: <177504723238.568.11518927528206690358@634a8d224e68> # Security update for postgresql17 Announcement ID: SUSE-SU-2026:20906-1 Release Date: 2026-03-18T15:31:19Z Rating: important References: * bsc#1258008 * bsc#1258009 * bsc#1258010 * bsc#1258011 * bsc#1258754 Cross-References: * CVE-2026-2003 * CVE-2026-2004 * CVE-2026-2005 * CVE-2026-2006 CVSS scores: * CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql17 fixes the following issues: * Update to version 17.9. (bsc#1258754) * CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) * CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) * CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) * CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-406=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * postgresql17-debugsource-17.9-160000.1.1 * postgresql17-plpython-debuginfo-17.9-160000.1.1 * postgresql17-server-debuginfo-17.9-160000.1.1 * postgresql17-plperl-debuginfo-17.9-160000.1.1 * postgresql17-plperl-17.9-160000.1.1 * postgresql17-devel-17.9-160000.1.1 * postgresql17-pltcl-debuginfo-17.9-160000.1.1 * postgresql17-contrib-17.9-160000.1.1 * postgresql17-pltcl-17.9-160000.1.1 * postgresql17-contrib-debuginfo-17.9-160000.1.1 * postgresql17-debuginfo-17.9-160000.1.1 * postgresql17-plpython-17.9-160000.1.1 * postgresql17-server-17.9-160000.1.1 * postgresql17-server-devel-debuginfo-17.9-160000.1.1 * postgresql17-devel-debuginfo-17.9-160000.1.1 * postgresql17-server-devel-17.9-160000.1.1 * postgresql17-17.9-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * postgresql17-docs-17.9-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2003.html * https://www.suse.com/security/cve/CVE-2026-2004.html * https://www.suse.com/security/cve/CVE-2026-2005.html * https://www.suse.com/security/cve/CVE-2026-2006.html * https://bugzilla.suse.com/show_bug.cgi?id=1258008 * https://bugzilla.suse.com/show_bug.cgi?id=1258009 * https://bugzilla.suse.com/show_bug.cgi?id=1258010 * https://bugzilla.suse.com/show_bug.cgi?id=1258011 * https://bugzilla.suse.com/show_bug.cgi?id=1258754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:40:37 -0000 Subject: SUSE-SU-2026:20905-1: important: Security update for busybox Message-ID: <177504723717.568.222558484905285020@634a8d224e68> # Security update for busybox Announcement ID: SUSE-SU-2026:20905-1 Release Date: 2026-03-18T15:29:19Z Rating: important References: * bsc#1258163 * bsc#1258167 * jsc#PED-13039 Cross-References: * CVE-2026-26157 * CVE-2026-26158 CVSS scores: * CVE-2026-26157 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26157 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26157 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26158 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26158 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26158 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for busybox fixes the following issues: Changes in busybox: * CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. (bsc#1258163) * CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archive entries. (bsc#1258167) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-405=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * busybox-static-1.37.0-160000.5.1 * busybox-debugsource-1.37.0-160000.5.1 * busybox-static-debuginfo-1.37.0-160000.5.1 * busybox-1.37.0-160000.5.1 * busybox-debuginfo-1.37.0-160000.5.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 x86_64) * busybox-warewulf3-debuginfo-1.37.0-160000.5.1 * busybox-warewulf3-1.37.0-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26157.html * https://www.suse.com/security/cve/CVE-2026-26158.html * https://bugzilla.suse.com/show_bug.cgi?id=1258163 * https://bugzilla.suse.com/show_bug.cgi?id=1258167 * https://jira.suse.com/browse/PED-13039 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:40:58 -0000 Subject: SUSE-SU-2026:20904-1: moderate: Security update for cosign Message-ID: <177504725846.568.16126120326448110697@634a8d224e68> # Security update for cosign Announcement ID: SUSE-SU-2026:20904-1 Release Date: 2026-03-18T11:29:30Z Rating: moderate References: * bsc#1250620 * bsc#1253913 * bsc#1256496 * bsc#1256562 * bsc#1257080 * bsc#1257085 * bsc#1257139 * bsc#1258542 * bsc#1258612 Cross-References: * CVE-2025-11065 * CVE-2025-58181 * CVE-2026-22703 * CVE-2026-22772 * CVE-2026-23991 * CVE-2026-23992 * CVE-2026-24122 * CVE-2026-24137 * CVE-2026-26958 CVSS scores: * CVE-2025-11065 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2025-11065 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-58181 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22703 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-22703 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-22703 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-22772 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N * CVE-2026-22772 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-22772 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-22772 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23991 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23991 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-23991 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23991 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23992 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23992 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-23992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23992 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-24122 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24122 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-24122 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-24137 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-24137 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-24137 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2026-26958 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-26958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2026-26958 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for cosign fixes the following issues: Update to version 3.0.5: * CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates (bsc#1258542) * CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results and lead to undefined behavior (bsc#1258612) * CVE-2026-24137: Fixed github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal (bsc#1257139) * CVE-2026-22772: Fixed github.com/sigstore/fulcio: bypass MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services (bsc#1256562) * CVE-2026-23991: Fixed github.com/theupdateframework/go-tuf/v2: denial of service due to invalid TUF metadata JSON returned by TUF repository (bsc#1257080) * CVE-2026-23992: Fixed github.com/theupdateframework/go-tuf/v2: unauthorized modification to TUF metadata files due to a compromised or misconfigured TUF repository (bsc#1257085) * CVE-2025-11065: Fixed github.com/go-viper/mapstructure/v2: sensitive Information leak in logs (bsc#1250620) * CVE-2026-22703: Fixed that cosign verification accepts any valid Rekor entry under certain conditions (bsc#1256496) * CVE-2025-58181: Fixed golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (bsc#1253913) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-404=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-3.0.5-160000.1.1 * cosign-3.0.5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11065.html * https://www.suse.com/security/cve/CVE-2025-58181.html * https://www.suse.com/security/cve/CVE-2026-22703.html * https://www.suse.com/security/cve/CVE-2026-22772.html * https://www.suse.com/security/cve/CVE-2026-23991.html * https://www.suse.com/security/cve/CVE-2026-23992.html * https://www.suse.com/security/cve/CVE-2026-24122.html * https://www.suse.com/security/cve/CVE-2026-24137.html * https://www.suse.com/security/cve/CVE-2026-26958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250620 * https://bugzilla.suse.com/show_bug.cgi?id=1253913 * https://bugzilla.suse.com/show_bug.cgi?id=1256496 * https://bugzilla.suse.com/show_bug.cgi?id=1256562 * https://bugzilla.suse.com/show_bug.cgi?id=1257080 * https://bugzilla.suse.com/show_bug.cgi?id=1257085 * https://bugzilla.suse.com/show_bug.cgi?id=1257139 * https://bugzilla.suse.com/show_bug.cgi?id=1258542 * https://bugzilla.suse.com/show_bug.cgi?id=1258612 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:41:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:41:03 -0000 Subject: SUSE-SU-2026:20903-1: important: Security update for libjxl Message-ID: <177504726344.568.13167385978259277157@634a8d224e68> # Security update for libjxl Announcement ID: SUSE-SU-2026:20903-1 Release Date: 2026-03-18T10:13:37Z Rating: important References: * bsc#1258090 * bsc#1258091 Cross-References: * CVE-2025-12474 * CVE-2026-1837 CVSS scores: * CVE-2025-12474 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12474 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-12474 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1837 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-1837 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-1837 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libjxl fixes the following issues: Update to libjxl 0.11.2: * CVE-2025-12474: a specially crafted file can cause the decoder to read pixel data from uninitialized allocated memory (bsc#1258090). * CVE-2026-1837: a specially crafted file can cause the decoder to write pixel data to uninitialized unallocated memory (bsc#1258091). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-403=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libjxl-debugsource-0.11.2-160000.1.1 * libjxl-devel-0.11.2-160000.1.1 * libjxl0_11-debuginfo-0.11.2-160000.1.1 * libjxl0_11-0.11.2-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * libjxl0_11-x86-64-v3-debuginfo-0.11.2-160000.1.1 * libjxl0_11-x86-64-v3-0.11.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12474.html * https://www.suse.com/security/cve/CVE-2026-1837.html * https://bugzilla.suse.com/show_bug.cgi?id=1258090 * https://bugzilla.suse.com/show_bug.cgi?id=1258091 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:41:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:41:23 -0000 Subject: SUSE-SU-2026:20902-1: important: Security update for libsoup Message-ID: <177504728370.568.6953321175137932216@634a8d224e68> # Security update for libsoup Announcement ID: SUSE-SU-2026:20902-1 Release Date: 2026-03-18T10:01:12Z Rating: important References: * bsc#1240751 * bsc#1252555 * bsc#1254876 * bsc#1257398 * bsc#1257441 * bsc#1257597 * bsc#1258120 * bsc#1258170 * bsc#1258508 Cross-References: * CVE-2025-12105 * CVE-2025-14523 * CVE-2025-32049 * CVE-2026-1467 * CVE-2026-1539 * CVE-2026-1760 * CVE-2026-2369 * CVE-2026-2443 * CVE-2026-2708 CVSS scores: * CVE-2025-12105 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-12105 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-12105 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-14523 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14523 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-14523 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-32049 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32049 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32049 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1467 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N * CVE-2026-1467 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-1467 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-1467 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1539 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N * CVE-2026-1539 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-1539 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-1539 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-1760 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-1760 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L * CVE-2026-1760 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-2369 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-2369 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-2369 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-2443 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-2443 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2443 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2443 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2708 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2708 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for libsoup fixes the following issues: Update to libsoup 3.6.6: * CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion (bsc#1252555). * CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (bsc#1254876). * CVE-2025-32049: Denial of Service attack to websocket server (bsc#1240751). * CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). * CVE-2026-1539: proxy authentication credentials leaked via the Proxy- Authorization header when handling HTTP redirects (bsc#1257441). * CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). * CVE-2026-2369: Buffer overread due to integer underflow when handling zero- length resources (bsc#1258120). * CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). * CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508). Changelog: * websocket: Fix out-of-bounds read in process_frame * Check nulls returned by soup_date_time_new_from_http_string() * Numerous fixes to handling of Range headers * server: close the connection after responsing a request containing Content- Length and Transfer-Encoding * Use CRLF as line boundary when parsing chunked enconding data * websocket: do not accept messages frames after closing due to an error * Sanitize filename of content disposition header values * Always validate the headers value when coming from untrusted source * uri-utils: do host validation when checking if a GUri is valid * multipart: check length of bytes read soup_filter_input_stream_read_until() * message-headers: Reject duplicate Host headers * server: null-check soup_date_time_to_string() * auth-digest: fix crash in soup_auth_digest_get_protection_space() * session: fix 'heap-use-after-free' caused by 'finishing' queue item twice * cookies: Avoid expires attribute if date is invalid * http1: Set EOF flag once content-length bytes have been read * date-utils: Add value checks for date/time parsing * multipart: Fix multiple boundry limits * Fixed multiple possible memory leaks * message-headers: Correct merge of ranges * body-input-stream: Correct chunked trailers end detection * server-http2: Correctly validate URIs * multipart: Fix read out of buffer bounds under soup_multipart_new_from_message() * headers: Ensure Request-Line comprises entire first line * tests: Fix MSVC build error * Fix possible deadlock on init from gmodule usage * Updated translations. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-402=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libsoup-3_0-0-debuginfo-3.6.6-160000.1.1 * libsoup-debugsource-3.6.6-160000.1.1 * libsoup-devel-3.6.6-160000.1.1 * libsoup-3_0-0-3.6.6-160000.1.1 * typelib-1_0-Soup-3_0-3.6.6-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * libsoup-lang-3.6.6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12105.html * https://www.suse.com/security/cve/CVE-2025-14523.html * https://www.suse.com/security/cve/CVE-2025-32049.html * https://www.suse.com/security/cve/CVE-2026-1467.html * https://www.suse.com/security/cve/CVE-2026-1539.html * https://www.suse.com/security/cve/CVE-2026-1760.html * https://www.suse.com/security/cve/CVE-2026-2369.html * https://www.suse.com/security/cve/CVE-2026-2443.html * https://www.suse.com/security/cve/CVE-2026-2708.html * https://bugzilla.suse.com/show_bug.cgi?id=1240751 * https://bugzilla.suse.com/show_bug.cgi?id=1252555 * https://bugzilla.suse.com/show_bug.cgi?id=1254876 * https://bugzilla.suse.com/show_bug.cgi?id=1257398 * https://bugzilla.suse.com/show_bug.cgi?id=1257441 * https://bugzilla.suse.com/show_bug.cgi?id=1257597 * https://bugzilla.suse.com/show_bug.cgi?id=1258120 * https://bugzilla.suse.com/show_bug.cgi?id=1258170 * https://bugzilla.suse.com/show_bug.cgi?id=1258508 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:41:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:41:27 -0000 Subject: SUSE-SU-2026:20901-1: important: Security update for net-snmp Message-ID: <177504728708.568.2321875569327695078@634a8d224e68> # Security update for net-snmp Announcement ID: SUSE-SU-2026:20901-1 Release Date: 2026-03-18T09:56:31Z Rating: important References: * bsc#1255491 Cross-References: * CVE-2025-68615 CVSS scores: * CVE-2025-68615 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68615 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68615 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for net-snmp fixes the following issues: * CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-401=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * perl-SNMP-debuginfo-5.9.4-160000.3.1 * net-snmp-debuginfo-5.9.4-160000.3.1 * snmp-mibs-5.9.4-160000.3.1 * python313-net-snmp-5.9.4-160000.3.1 * libsnmp40-debuginfo-5.9.4-160000.3.1 * net-snmp-5.9.4-160000.3.1 * perl-SNMP-5.9.4-160000.3.1 * net-snmp-devel-5.9.4-160000.3.1 * libsnmp40-5.9.4-160000.3.1 * python313-net-snmp-debuginfo-5.9.4-160000.3.1 * net-snmp-debugsource-5.9.4-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68615.html * https://bugzilla.suse.com/show_bug.cgi?id=1255491 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:41:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 12:41:33 -0000 Subject: SUSE-SU-2026:1162-1: important: Security update for python-tornado Message-ID: <177504729395.568.13657796806642615133@634a8d224e68> # Security update for python-tornado Announcement ID: SUSE-SU-2026:1162-1 Release Date: 2026-03-31T22:02:19Z Rating: important References: * bsc#1254903 * bsc#1254905 * bsc#1259553 * bsc#1259630 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2026-31958 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for python-tornado fixes the following issues: * CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903). * CVE-2025-67725: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254905). * CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). * incomplete validation of cookie attributes allows for injection of user- controlled values in other cookie attributes (bsc#1259630). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2026-1162=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * python3-tornado-4.2.1-17.18.1 * python-tornado-debuginfo-4.2.1-17.18.1 * python-tornado-debugsource-4.2.1-17.18.1 * python-tornado-4.2.1-17.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259630 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 16:30:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 16:30:09 -0000 Subject: SUSE-SU-2026:20949-1: important: Security update for docker-compose Message-ID: <177506100943.841.14033459296074774046@ea440c8e37cc> # Security update for docker-compose Announcement ID: SUSE-SU-2026:20949-1 Release Date: 2026-03-27T10:12:24Z Rating: important References: * bsc#1252752 * bsc#1253584 * bsc#1254041 Cross-References: * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-62725 CVSS scores: * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-62725 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-62725 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-62725 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for docker-compose fixes the following issues: * CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253584). * CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). * CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files (bsc#1252752). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-455=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * docker-compose-2.33.1-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-62725.html * https://bugzilla.suse.com/show_bug.cgi?id=1252752 * https://bugzilla.suse.com/show_bug.cgi?id=1253584 * https://bugzilla.suse.com/show_bug.cgi?id=1254041 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 16:30:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 16:30:19 -0000 Subject: SUSE-SU-2026:20948-1: moderate: Security update for net-tools Message-ID: <177506101926.841.6677268806144021568@ea440c8e37cc> # Security update for net-tools Announcement ID: SUSE-SU-2026:20948-1 Release Date: 2026-03-26T15:12:22Z Rating: moderate References: * bsc#1243581 * bsc#1248410 * bsc#1248687 * bsc#142461 * bsc#430864 * bsc#544339 Cross-References: * CVE-2025-46836 CVSS scores: * CVE-2025-46836 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-46836 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-46836 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability and has five fixes can now be installed. ## Description: This update for net-tools fixes the following issues: * Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58). * Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq- cmw2-cq59). * Avoid unsafe memcpy in ifconfig (bsc#1248687). * Prevent overflow in ax25 and netrom (bsc#1248687) * Keep possibility to enter long interface names, even if they are not accepted by the kernel, because it was always possible up to CVE-2025-46836 fix. But issue a warning about an interface name concatenation (bsc#1248410). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-454=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * net-tools-debuginfo-2.10-160000.3.1 * net-tools-debugsource-2.10-160000.3.1 * net-tools-2.10-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1243581 * https://bugzilla.suse.com/show_bug.cgi?id=1248410 * https://bugzilla.suse.com/show_bug.cgi?id=1248687 * https://bugzilla.suse.com/show_bug.cgi?id=142461 * https://bugzilla.suse.com/show_bug.cgi?id=430864 * https://bugzilla.suse.com/show_bug.cgi?id=544339 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 16:30:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 16:30:27 -0000 Subject: SUSE-SU-2026:1163-1: important: Security update for MozillaThunderbird Message-ID: <177506102711.841.3697348786852619967@ea440c8e37cc> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2026:1163-1 Release Date: 2026-04-01T08:49:15Z Rating: important References: * bsc#1260083 Cross-References: * CVE-2025-59375 * CVE-2026-3889 * CVE-2026-4371 * CVE-2026-4684 * CVE-2026-4685 * CVE-2026-4686 * CVE-2026-4687 * CVE-2026-4688 * CVE-2026-4689 * CVE-2026-4690 * CVE-2026-4691 * CVE-2026-4692 * CVE-2026-4693 * CVE-2026-4694 * CVE-2026-4695 * CVE-2026-4696 * CVE-2026-4697 * CVE-2026-4698 * CVE-2026-4699 * CVE-2026-4700 * CVE-2026-4701 * CVE-2026-4702 * CVE-2026-4704 * CVE-2026-4705 * CVE-2026-4706 * CVE-2026-4707 * CVE-2026-4708 * CVE-2026-4709 * CVE-2026-4710 * CVE-2026-4711 * CVE-2026-4712 * CVE-2026-4713 * CVE-2026-4714 * CVE-2026-4715 * CVE-2026-4716 * CVE-2026-4717 * CVE-2026-4718 * CVE-2026-4719 * CVE-2026-4720 * CVE-2026-4721 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3889 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-3889 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4371 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4371 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4684 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4685 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4686 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4687 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4687 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2026-4687 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4688 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4689 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4690 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4690 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2026-4690 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4692 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4692 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4692 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4693 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4694 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4695 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4696 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4697 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4698 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4700 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4701 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4702 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4704 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4705 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4706 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4707 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4708 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4709 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4710 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4711 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4713 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4714 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4715 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4716 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4717 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4718 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-4719 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4720 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4721 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4721 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 40 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 (MFSA 2026-24, bsc#1260083): * CVE-2026-3889: Spoofing issue in Thunderbird * CVE-2026-4371: Out of bounds read in IMAP parsing * CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component * CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component * CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component * CVE-2026-4692: Sandbox escape in the Responsive Design Mode component * CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component * CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component * CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component * CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component * CVE-2026-4700: Mitigation bypass in the Networking: HTTP component * CVE-2026-4701: Use-after-free in the JavaScript Engine component * CVE-2026-4702: JIT miscompilation in the JavaScript Engine component * CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component * CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component * CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4708: Incorrect boundary conditions in the Graphics component * CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component * CVE-2026-4711: Use-after-free in the Widget: Cocoa component * CVE-2026-4712: Information disclosure in the Widget: Cocoa component * CVE-2026-4713: Incorrect boundary conditions in the Graphics component * CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component * CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component * CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component * CVE-2026-4717: Privilege escalation in the Netmonitor component * CVE-2025-59375: Denial-of-service in the XML component * CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component * CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component * CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 * CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1163=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1163=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1163=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-common-140.9.0-150200.8.263.1 * MozillaThunderbird-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-other-140.9.0-150200.8.263.1 * MozillaThunderbird-debugsource-140.9.0-150200.8.263.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * MozillaThunderbird-debuginfo-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-common-140.9.0-150200.8.263.1 * MozillaThunderbird-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-other-140.9.0-150200.8.263.1 * MozillaThunderbird-debugsource-140.9.0-150200.8.263.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-common-140.9.0-150200.8.263.1 * MozillaThunderbird-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-other-140.9.0-150200.8.263.1 * MozillaThunderbird-debugsource-140.9.0-150200.8.263.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://www.suse.com/security/cve/CVE-2026-3889.html * https://www.suse.com/security/cve/CVE-2026-4371.html * https://www.suse.com/security/cve/CVE-2026-4684.html * https://www.suse.com/security/cve/CVE-2026-4685.html * https://www.suse.com/security/cve/CVE-2026-4686.html * https://www.suse.com/security/cve/CVE-2026-4687.html * https://www.suse.com/security/cve/CVE-2026-4688.html * https://www.suse.com/security/cve/CVE-2026-4689.html * https://www.suse.com/security/cve/CVE-2026-4690.html * https://www.suse.com/security/cve/CVE-2026-4691.html * https://www.suse.com/security/cve/CVE-2026-4692.html * https://www.suse.com/security/cve/CVE-2026-4693.html * https://www.suse.com/security/cve/CVE-2026-4694.html * https://www.suse.com/security/cve/CVE-2026-4695.html * https://www.suse.com/security/cve/CVE-2026-4696.html * https://www.suse.com/security/cve/CVE-2026-4697.html * https://www.suse.com/security/cve/CVE-2026-4698.html * https://www.suse.com/security/cve/CVE-2026-4699.html * https://www.suse.com/security/cve/CVE-2026-4700.html * https://www.suse.com/security/cve/CVE-2026-4701.html * https://www.suse.com/security/cve/CVE-2026-4702.html * https://www.suse.com/security/cve/CVE-2026-4704.html * https://www.suse.com/security/cve/CVE-2026-4705.html * https://www.suse.com/security/cve/CVE-2026-4706.html * https://www.suse.com/security/cve/CVE-2026-4707.html * https://www.suse.com/security/cve/CVE-2026-4708.html * https://www.suse.com/security/cve/CVE-2026-4709.html * https://www.suse.com/security/cve/CVE-2026-4710.html * https://www.suse.com/security/cve/CVE-2026-4711.html * https://www.suse.com/security/cve/CVE-2026-4712.html * https://www.suse.com/security/cve/CVE-2026-4713.html * https://www.suse.com/security/cve/CVE-2026-4714.html * https://www.suse.com/security/cve/CVE-2026-4715.html * https://www.suse.com/security/cve/CVE-2026-4716.html * https://www.suse.com/security/cve/CVE-2026-4717.html * https://www.suse.com/security/cve/CVE-2026-4718.html * https://www.suse.com/security/cve/CVE-2026-4719.html * https://www.suse.com/security/cve/CVE-2026-4720.html * https://www.suse.com/security/cve/CVE-2026-4721.html * https://bugzilla.suse.com/show_bug.cgi?id=1260083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 20:30:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 20:30:13 -0000 Subject: SUSE-SU-2026:1165-1: important: Security update for freerdp Message-ID: <177507541340.1226.15635874936900095557@7334c935c7bb> # Security update for freerdp Announcement ID: SUSE-SU-2026:1165-1 Release Date: 2026-04-01T13:41:01Z Rating: important References: * bsc#1258979 * bsc#1258982 * bsc#1258985 * bsc#1259653 * bsc#1259679 * bsc#1259686 Cross-References: * CVE-2026-26271 * CVE-2026-26955 * CVE-2026-26965 * CVE-2026-31806 * CVE-2026-31883 * CVE-2026-31885 CVSS scores: * CVE-2026-26271 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing (bsc#1258979). * CVE-2026-26955: Out-of-bounds Write in freerdp (bsc#1258982). * CVE-2026-26965: Out-of-bounds Write in freerdp (bsc#1258985). * CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution (bsc#1259653). * CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overflow write (bsc#1259679). * CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1165=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1165=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * freerdp-devel-2.1.2-12.63.1 * winpr2-devel-2.1.2-12.63.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * freerdp-devel-2.1.2-12.63.1 * winpr2-devel-2.1.2-12.63.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26271.html * https://www.suse.com/security/cve/CVE-2026-26955.html * https://www.suse.com/security/cve/CVE-2026-26965.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31883.html * https://www.suse.com/security/cve/CVE-2026-31885.html * https://bugzilla.suse.com/show_bug.cgi?id=1258979 * https://bugzilla.suse.com/show_bug.cgi?id=1258982 * https://bugzilla.suse.com/show_bug.cgi?id=1258985 * https://bugzilla.suse.com/show_bug.cgi?id=1259653 * https://bugzilla.suse.com/show_bug.cgi?id=1259679 * https://bugzilla.suse.com/show_bug.cgi?id=1259686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 20:30:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 01 Apr 2026 20:30:22 -0000 Subject: SUSE-SU-2026:1164-1: important: Security update for freerdp2 Message-ID: <177507542260.1226.10230885883796731518@7334c935c7bb> # Security update for freerdp2 Announcement ID: SUSE-SU-2026:1164-1 Release Date: 2026-04-01T13:40:49Z Rating: important References: * bsc#1258979 * bsc#1258982 * bsc#1258985 * bsc#1259653 * bsc#1259679 * bsc#1259686 Cross-References: * CVE-2026-26271 * CVE-2026-26955 * CVE-2026-26965 * CVE-2026-31806 * CVE-2026-31883 * CVE-2026-31885 CVSS scores: * CVE-2026-26271 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for freerdp2 fixes the following issues: * CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing (bsc#1258979). * CVE-2026-26955: Out-of-bounds Write in freerdp (bsc#1258982). * CVE-2026-26965: Out-of-bounds Write in freerdp (bsc#1258985). * CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution (bsc#1259653). * CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overflow write (bsc#1259679). * CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1164=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1164=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp2-debuginfo-2.11.7-150700.3.14.1 * winpr2-devel-2.11.7-150700.3.14.1 * freerdp2-debugsource-2.11.7-150700.3.14.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * freerdp2-debuginfo-2.11.7-150700.3.14.1 * freerdp2-devel-2.11.7-150700.3.14.1 * libwinpr2-2-2.11.7-150700.3.14.1 * freerdp2-server-debuginfo-2.11.7-150700.3.14.1 * freerdp2-debugsource-2.11.7-150700.3.14.1 * libfreerdp2-2-2.11.7-150700.3.14.1 * winpr2-devel-2.11.7-150700.3.14.1 * freerdp2-2.11.7-150700.3.14.1 * libfreerdp2-2-debuginfo-2.11.7-150700.3.14.1 * freerdp2-proxy-debuginfo-2.11.7-150700.3.14.1 * freerdp2-server-2.11.7-150700.3.14.1 * libwinpr2-2-debuginfo-2.11.7-150700.3.14.1 * freerdp2-proxy-2.11.7-150700.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26271.html * https://www.suse.com/security/cve/CVE-2026-26955.html * https://www.suse.com/security/cve/CVE-2026-26965.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31883.html * https://www.suse.com/security/cve/CVE-2026-31885.html * https://bugzilla.suse.com/show_bug.cgi?id=1258979 * https://bugzilla.suse.com/show_bug.cgi?id=1258982 * https://bugzilla.suse.com/show_bug.cgi?id=1258985 * https://bugzilla.suse.com/show_bug.cgi?id=1259653 * https://bugzilla.suse.com/show_bug.cgi?id=1259679 * https://bugzilla.suse.com/show_bug.cgi?id=1259686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 12:30:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 02 Apr 2026 12:30:35 -0000 Subject: SUSE-SU-2026:1166-1: important: Security update for expat Message-ID: <177513303586.1256.12334130982271036217@c2c2e0ac4d9f> # Security update for expat Announcement ID: SUSE-SU-2026:1166-1 Release Date: 2026-04-02T01:08:59Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1166=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1166=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1166=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1166=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1166=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1166=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1166=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1166=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1166=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1166=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1166=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1166=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1166=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1166=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1166=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1166=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1166=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat-devel-32bit-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libexpat-devel-64bit-2.7.1-150400.3.37.1 * libexpat1-64bit-debuginfo-2.7.1-150400.3.37.1 * libexpat1-64bit-2.7.1-150400.3.37.1 * expat-64bit-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.6 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat-devel-32bit-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 16:30:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 02 Apr 2026 16:30:13 -0000 Subject: SUSE-SU-2026:1171-1: important: Security update for python-tornado Message-ID: <177514741362.1447.14998831159267478694@c2c2e0ac4d9f> # Security update for python-tornado Announcement ID: SUSE-SU-2026:1171-1 Release Date: 2026-04-02T08:57:10Z Rating: important References: * bsc#1254905 * bsc#1259553 * bsc#1259630 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for python-tornado fixes the following issues: * CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). * incomplete validation of cookie attributes allows for injection of user- controlled values in other cookie attributes (bsc#1259630). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1171=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1171=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1171=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1171=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1171=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1171=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1171=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1171=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1171=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1171=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1171=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1171=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1171=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1171=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1171=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1171=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1171=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1171=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259630 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 16:30:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 02 Apr 2026 16:30:17 -0000 Subject: SUSE-SU-2026:1170-1: important: Security update for perl-Crypt-URandom Message-ID: <177514741752.1447.7695896429731286304@c2c2e0ac4d9f> # Security update for perl-Crypt-URandom Announcement ID: SUSE-SU-2026:1170-1 Release Date: 2026-04-02T08:42:08Z Rating: important References: * bsc#1258266 Cross-References: * CVE-2026-2474 CVSS scores: * CVE-2026-2474 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-2474 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-2474 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for perl-Crypt-URandom fixes the following issue: Update to 0.550.0 (0.55): * CVE-2026-2474: heap buffer overflow in the XS function `crypt_urandom_getrandom()` (bsc#1258266). Changelog: * Fix for sysread/read failures. Thanks to Miha Purg for GH#20. * Fix for test suite failures on STDOUT encoding. Thanks to Lukas Mai for GH#19. For full changelog see /usr/share/doc/packages/perl-Crypt-URandom/Changes. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1170=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1170=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-0.550.0-1.6.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * perl-Crypt-URandom-0.550.0-1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2474.html * https://bugzilla.suse.com/show_bug.cgi?id=1258266 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 16:30:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 02 Apr 2026 16:30:42 -0000 Subject: SUSE-SU-2026:1169-1: important: Security update for wireshark Message-ID: <177514744218.1447.14364513225775260932@c2c2e0ac4d9f> # Security update for wireshark Announcement ID: SUSE-SU-2026:1169-1 Release Date: 2026-04-02T08:29:33Z Rating: important References: * bsc#1231475 * bsc#1231476 * bsc#1233593 * bsc#1233594 * bsc#1237414 * bsc#1244081 * bsc#1249090 * bsc#1254108 * bsc#1254262 * bsc#1254471 * bsc#1254472 * bsc#1256734 * bsc#1256736 * bsc#1256738 * bsc#1256739 * bsc#1258907 * bsc#1258908 * bsc#1258909 * jsc#PED-15400 Cross-References: * CVE-2024-11595 * CVE-2024-11596 * CVE-2024-9780 * CVE-2024-9781 * CVE-2025-13499 * CVE-2025-13674 * CVE-2025-13945 * CVE-2025-13946 * CVE-2025-1492 * CVE-2025-5601 * CVE-2025-9817 * CVE-2026-0959 * CVE-2026-0960 * CVE-2026-0961 * CVE-2026-0962 * CVE-2026-3201 * CVE-2026-3202 * CVE-2026-3203 CVSS scores: * CVE-2024-11595 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-11595 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-11595 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-11596 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-11596 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-11596 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9780 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9780 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9781 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13499 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-13499 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2025-13499 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-13499 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13674 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-13674 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13945 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13945 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-1492 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1492 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1492 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-1492 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-5601 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2025-5601 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-5601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-9817 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-9817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-9817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-9817 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0959 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0959 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0959 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0960 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0960 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0960 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0961 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0961 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0961 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0962 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0962 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0962 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0962 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-3201 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3201 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3201 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-3201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3202 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3202 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-3202 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3203 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3203 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3203 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-3203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 18 vulnerabilities and contains one feature can now be installed. ## Description: This update for wireshark fixes the following issues: Update Wireshark to version 4.6.4 (jsc#PED-15400). * CVE-2024-9780: ITS dissector crash (bsc#1231475). * CVE-2024-9781: AppleTalk and RELOAD Framing dissector crash (bsc#1231476). * CVE-2024-11595: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark (bsc#1233594). * CVE-2024-11596: Buffer Over-read in Wireshark (bsc#1233593). * CVE-2025-1492: Uncontrolled Recursion in Wireshark (bsc#1237414). * CVE-2025-5601: Column handling crashes in Wireshark allows denial of service (bsc#1244081). * CVE-2025-9817: NULL Pointer Dereference in ssh dissector (bsc#1249090). * CVE-2025-13499: a malformed packet can lead to a Kafka dissector crash (bsc#1254108). * CVE-2025-13674: injecting a malformed packet can cause a crash (bsc#1254262). * CVE-2025-13945: HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service (bsc#1254471). * CVE-2025-13946: MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service (bsc#1254472). * CVE-2026-0959: denial of service via IEEE 802.11 protocol dissector crash (bsc#1256734). * CVE-2026-0960: denial of Service via HTTP3 protocol dissector infinite loop (bsc#1256736). * CVE-2026-0961: denial of Service vulnerability in BLF file parser (bsc#1256738). * CVE-2026-0962: denial of Service via SOME/IP-SD protocol dissector crash (bsc#1256739). * CVE-2026-3201: missing limit checks in USB HID protocol dissector's `parse_report_descriptor` function can lead to memory exhaustion (bsc#1258907). * CVE-2026-3202: missing checks in NTS-KE protocol dissector can lead to crash (bsc#1258908). * CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and crash (bsc#1258909). Also libvirt was rebuilt against wireshark for the libvirt plugin. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1169=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1169=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1169=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libwsutil17-debuginfo-4.6.4-150700.21.8.1 * wireshark-debugsource-4.6.4-150700.21.8.1 * libwiretap16-debuginfo-4.6.4-150700.21.8.1 * wireshark-4.6.4-150700.21.8.1 * libwiretap16-4.6.4-150700.21.8.1 * libvirt-libs-debuginfo-11.0.0-150700.4.19.1 * libwireshark19-4.6.4-150700.21.8.1 * libvirt-libs-11.0.0-150700.4.19.1 * libvirt-debugsource-11.0.0-150700.4.19.1 * wireshark-debuginfo-4.6.4-150700.21.8.1 * libwireshark19-debuginfo-4.6.4-150700.21.8.1 * libwsutil17-4.6.4-150700.21.8.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-4.6.4-150700.21.8.1 * wireshark-debuginfo-4.6.4-150700.21.8.1 * wireshark-ui-qt-debuginfo-4.6.4-150700.21.8.1 * wireshark-devel-4.6.4-150700.21.8.1 * wireshark-debugsource-4.6.4-150700.21.8.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libvirt-daemon-driver-storage-core-11.0.0-150700.4.19.1 * libvirt-daemon-config-nwfilter-11.0.0-150700.4.19.1 * libvirt-daemon-driver-nwfilter-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-proxy-11.0.0-150700.4.19.1 * libvirt-daemon-lock-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-mpath-11.0.0-150700.4.19.1 * libvirt-nss-11.0.0-150700.4.19.1 * libvirt-client-11.0.0-150700.4.19.1 * libvirt-11.0.0-150700.4.19.1 * libvirt-daemon-driver-secret-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-core-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-lock-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-iscsi-direct-11.0.0-150700.4.19.1 * libvirt-daemon-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-nodedev-11.0.0-150700.4.19.1 * libvirt-daemon-driver-secret-11.0.0-150700.4.19.1 * libvirt-nss-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-qemu-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-disk-debuginfo-11.0.0-150700.4.19.1 * libvirt-debugsource-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-plugin-lockd-11.0.0-150700.4.19.1 * libvirt-daemon-log-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-logical-11.0.0-150700.4.19.1 * libvirt-daemon-driver-nwfilter-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-scsi-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-mpath-debuginfo-11.0.0-150700.4.19.1 * libvirt-devel-11.0.0-150700.4.19.1 * libvirt-daemon-driver-network-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-config-network-11.0.0-150700.4.19.1 * libvirt-daemon-driver-interface-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-plugin-lockd-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-disk-11.0.0-150700.4.19.1 * libvirt-daemon-plugin-sanlock-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-nodedev-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-logical-debuginfo-11.0.0-150700.4.19.1 * libvirt-client-qemu-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-scsi-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-iscsi-11.0.0-150700.4.19.1 * libvirt-daemon-qemu-11.0.0-150700.4.19.1 * libvirt-daemon-driver-interface-11.0.0-150700.4.19.1 * libvirt-daemon-common-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-proxy-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-network-11.0.0-150700.4.19.1 * libvirt-daemon-hooks-11.0.0-150700.4.19.1 * libvirt-daemon-log-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-11.0.0-150700.4.19.1 * libvirt-daemon-common-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-qemu-debuginfo-11.0.0-150700.4.19.1 * libvirt-client-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-plugin-sanlock-11.0.0-150700.4.19.1 * libvirt-daemon-11.0.0-150700.4.19.1 * Server Applications Module 15-SP7 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-rbd-debuginfo-11.0.0-150700.4.19.1 * Server Applications Module 15-SP7 (noarch) * libvirt-doc-11.0.0-150700.4.19.1 * Server Applications Module 15-SP7 (x86_64) * libvirt-daemon-xen-11.0.0-150700.4.19.1 * libvirt-daemon-driver-libxl-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-libxl-11.0.0-150700.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11595.html * https://www.suse.com/security/cve/CVE-2024-11596.html * https://www.suse.com/security/cve/CVE-2024-9780.html * https://www.suse.com/security/cve/CVE-2024-9781.html * https://www.suse.com/security/cve/CVE-2025-13499.html * https://www.suse.com/security/cve/CVE-2025-13674.html * https://www.suse.com/security/cve/CVE-2025-13945.html * https://www.suse.com/security/cve/CVE-2025-13946.html * https://www.suse.com/security/cve/CVE-2025-1492.html * https://www.suse.com/security/cve/CVE-2025-5601.html * https://www.suse.com/security/cve/CVE-2025-9817.html * https://www.suse.com/security/cve/CVE-2026-0959.html * https://www.suse.com/security/cve/CVE-2026-0960.html * https://www.suse.com/security/cve/CVE-2026-0961.html * https://www.suse.com/security/cve/CVE-2026-0962.html * https://www.suse.com/security/cve/CVE-2026-3201.html * https://www.suse.com/security/cve/CVE-2026-3202.html * https://www.suse.com/security/cve/CVE-2026-3203.html * https://bugzilla.suse.com/show_bug.cgi?id=1231475 * https://bugzilla.suse.com/show_bug.cgi?id=1231476 * https://bugzilla.suse.com/show_bug.cgi?id=1233593 * https://bugzilla.suse.com/show_bug.cgi?id=1233594 * https://bugzilla.suse.com/show_bug.cgi?id=1237414 * https://bugzilla.suse.com/show_bug.cgi?id=1244081 * https://bugzilla.suse.com/show_bug.cgi?id=1249090 * https://bugzilla.suse.com/show_bug.cgi?id=1254108 * https://bugzilla.suse.com/show_bug.cgi?id=1254262 * https://bugzilla.suse.com/show_bug.cgi?id=1254471 * https://bugzilla.suse.com/show_bug.cgi?id=1254472 * https://bugzilla.suse.com/show_bug.cgi?id=1256734 * https://bugzilla.suse.com/show_bug.cgi?id=1256736 * https://bugzilla.suse.com/show_bug.cgi?id=1256738 * https://bugzilla.suse.com/show_bug.cgi?id=1256739 * https://bugzilla.suse.com/show_bug.cgi?id=1258907 * https://bugzilla.suse.com/show_bug.cgi?id=1258908 * https://bugzilla.suse.com/show_bug.cgi?id=1258909 * https://jira.suse.com/browse/PED-15400 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 02 Apr 2026 20:30:05 -0000 Subject: SUSE-SU-2026:1179-1: moderate: Security update for libsoup2 Message-ID: <177516180539.1584.14803982360429620425@c2c2e0ac4d9f> # Security update for libsoup2 Announcement ID: SUSE-SU-2026:1179-1 Release Date: 2026-04-02T15:08:35Z Rating: moderate References: * bsc#1256418 Cross-References: * CVE-2026-0716 CVSS scores: * CVE-2026-0716 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-0716 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup2 fixes the following issue: * CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1179=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1179=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1179=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1179=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1179=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1179=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup2-devel-2.74.2-150400.3.34.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * openSUSE Leap 15.4 (x86_64) * libsoup-2_4-1-32bit-2.74.2-150400.3.34.1 * libsoup2-devel-32bit-2.74.2-150400.3.34.1 * libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.34.1 * openSUSE Leap 15.4 (noarch) * libsoup2-lang-2.74.2-150400.3.34.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup2-devel-64bit-2.74.2-150400.3.34.1 * libsoup-2_4-1-64bit-2.74.2-150400.3.34.1 * libsoup-2_4-1-64bit-debuginfo-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0716.html * https://bugzilla.suse.com/show_bug.cgi?id=1256418 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 02 Apr 2026 20:30:08 -0000 Subject: SUSE-SU-2026:1178-1: moderate: Security update for libsoup Message-ID: <177516180882.1584.2213332442489531563@c2c2e0ac4d9f> # Security update for libsoup Announcement ID: SUSE-SU-2026:1178-1 Release Date: 2026-04-02T15:08:02Z Rating: moderate References: * bsc#1256418 Cross-References: * CVE-2026-0716 CVSS scores: * CVE-2026-0716 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-0716 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup fixes the following issue: * CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1178=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libsoup-3_0-0-3.0.4-150400.3.40.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.40.1 * libsoup-devel-3.0.4-150400.3.40.1 * libsoup-debugsource-3.0.4-150400.3.40.1 * typelib-1_0-Soup-3_0-3.0.4-150400.3.40.1 * openSUSE Leap 15.4 (x86_64) * libsoup-3_0-0-32bit-debuginfo-3.0.4-150400.3.40.1 * libsoup-devel-32bit-3.0.4-150400.3.40.1 * libsoup-3_0-0-32bit-3.0.4-150400.3.40.1 * openSUSE Leap 15.4 (noarch) * libsoup-lang-3.0.4-150400.3.40.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup-3_0-0-64bit-3.0.4-150400.3.40.1 * libsoup-3_0-0-64bit-debuginfo-3.0.4-150400.3.40.1 * libsoup-devel-64bit-3.0.4-150400.3.40.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0716.html * https://bugzilla.suse.com/show_bug.cgi?id=1256418 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 02 Apr 2026 20:30:12 -0000 Subject: SUSE-SU-2026:1177-1: important: Security update for tar Message-ID: <177516181292.1584.3025553301010239842@c2c2e0ac4d9f> # Security update for tar Announcement ID: SUSE-SU-2026:1177-1 Release Date: 2026-04-02T15:01:24Z Rating: important References: * bsc#1246399 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for tar fixes the following issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1177=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1177=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1177=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1177=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1177=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1177=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1177=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1177=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1177=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1177=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1177=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1177=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1177=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1177=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1177=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1177=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1177=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1177=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1177=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * Basesystem Module 15-SP7 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * tar-tests-debuginfo-1.34-150000.3.37.1 * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-tests-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * openSUSE Leap 15.6 (noarch) * tar-backup-scripts-1.34-150000.3.37.1 * tar-doc-1.34-150000.3.37.1 * tar-lang-1.34-150000.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 02 Apr 2026 20:30:26 -0000 Subject: SUSE-SU-2026:1174-1: important: Security update for LibVNCServer Message-ID: <177516182655.1584.8215144238432660415@c2c2e0ac4d9f> # Security update for LibVNCServer Announcement ID: SUSE-SU-2026:1174-1 Release Date: 2026-04-02T12:43:28Z Rating: important References: * bsc#1260429 * bsc#1260431 Cross-References: * CVE-2026-32853 * CVE-2026-32854 CVSS scores: * CVE-2026-32853 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32853 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-32853 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32853 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-32854 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32854 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32854 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for LibVNCServer fixes the following issues: * CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service (bsc#1260431). * CVE-2026-32854: crafted HTTP requests can cause a denial of service (bsc#1260429). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1174=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1174=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * LibVNCServer-devel-0.9.9-17.44.1 * libvncserver0-0.9.9-17.44.1 * LibVNCServer-debugsource-0.9.9-17.44.1 * libvncserver0-debuginfo-0.9.9-17.44.1 * libvncclient0-0.9.9-17.44.1 * libvncclient0-debuginfo-0.9.9-17.44.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * LibVNCServer-devel-0.9.9-17.44.1 * libvncserver0-0.9.9-17.44.1 * LibVNCServer-debugsource-0.9.9-17.44.1 * libvncserver0-debuginfo-0.9.9-17.44.1 * libvncclient0-0.9.9-17.44.1 * libvncclient0-debuginfo-0.9.9-17.44.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32853.html * https://www.suse.com/security/cve/CVE-2026-32854.html * https://bugzilla.suse.com/show_bug.cgi?id=1260429 * https://bugzilla.suse.com/show_bug.cgi?id=1260431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 02 Apr 2026 20:30:31 -0000 Subject: SUSE-SU-2026:1173-1: important: Security update for LibVNCServer Message-ID: <177516183119.1584.7451042764468592140@c2c2e0ac4d9f> # Security update for LibVNCServer Announcement ID: SUSE-SU-2026:1173-1 Release Date: 2026-04-02T12:43:17Z Rating: important References: * bsc#1260429 * bsc#1260431 Cross-References: * CVE-2026-32853 * CVE-2026-32854 CVSS scores: * CVE-2026-32853 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32853 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-32853 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32853 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-32854 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32854 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32854 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for LibVNCServer fixes the following issues: * CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service (bsc#1260431). * CVE-2026-32854: crafted HTTP requests can cause a denial of service (bsc#1260429). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1173=1 openSUSE-SLE-15.6-2026-1173=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1173=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1173=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * LibVNCServer-devel-0.9.14-150600.3.6.1 * LibVNCServer-debugsource-0.9.14-150600.3.6.1 * libvncclient1-debuginfo-0.9.14-150600.3.6.1 * libvncserver1-debuginfo-0.9.14-150600.3.6.1 * libvncclient1-0.9.14-150600.3.6.1 * libvncserver1-0.9.14-150600.3.6.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * LibVNCServer-devel-0.9.14-150600.3.6.1 * LibVNCServer-debugsource-0.9.14-150600.3.6.1 * libvncclient1-debuginfo-0.9.14-150600.3.6.1 * libvncserver1-debuginfo-0.9.14-150600.3.6.1 * libvncclient1-0.9.14-150600.3.6.1 * libvncserver1-0.9.14-150600.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * LibVNCServer-debugsource-0.9.14-150600.3.6.1 * libvncclient1-debuginfo-0.9.14-150600.3.6.1 * libvncserver1-debuginfo-0.9.14-150600.3.6.1 * libvncclient1-0.9.14-150600.3.6.1 * libvncserver1-0.9.14-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32853.html * https://www.suse.com/security/cve/CVE-2026-32854.html * https://bugzilla.suse.com/show_bug.cgi?id=1260429 * https://bugzilla.suse.com/show_bug.cgi?id=1260431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 06 Apr 2026 08:30:17 -0000 Subject: SUSE-SU-2026:1188-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546421720.9814.3999978419164651506@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1188-1 Release Date: 2026-04-05T10:34:17Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1188=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_3-rt-13-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-13-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-13-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 06 Apr 2026 08:30:25 -0000 Subject: SUSE-SU-2026:1187-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546422599.9814.3649984856779343913@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1187-1 Release Date: 2026-04-05T10:04:24Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 * bsc#1259896 * bsc#1259962 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.31 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). The following non security issue was fixed: * Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1187=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_9-debugsource-2-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-2-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-debuginfo-2-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 * https://bugzilla.suse.com/show_bug.cgi?id=1259896 * https://bugzilla.suse.com/show_bug.cgi?id=1259962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 06 Apr 2026 08:30:34 -0000 Subject: SUSE-SU-2026:1189-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546423448.9814.12247687122062445483@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1189-1 Release Date: 2026-04-05T10:34:20Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.25 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1189=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1186=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_28-rt-debuginfo-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_28-rt-3-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-3-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_8-debugsource-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 06 Apr 2026 08:30:46 -0000 Subject: SUSE-SU-2026:1185-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546424630.9814.8078946908191341671@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1185-1 Release Date: 2026-04-03T16:41:59Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.5 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1185=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1184=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1183=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1182=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1181=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_19-rt-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-5-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-12-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-13-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-8-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-13-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-13-150700.3.1 * kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-8-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-12-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-8-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-12-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-8-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-8-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-8-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:55 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 06 Apr 2026 08:30:55 -0000 Subject: SUSE-SU-2026:1180-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546425574.9814.6748795166838695374@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1180-1 Release Date: 2026-04-03T16:41:43Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.22 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1180=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-4-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-4-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-4-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 16:30:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 06 Apr 2026 16:30:06 -0000 Subject: SUSE-SU-2026:1191-1: moderate: Security update for avahi Message-ID: <177549300675.10646.1203485193745141145@f480087f4571> # Security update for avahi Announcement ID: SUSE-SU-2026:1191-1 Release Date: 2026-04-06T10:54:02Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issue: * CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1191=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1191=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libavahi-client3-debuginfo-0.7-150100.3.49.1 * libavahi-common3-debuginfo-0.7-150100.3.49.1 * libavahi-core7-debuginfo-0.7-150100.3.49.1 * libavahi-core7-0.7-150100.3.49.1 * avahi-debugsource-0.7-150100.3.49.1 * libavahi-common3-0.7-150100.3.49.1 * avahi-debuginfo-0.7-150100.3.49.1 * avahi-0.7-150100.3.49.1 * libavahi-client3-0.7-150100.3.49.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libavahi-client3-debuginfo-0.7-150100.3.49.1 * libavahi-common3-debuginfo-0.7-150100.3.49.1 * libavahi-core7-debuginfo-0.7-150100.3.49.1 * libavahi-core7-0.7-150100.3.49.1 * avahi-debugsource-0.7-150100.3.49.1 * libavahi-common3-0.7-150100.3.49.1 * avahi-debuginfo-0.7-150100.3.49.1 * avahi-0.7-150100.3.49.1 * libavahi-client3-0.7-150100.3.49.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 12:30:08 -0000 Subject: SUSE-SU-2026:20960-1: important: Security update for python-pyOpenSSL Message-ID: <177556500800.15499.4277464203710205433@7334c935c7bb> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:20960-1 Release Date: 2026-04-01T10:05:29Z Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27459 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). * CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-649=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * python311-pyOpenSSL-24.0.0-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 * https://bugzilla.suse.com/show_bug.cgi?id=1259808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 12:30:14 -0000 Subject: SUSE-SU-2026:20959-1: important: Security update for tar Message-ID: <177556501463.15499.13333255383042242191@7334c935c7bb> # Security update for tar Announcement ID: SUSE-SU-2026:20959-1 Release Date: 2026-04-01T10:02:31Z Rating: important References: * bsc#1246399 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for tar fixes the following issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-650=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * tar-debuginfo-1.35-3.1 * tar-debugsource-1.35-3.1 * tar-1.35-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 12:30:27 -0000 Subject: SUSE-SU-2026:20956-1: important: Security update for python311 Message-ID: <177556502700.15499.8646610454780440376@7334c935c7bb> # Security update for python311 Announcement ID: SUSE-SU-2026:20956-1 Release Date: 2026-03-31T09:41:48Z Rating: important References: * bsc#1257181 * bsc#1259240 Cross-References: * CVE-2026-1299 * CVE-2026-2297 CVSS scores: * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2026-1299: header injection when an email is serialized due to improper newline quoting (bsc#1257181). * CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader (bsc#1259240). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-647=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * python311-debugsource-3.11.15-2.1 * python311-base-3.11.15-2.1 * libpython3_11-1_0-3.11.15-2.1 * python311-3.11.15-2.1 * python311-base-debuginfo-3.11.15-2.1 * python311-curses-debuginfo-3.11.15-2.1 * libpython3_11-1_0-debuginfo-3.11.15-2.1 * python311-debuginfo-3.11.15-2.1 * python311-curses-3.11.15-2.1 * python311-core-debugsource-3.11.15-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 12:30:30 -0000 Subject: SUSE-SU-2026:20955-1: important: Security update for tar Message-ID: <177556503037.15499.8865160491949873102@7334c935c7bb> # Security update for tar Announcement ID: SUSE-SU-2026:20955-1 Release Date: 2026-04-01T09:39:38Z Rating: important References: * bsc#1246399 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for tar fixes the following issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-468=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * tar-1.35-slfo.1.1_3.1 * tar-debugsource-1.35-slfo.1.1_3.1 * tar-debuginfo-1.35-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 12:30:35 -0000 Subject: SUSE-SU-2026:20954-1: important: Security update for python-pyOpenSSL Message-ID: <177556503544.15499.17393241558881502284@7334c935c7bb> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:20954-1 Release Date: 2026-04-01T09:35:17Z Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27459 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). * CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-467=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * python311-pyOpenSSL-24.0.0-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 * https://bugzilla.suse.com/show_bug.cgi?id=1259808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 12:30:48 -0000 Subject: SUSE-SU-2026:20951-1: important: Security update for python311 Message-ID: <177556504826.15499.12396131343576782595@7334c935c7bb> # Security update for python311 Announcement ID: SUSE-SU-2026:20951-1 Release Date: 2026-03-31T09:07:06Z Rating: important References: * bsc#1257181 * bsc#1259240 Cross-References: * CVE-2026-1299 * CVE-2026-2297 CVSS scores: * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2026-1299: header injection when an email is serialized due to improper newline quoting (bsc#1257181). * CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader (bsc#1259240). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-465=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * python311-3.11.15-slfo.1.1_2.1 * python311-curses-3.11.15-slfo.1.1_2.1 * libpython3_11-1_0-3.11.15-slfo.1.1_2.1 * python311-base-3.11.15-slfo.1.1_2.1 * python311-debuginfo-3.11.15-slfo.1.1_2.1 * libpython3_11-1_0-debuginfo-3.11.15-slfo.1.1_2.1 * python311-base-debuginfo-3.11.15-slfo.1.1_2.1 * python311-curses-debuginfo-3.11.15-slfo.1.1_2.1 * python311-debugsource-3.11.15-slfo.1.1_2.1 * python311-core-debugsource-3.11.15-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 12:30:52 -0000 Subject: SUSE-SU-2026:20950-1: important: Security update for cockpit Message-ID: <177556505271.15499.18312855754494688986@7334c935c7bb> # Security update for cockpit Announcement ID: SUSE-SU-2026:20950-1 Release Date: 2026-03-27T09:53:17Z Rating: important References: * bsc#1258641 * bsc#1259845 Cross-References: * CVE-2026-26996 * CVE-2026-27135 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27135 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Security update for cockpit ### Description: This update for cockpit fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Security update for nghttp2 ### Description: This update for nghttp2 fixes the following issue: * CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-464=1 * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-645=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.52.0-slfo.1.1_2.1 * libnghttp2-14-debuginfo-1.52.0-slfo.1.1_2.1 * nghttp2-debugsource-1.52.0-slfo.1.1_2.1 * SUSE Linux Micro 6.0 (aarch64 x86_64) * cockpit-debuginfo-309-9.1 * cockpit-ws-309-9.1 * cockpit-bridge-debuginfo-309-9.1 * cockpit-bridge-309-9.1 * cockpit-ws-debuginfo-309-9.1 * cockpit-309-9.1 * cockpit-debugsource-309-9.1 * SUSE Linux Micro 6.0 (noarch) * cockpit-storaged-309-9.1 * cockpit-selinux-309-9.2 * cockpit-networkmanager-309-9.2 * cockpit-system-309-9.1 * cockpit-networkmanager-309-9.1 * cockpit-storaged-309-9.2 * cockpit-system-309-9.2 * cockpit-selinux-309-9.1 * SUSE Linux Micro 6.0 (s390x) * cockpit-bridge-309-9.2 * cockpit-ws-debuginfo-309-9.2 * cockpit-bridge-debuginfo-309-9.2 * cockpit-debugsource-309-9.2 * cockpit-debuginfo-309-9.2 * cockpit-ws-309-9.2 * cockpit-309-9.2 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://www.suse.com/security/cve/CVE-2026-27135.html * https://bugzilla.suse.com/show_bug.cgi?id=1258641 * https://bugzilla.suse.com/show_bug.cgi?id=1259845 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 16:30:05 -0000 Subject: SUSE-SU-2026:1200-1: important: Security update for ignition Message-ID: <177557940589.13565.3114705195186927865@c2c2e0ac4d9f> # Security update for ignition Announcement ID: SUSE-SU-2026:1200-1 Release Date: 2026-04-07T11:50:20Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260251) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1200=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * ignition-debuginfo-2.17.0-150500.3.15.1 * ignition-2.17.0-150500.3.15.1 * ignition-dracut-grub2-2.17.0-150500.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 16:30:10 -0000 Subject: SUSE-SU-2026:1199-1: important: Security update for python-PyJWT Message-ID: <177557941033.13565.10643957373597830277@c2c2e0ac4d9f> # Security update for python-PyJWT Announcement ID: SUSE-SU-2026:1199-1 Release Date: 2026-04-07T10:25:37Z Rating: important References: * bsc#1259616 Cross-References: * CVE-2026-32597 CVSS scores: * CVE-2026-32597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyJWT fixes the following issues: * CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1199=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-PyJWT-1.5.3-3.19.1 * python-PyJWT-1.5.3-3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32597.html * https://bugzilla.suse.com/show_bug.cgi?id=1259616 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 16:30:13 -0000 Subject: SUSE-SU-2026:1198-1: important: Security update for ignition Message-ID: <177557941341.13565.10923322071505040385@c2c2e0ac4d9f> # Security update for ignition Announcement ID: SUSE-SU-2026:1198-1 Release Date: 2026-04-07T10:25:22Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260251) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1198=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1198=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * ignition-2.14.0-150300.6.19.1 * ignition-dracut-grub2-2.14.0-150300.6.19.1 * ignition-debuginfo-2.14.0-150300.6.19.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * ignition-2.14.0-150300.6.19.1 * ignition-dracut-grub2-2.14.0-150300.6.19.1 * ignition-debuginfo-2.14.0-150300.6.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 16:30:17 -0000 Subject: SUSE-SU-2026:1197-1: important: Security update for ignition Message-ID: <177557941756.13565.6429529688727459295@c2c2e0ac4d9f> # Security update for ignition Announcement ID: SUSE-SU-2026:1197-1 Release Date: 2026-04-07T10:25:02Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260251) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1197=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1197=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * ignition-debuginfo-2.14.0-150400.4.15.1 * ignition-dracut-grub2-2.14.0-150400.4.15.1 * ignition-2.14.0-150400.4.15.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * ignition-debuginfo-2.14.0-150400.4.15.1 * ignition-dracut-grub2-2.14.0-150400.4.15.1 * ignition-2.14.0-150400.4.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 16:30:22 -0000 Subject: SUSE-SU-2026:1195-1: important: Security update for google-cloud-sap-agent Message-ID: <177557942230.13565.9858495245429696348@c2c2e0ac4d9f> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2026:1195-1 Release Date: 2026-04-07T09:25:22Z Rating: important References: * bsc#1259816 * bsc#1260265 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 (bsc#1259816): * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260265). Changelog: * Collect WLM metric `saphanasr_angi_installed` for all OS types. * Failure handling: Remove attached disks from CG * OTE Status checks for Parameter Manager (SAP Agent) * Log command-line arguments in configureinstance. * Minor multiple reliability checks and fixes * Support custom names for restored disks in hanadiskrestore * Add newAttachedDisks to Restorer and detach them on restore failure. * Improve unit test coverage for hanadiskbackup and hanadiskrestore * Add support for refresh point tests. * Refactor HANA disk backup user validation and physical path parsing. * Auto updated compiled protocol buffers * Parameter Manager integration to SAP Agent * Modify collection logic for SAP HANA configuration files. * Update workloadagentplatform version and hash. * Update WLM Validation metrics to support SAPHanaSR-angi setups. * Increment agent version to 3.12. * SAP HANA Pacemaker failover settings can come from `SAPHanaController`. * Update collection for WLM metric `ha_sr_hook_configured`. * Refactor CheckTopology to accept instance number. * Use constant backoff with max retries for snapshot group operations. * Update workloadagentplatform dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1195=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-6.60.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1259816 * https://bugzilla.suse.com/show_bug.cgi?id=1260265 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 16:30:26 -0000 Subject: SUSE-SU-2026:1194-1: important: Security update for google-cloud-sap-agent Message-ID: <177557942678.13565.6571608316902778556@c2c2e0ac4d9f> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2026:1194-1 Release Date: 2026-04-07T09:25:15Z Rating: important References: * bsc#1259816 * bsc#1260265 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 (bsc#1259816): * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260265). Changelog: * Collect WLM metric `saphanasr_angi_installed` for all OS types. * Failure handling: Remove attached disks from CG * OTE Status checks for Parameter Manager (SAP Agent) * Log command-line arguments in configureinstance. * Minor multiple reliability checks and fixes * Support custom names for restored disks in hanadiskrestore * Add newAttachedDisks to Restorer and detach them on restore failure. * Improve unit test coverage for hanadiskbackup and hanadiskrestore * Add support for refresh point tests. * Refactor HANA disk backup user validation and physical path parsing. * Auto updated compiled protocol buffers * Parameter Manager integration to SAP Agent * Modify collection logic for SAP HANA configuration files. * Update workloadagentplatform version and hash. * Update WLM Validation metrics to support SAPHanaSR-angi setups. * Increment agent version to 3.12. * SAP HANA Pacemaker failover settings can come from `SAPHanaController`. * Update collection for WLM metric `ha_sr_hook_configured`. * Refactor CheckTopology to accept instance number. * Use constant backoff with max retries for snapshot group operations. * Update workloadagentplatform dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1194=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1194=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1194=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-1194=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1194=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 * Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 * Public Cloud Module 15-SP7 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1259816 * https://bugzilla.suse.com/show_bug.cgi?id=1260265 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 16:30:33 -0000 Subject: SUSE-SU-2026:1193-1: important: Security update for gimp Message-ID: <177557943321.13565.15316133833976765595@c2c2e0ac4d9f> # Security update for gimp Announcement ID: SUSE-SU-2026:1193-1 Release Date: 2026-04-07T08:40:22Z Rating: important References: * bsc#1259979 * bsc#1259984 * bsc#1259986 Cross-References: * CVE-2026-4150 * CVE-2026-4153 * CVE-2026-4154 CVSS scores: * CVE-2026-4150 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4150 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4153 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4153 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4154 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4154 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2026-4150: PSD File Parsing Integer Overflow Remote Code Execution Vulnerability (bsc#1259979). * CVE-2026-4153: PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (bsc#1259984). * CVE-2026-4154: XPM File Parsing Integer Overflow Remote Code Execution Vulnerability (bsc#1259986). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1193=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1193=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1193=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1193=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-devel-debuginfo-2.10.30-150400.3.50.1 * gimp-2.10.30-150400.3.50.1 * gimp-devel-2.10.30-150400.3.50.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-2.10.30-150400.3.50.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-2.10.30-150400.3.50.1 * gimp-debugsource-2.10.30-150400.3.50.1 * libgimpui-2_0-0-2.10.30-150400.3.50.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.50.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.50.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gimp-devel-debuginfo-2.10.30-150400.3.50.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-2.10.30-150400.3.50.1 * gimp-devel-2.10.30-150400.3.50.1 * gimp-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-2.10.30-150400.3.50.1 * gimp-debugsource-2.10.30-150400.3.50.1 * libgimpui-2_0-0-2.10.30-150400.3.50.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.50.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.50.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gimp-devel-debuginfo-2.10.30-150400.3.50.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-2.10.30-150400.3.50.1 * gimp-devel-2.10.30-150400.3.50.1 * gimp-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-2.10.30-150400.3.50.1 * gimp-debugsource-2.10.30-150400.3.50.1 * libgimpui-2_0-0-2.10.30-150400.3.50.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-2.10.30-150400.3.50.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.50.1 * openSUSE Leap 15.4 (x86_64) * libgimpui-2_0-0-32bit-2.10.30-150400.3.50.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.50.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-2.10.30-150400.3.50.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.50.1 * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.50.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.50.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gimp-devel-debuginfo-2.10.30-150400.3.50.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-2.10.30-150400.3.50.1 * gimp-devel-2.10.30-150400.3.50.1 * gimp-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-2.10.30-150400.3.50.1 * gimp-debugsource-2.10.30-150400.3.50.1 * libgimpui-2_0-0-2.10.30-150400.3.50.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-2.10.30-150400.3.50.1 * openSUSE Leap 15.6 (noarch) * gimp-lang-2.10.30-150400.3.50.1 * openSUSE Leap 15.6 (x86_64) * libgimpui-2_0-0-32bit-2.10.30-150400.3.50.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.50.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4150.html * https://www.suse.com/security/cve/CVE-2026-4153.html * https://www.suse.com/security/cve/CVE-2026-4154.html * https://bugzilla.suse.com/show_bug.cgi?id=1259979 * https://bugzilla.suse.com/show_bug.cgi?id=1259984 * https://bugzilla.suse.com/show_bug.cgi?id=1259986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 16:30:38 -0000 Subject: SUSE-SU-2026:1192-1: important: Security update for python-pyOpenSSL Message-ID: <177557943871.13565.10298599016343069648@c2c2e0ac4d9f> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:1192-1 Release Date: 2026-04-07T08:40:00Z Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27459 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). * CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1192=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1192=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1192=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1192=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1192=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1192=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1192=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1192=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1192=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1192=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1192=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * openSUSE Leap 15.4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * openSUSE Leap 15.6 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * Public Cloud Module 15-SP4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * Python 3 Module 15-SP7 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 * https://bugzilla.suse.com/show_bug.cgi?id=1259808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:30:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 20:30:14 -0000 Subject: SUSE-SU-2026:1206-1: important: Security update for python Message-ID: <177559381408.13998.192215476040911218@c2c2e0ac4d9f> # Security update for python Announcement ID: SUSE-SU-2026:1206-1 Release Date: 2026-04-07T14:19:01Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for python fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1206=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1206=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python-base-debugsource-2.7.18-150000.111.1 * python-curses-2.7.18-150000.111.1 * python-tk-2.7.18-150000.111.1 * python-debugsource-2.7.18-150000.111.1 * python-devel-2.7.18-150000.111.1 * python-tk-debuginfo-2.7.18-150000.111.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.111.1 * python-debuginfo-2.7.18-150000.111.1 * python-gdbm-debuginfo-2.7.18-150000.111.1 * python-xml-debuginfo-2.7.18-150000.111.1 * python-base-debuginfo-2.7.18-150000.111.1 * python-base-2.7.18-150000.111.1 * python-curses-debuginfo-2.7.18-150000.111.1 * python-2.7.18-150000.111.1 * python-demo-2.7.18-150000.111.1 * libpython2_7-1_0-2.7.18-150000.111.1 * python-gdbm-2.7.18-150000.111.1 * python-idle-2.7.18-150000.111.1 * python-xml-2.7.18-150000.111.1 * openSUSE Leap 15.6 (x86_64) * python-32bit-debuginfo-2.7.18-150000.111.1 * python-32bit-2.7.18-150000.111.1 * libpython2_7-1_0-32bit-2.7.18-150000.111.1 * python-base-32bit-2.7.18-150000.111.1 * python-base-32bit-debuginfo-2.7.18-150000.111.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.111.1 * openSUSE Leap 15.6 (noarch) * python-doc-pdf-2.7.18-150000.111.1 * python-doc-2.7.18-150000.111.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python-base-debugsource-2.7.18-150000.111.1 * python-curses-2.7.18-150000.111.1 * python-debugsource-2.7.18-150000.111.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.111.1 * python-debuginfo-2.7.18-150000.111.1 * python-gdbm-debuginfo-2.7.18-150000.111.1 * python-xml-debuginfo-2.7.18-150000.111.1 * python-base-debuginfo-2.7.18-150000.111.1 * python-base-2.7.18-150000.111.1 * python-curses-debuginfo-2.7.18-150000.111.1 * python-2.7.18-150000.111.1 * python-gdbm-2.7.18-150000.111.1 * libpython2_7-1_0-2.7.18-150000.111.1 * python-xml-2.7.18-150000.111.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 20:30:16 -0000 Subject: SUSE-SU-2026:1205-1: important: Security update for govulncheck-vulndb Message-ID: <177559381611.13998.18000136594818297126@c2c2e0ac4d9f> # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2026:1205-1 Release Date: 2026-04-07T14:18:21Z Rating: important References: * jsc#PED-11136 Cross-References: * CVE-2026-26060 * CVE-2026-26061 * CVE-2026-26233 * CVE-2026-27018 * CVE-2026-29180 * CVE-2026-32241 * CVE-2026-32286 * CVE-2026-32695 * CVE-2026-33026 * CVE-2026-33027 * CVE-2026-33028 * CVE-2026-33029 * CVE-2026-33030 * CVE-2026-33032 * CVE-2026-33186 * CVE-2026-33433 * CVE-2026-33487 * CVE-2026-33634 * CVE-2026-33747 * CVE-2026-33748 * CVE-2026-33903 * CVE-2026-33904 * CVE-2026-33906 * CVE-2026-33907 * CVE-2026-33990 * CVE-2026-33997 * CVE-2026-34040 * CVE-2026-34041 * CVE-2026-34042 * CVE-2026-34204 * CVE-2026-34385 * CVE-2026-34386 * CVE-2026-34388 * CVE-2026-34389 CVSS scores: * CVE-2026-26060 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26060 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-26061 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26061 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26233 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26233 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27018 ( NVD ): 7.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-29180 ( NVD ): 4.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-29180 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32241 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32286 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32286 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32286 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32695 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32695 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-33026 ( NVD ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33026 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33027 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33027 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33028 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33028 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33029 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33029 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33029 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33030 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33030 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33032 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33433 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-33433 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2026-33433 ( NVD ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33433 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33634 ( SUSE ): 9.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-33634 ( SUSE ): 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33634 ( NVD ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33634 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33747 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33748 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-33748 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-33748 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33903 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33904 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33906 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33907 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33990 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33990 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33997 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-33997 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-34040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34040 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-34041 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34041 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34042 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N * CVE-2026-34204 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34204 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-34385 ( NVD ): 6.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34386 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34386 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34388 ( NVD ): 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34389 ( NVD ): 4.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34389 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.6 An update that solves 34 vulnerabilities and contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20260402T184258 2026-04-02T18:42:58Z (jsc#PED-11136). Go CVE Numbering Authority IDs added or updated with aliases: * GO-2026-4518 CVE-2026-32286 GHSA-jqcq-xjh3-6g23 * GO-2026-4753 CVE-2026-33487 GHSA-479m-364c-43vc * GO-2026-4760 GHSA-hwqm-qvj9-4jr2 * GO-2026-4762 CVE-2026-33186 GHSA-p77j-4mvh-x3m3 * GO-2026-4764 GHSA-pcgw-qcv5-h8ch * GO-2026-4858 CVE-2026-33747 GHSA-4c29-8rgm-jvjj * GO-2026-4859 CVE-2026-33748 GHSA-4vrq-3vrq-g6gg * GO-2026-4863 GHSA-g9ww-x58f-9g6m * GO-2026-4872 CVE-2026-33907 GHSA-55q8-2gwx-29pc * GO-2026-4873 CVE-2026-33906 GHSA-87j9-m7x6-hvw2 * GO-2026-4874 CVE-2026-33904 GHSA-9h59-p45g-445h * GO-2026-4875 CVE-2026-33903 GHSA-f2f3-9cx3-wcmf * GO-2026-4876 GHSA-prh4-vhfh-24mj * GO-2026-4880 CVE-2026-32695 GHSA-67jx-r9pv-98rj * GO-2026-4883 CVE-2026-33997 GHSA-pxq6-2prw-chj9 * GO-2026-4887 CVE-2026-34040 GHSA-x744-4wpc-v9h2 * GO-2026-4888 CVE-2026-26060 GHSA-3458-r943-hmx4 * GO-2026-4889 CVE-2026-26061 GHSA-99hj-44vg-hfcp * GO-2026-4890 CVE-2026-34042 GHSA-x34h-54cw-9825 * GO-2026-4891 CVE-2026-34041 GHSA-xmgr-9pqc-h5vw * GO-2026-4892 CVE-2026-29180 GHSA-m2h6-4xpq-qw3m * GO-2026-4893 CVE-2026-33433 GHSA-qr99-7898-vr7c * GO-2026-4894 CVE-2026-32241 GHSA-vchx-5pr6-ffx2 * GO-2026-4896 CVE-2026-34204 GHSA-3rh2-v3gr-35p9 * GO-2026-4897 GHSA-46wh-3698-f2cx * GO-2026-4899 GHSA-c279-989m-238f * GO-2026-4901 CVE-2026-33030 GHSA-5hf2-vhj6-gj9m * GO-2026-4902 CVE-2026-33029 GHSA-cp8r-8jvw-v3qg * GO-2026-4903 CVE-2026-33026 GHSA-fhh2-gg7w-gwpq * GO-2026-4904 CVE-2026-33032 GHSA-h6c2-x2m2-mwhf * GO-2026-4905 CVE-2026-27018 GHSA-jjwv-57xh-xr6r * GO-2026-4906 CVE-2026-33028 GHSA-m468-xcm6-fxg4 * GO-2026-4907 CVE-2026-33027 GHSA-m8p8-53vf-8357 * GO-2026-4911 CVE-2026-33990 GHSA-x2f5-332j-9xwq * GO-2026-4912 CVE-2026-34389 GHSA-4f9r-x588-pp2h * GO-2026-4913 CVE-2026-34386 GHSA-9p23-p2m4-2r4m * GO-2026-4914 CVE-2026-34385 GHSA-v895-833r-8c45 * GO-2026-4915 CVE-2026-34388 GHSA-w254-4hp5-7cvv * GO-2026-4916 CVE-2026-26233 GHSA-247x-7qw8-fp98 * GO-2026-4919 CVE-2026-33634 GHSA-69fq-xp46-6x23 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1205=1 ## Package List: * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20260402T184258-150000.1.158.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26060.html * https://www.suse.com/security/cve/CVE-2026-26061.html * https://www.suse.com/security/cve/CVE-2026-26233.html * https://www.suse.com/security/cve/CVE-2026-27018.html * https://www.suse.com/security/cve/CVE-2026-29180.html * https://www.suse.com/security/cve/CVE-2026-32241.html * https://www.suse.com/security/cve/CVE-2026-32286.html * https://www.suse.com/security/cve/CVE-2026-32695.html * https://www.suse.com/security/cve/CVE-2026-33026.html * https://www.suse.com/security/cve/CVE-2026-33027.html * https://www.suse.com/security/cve/CVE-2026-33028.html * https://www.suse.com/security/cve/CVE-2026-33029.html * https://www.suse.com/security/cve/CVE-2026-33030.html * https://www.suse.com/security/cve/CVE-2026-33032.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://www.suse.com/security/cve/CVE-2026-33433.html * https://www.suse.com/security/cve/CVE-2026-33487.html * https://www.suse.com/security/cve/CVE-2026-33634.html * https://www.suse.com/security/cve/CVE-2026-33747.html * https://www.suse.com/security/cve/CVE-2026-33748.html * https://www.suse.com/security/cve/CVE-2026-33903.html * https://www.suse.com/security/cve/CVE-2026-33904.html * https://www.suse.com/security/cve/CVE-2026-33906.html * https://www.suse.com/security/cve/CVE-2026-33907.html * https://www.suse.com/security/cve/CVE-2026-33990.html * https://www.suse.com/security/cve/CVE-2026-33997.html * https://www.suse.com/security/cve/CVE-2026-34040.html * https://www.suse.com/security/cve/CVE-2026-34041.html * https://www.suse.com/security/cve/CVE-2026-34042.html * https://www.suse.com/security/cve/CVE-2026-34204.html * https://www.suse.com/security/cve/CVE-2026-34385.html * https://www.suse.com/security/cve/CVE-2026-34386.html * https://www.suse.com/security/cve/CVE-2026-34388.html * https://www.suse.com/security/cve/CVE-2026-34389.html * https://jira.suse.com/browse/PED-11136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:30:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 20:30:52 -0000 Subject: SUSE-SU-2026:1203-1: important: Security update for ImageMagick Message-ID: <177559385263.13998.1475605946676300010@c2c2e0ac4d9f> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1203-1 Release Date: 2026-04-07T12:25:00Z Rating: important References: * bsc#1259446 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259464 * bsc#1259466 * bsc#1259467 * bsc#1259468 * bsc#1259497 * bsc#1259528 * bsc#1259612 * bsc#1259872 * bsc#1260874 * bsc#1260879 Cross-References: * CVE-2026-28493 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30929 * CVE-2026-30935 * CVE-2026-30936 * CVE-2026-30937 * CVE-2026-31853 * CVE-2026-32259 * CVE-2026-32636 * CVE-2026-33535 * CVE-2026-33536 CVSS scores: * CVE-2026-28493 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28493 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28493 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30929 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30929 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30929 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-30929 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30935 ( SUSE ): 4.8 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-30935 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30935 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30936 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32259 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32259 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32636 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-32636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32636 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32636 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 20 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). * CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497). * CVE-2026-30936: Heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464). * CVE-2026-30937: Heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). * CVE-2026-32259: memory allocation fails can lead to out of bound write (bsc#1259612). * CVE-2026-32636: Denial of Service via out-of-bounds write in NewXMLTree method (bsc#1259872). * CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). * CVE-2026-33536: Denial of Service via out-of-bounds write (bsc#1260879). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1203=1 openSUSE-SLE-15.6-2026-1203=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1203=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1203=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.50.1 * perl-PerlMagick-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.50.1 * ImageMagick-devel-7.1.1.21-150600.3.50.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-extra-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.50.1 * libMagick++-devel-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.50.1 * ImageMagick-extra-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-debugsource-7.1.1.21-150600.3.50.1 * ImageMagick-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * openSUSE Leap 15.6 (x86_64) * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-devel-32bit-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.50.1 * libMagick++-devel-32bit-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.50.1 * openSUSE Leap 15.6 (noarch) * ImageMagick-doc-7.1.1.21-150600.3.50.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.50.1 * libMagick++-devel-64bit-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-devel-64bit-7.1.1.21-150600.3.50.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.50.1 * ImageMagick-devel-7.1.1.21-150600.3.50.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * perl-PerlMagick-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.50.1 * libMagick++-devel-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * ImageMagick-debugsource-7.1.1.21-150600.3.50.1 * ImageMagick-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.50.1 * ImageMagick-devel-7.1.1.21-150600.3.50.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * perl-PerlMagick-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.50.1 * libMagick++-devel-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * ImageMagick-debugsource-7.1.1.21-150600.3.50.1 * ImageMagick-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.50.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28493.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30929.html * https://www.suse.com/security/cve/CVE-2026-30935.html * https://www.suse.com/security/cve/CVE-2026-30936.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://www.suse.com/security/cve/CVE-2026-32259.html * https://www.suse.com/security/cve/CVE-2026-32636.html * https://www.suse.com/security/cve/CVE-2026-33535.html * https://www.suse.com/security/cve/CVE-2026-33536.html * https://bugzilla.suse.com/show_bug.cgi?id=1259446 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259464 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259468 * https://bugzilla.suse.com/show_bug.cgi?id=1259497 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 * https://bugzilla.suse.com/show_bug.cgi?id=1259612 * https://bugzilla.suse.com/show_bug.cgi?id=1259872 * https://bugzilla.suse.com/show_bug.cgi?id=1260874 * https://bugzilla.suse.com/show_bug.cgi?id=1260879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:31:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 20:31:26 -0000 Subject: SUSE-SU-2026:1202-1: important: Security update for ImageMagick Message-ID: <177559388645.13998.5987995250039055363@c2c2e0ac4d9f> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1202-1 Release Date: 2026-04-07T12:24:46Z Rating: important References: * bsc#1258790 * bsc#1259446 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259464 * bsc#1259466 * bsc#1259467 * bsc#1259468 * bsc#1259469 * bsc#1259497 * bsc#1259528 * bsc#1259612 * bsc#1259872 * bsc#1260874 * bsc#1260879 Cross-References: * CVE-2026-24484 * CVE-2026-25971 * CVE-2026-28493 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30929 * CVE-2026-30931 * CVE-2026-30935 * CVE-2026-30936 * CVE-2026-30937 * CVE-2026-31853 * CVE-2026-32259 * CVE-2026-32636 * CVE-2026-33535 * CVE-2026-33536 CVSS scores: * CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25971 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25971 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25971 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25971 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28493 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28493 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28493 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30929 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30929 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30929 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30929 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-30931 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30931 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30931 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30935 ( SUSE ): 4.8 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-30935 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30935 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30936 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32259 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32259 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32636 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-32636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32636 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32636 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 23 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). * CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469). * CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497). * CVE-2026-30936: Heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464). * CVE-2026-30937: Heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). * CVE-2026-32259: memory allocation fails can lead to out of bound write (bsc#1259612). * CVE-2026-32636: Denial of Service via out-of-bounds write in NewXMLTree method (bsc#1259872). * CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). * CVE-2026-33536: Denial of Service via out-of-bounds write (bsc#1260879). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1202=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1202=1 ## Package List: * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.42.1 * ImageMagick-config-7-upstream-websafe-7.1.1.43-150700.3.42.1 * libMagick++-devel-7.1.1.43-150700.3.42.1 * ImageMagick-config-7-upstream-secure-7.1.1.43-150700.3.42.1 * libMagickCore-7_Q16HDRI10-7.1.1.43-150700.3.42.1 * ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.42.1 * ImageMagick-devel-7.1.1.43-150700.3.42.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.42.1 * ImageMagick-config-7-SUSE-7.1.1.43-150700.3.42.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.43-150700.3.42.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.42.1 * libMagickWand-7_Q16HDRI10-7.1.1.43-150700.3.42.1 * libMagick++-7_Q16HDRI5-7.1.1.43-150700.3.42.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.42.1 * ImageMagick-debugsource-7.1.1.43-150700.3.42.1 * ImageMagick-7.1.1.43-150700.3.42.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.1.43-150700.3.42.1 * ImageMagick-debugsource-7.1.1.43-150700.3.42.1 * perl-PerlMagick-debuginfo-7.1.1.43-150700.3.42.1 * perl-PerlMagick-7.1.1.43-150700.3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24484.html * https://www.suse.com/security/cve/CVE-2026-25971.html * https://www.suse.com/security/cve/CVE-2026-28493.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30929.html * https://www.suse.com/security/cve/CVE-2026-30931.html * https://www.suse.com/security/cve/CVE-2026-30935.html * https://www.suse.com/security/cve/CVE-2026-30936.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://www.suse.com/security/cve/CVE-2026-32259.html * https://www.suse.com/security/cve/CVE-2026-32636.html * https://www.suse.com/security/cve/CVE-2026-33535.html * https://www.suse.com/security/cve/CVE-2026-33536.html * https://bugzilla.suse.com/show_bug.cgi?id=1258790 * https://bugzilla.suse.com/show_bug.cgi?id=1259446 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259464 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259468 * https://bugzilla.suse.com/show_bug.cgi?id=1259469 * https://bugzilla.suse.com/show_bug.cgi?id=1259497 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 * https://bugzilla.suse.com/show_bug.cgi?id=1259612 * https://bugzilla.suse.com/show_bug.cgi?id=1259872 * https://bugzilla.suse.com/show_bug.cgi?id=1260874 * https://bugzilla.suse.com/show_bug.cgi?id=1260879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:31:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 07 Apr 2026 20:31:51 -0000 Subject: SUSE-SU-2026:1201-1: important: Security update for ImageMagick Message-ID: <177559391121.13998.2174541748034678955@c2c2e0ac4d9f> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1201-1 Release Date: 2026-04-07T12:24:27Z Rating: important References: * bsc#1258790 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259466 * bsc#1259467 * bsc#1259528 * bsc#1260874 * bsc#1260879 Cross-References: * CVE-2026-24484 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30937 * CVE-2026-31853 * CVE-2026-33535 * CVE-2026-33536 CVSS scores: * CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30937: Heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). * CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). * CVE-2026-33536: Denial of Service via out-of-bounds write (bsc#1260879). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1201=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1201=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-6.8.8.1-71.236.1 * libMagick++-devel-6.8.8.1-71.236.1 * libMagickWand-6_Q16-1-6.8.8.1-71.236.1 * ImageMagick-devel-6.8.8.1-71.236.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.236.1 * ImageMagick-debuginfo-6.8.8.1-71.236.1 * libMagickCore-6_Q16-1-6.8.8.1-71.236.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.236.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.236.1 * ImageMagick-config-6-upstream-6.8.8.1-71.236.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * ImageMagick-debugsource-6.8.8.1-71.236.1 * libMagick++-devel-6.8.8.1-71.236.1 * libMagickWand-6_Q16-1-6.8.8.1-71.236.1 * ImageMagick-devel-6.8.8.1-71.236.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.236.1 * ImageMagick-debuginfo-6.8.8.1-71.236.1 * libMagickCore-6_Q16-1-6.8.8.1-71.236.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.236.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.236.1 * ImageMagick-config-6-upstream-6.8.8.1-71.236.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24484.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://www.suse.com/security/cve/CVE-2026-33535.html * https://www.suse.com/security/cve/CVE-2026-33536.html * https://bugzilla.suse.com/show_bug.cgi?id=1258790 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 * https://bugzilla.suse.com/show_bug.cgi?id=1260874 * https://bugzilla.suse.com/show_bug.cgi?id=1260879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 12:30:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 12:30:09 -0000 Subject: SUSE-SU-2026:1209-1: important: Security update for bind Message-ID: <177565140955.15968.14052445215538185299@634a8d224e68> # Security update for bind Announcement ID: SUSE-SU-2026:1209-1 Release Date: 2026-04-08T07:12:48Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-1209=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2026-1209=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * libirs1601-debuginfo-9.16.6-150000.12.88.1 * libisccfg1600-9.16.6-150000.12.88.1 * libisc1606-debuginfo-9.16.6-150000.12.88.1 * libisccfg1600-debuginfo-9.16.6-150000.12.88.1 * libns1604-9.16.6-150000.12.88.1 * bind-debuginfo-9.16.6-150000.12.88.1 * libbind9-1600-9.16.6-150000.12.88.1 * libisc1606-9.16.6-150000.12.88.1 * libns1604-debuginfo-9.16.6-150000.12.88.1 * bind-utils-debuginfo-9.16.6-150000.12.88.1 * libdns1605-debuginfo-9.16.6-150000.12.88.1 * libdns1605-9.16.6-150000.12.88.1 * libisccc1600-debuginfo-9.16.6-150000.12.88.1 * bind-utils-9.16.6-150000.12.88.1 * libbind9-1600-debuginfo-9.16.6-150000.12.88.1 * libirs1601-9.16.6-150000.12.88.1 * libisccc1600-9.16.6-150000.12.88.1 * bind-debugsource-9.16.6-150000.12.88.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.88.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * libisccfg1600-9.16.6-150000.12.88.1 * libns1604-9.16.6-150000.12.88.1 * libbind9-1600-9.16.6-150000.12.88.1 * libisc1606-9.16.6-150000.12.88.1 * libns1604-debuginfo-9.16.6-150000.12.88.1 * libdns1605-9.16.6-150000.12.88.1 * bind-utils-9.16.6-150000.12.88.1 * libirs1601-9.16.6-150000.12.88.1 * libisccc1600-9.16.6-150000.12.88.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32) * libisc1606-64bit-9.16.6-150000.12.88.1 * libisccfg1600-64bit-9.16.6-150000.12.88.1 * libbind9-1600-64bit-9.16.6-150000.12.88.1 * libdns1605-64bit-9.16.6-150000.12.88.1 * libisccc1600-64bit-9.16.6-150000.12.88.1 * libirs1601-64bit-9.16.6-150000.12.88.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.88.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 12:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 12:30:12 -0000 Subject: SUSE-SU-2026:1208-1: important: Security update for ignition Message-ID: <177565141290.15968.72684013052881144@634a8d224e68> # Security update for ignition Announcement ID: SUSE-SU-2026:1208-1 Release Date: 2026-04-08T07:12:24Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260251) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1208=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1208=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ignition-debuginfo-2.15.0-150400.4.14.1 * ignition-dracut-grub2-2.15.0-150400.4.14.1 * ignition-2.15.0-150400.4.14.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ignition-debuginfo-2.15.0-150400.4.14.1 * ignition-dracut-grub2-2.15.0-150400.4.14.1 * ignition-2.15.0-150400.4.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 16:30:12 -0000 Subject: SUSE-SU-2026:20973-1: important: Security update for cockpit-repos Message-ID: <177566581205.16473.18442962256222644253@ea440c8e37cc> # Security update for cockpit-repos Announcement ID: SUSE-SU-2026:20973-1 Release Date: 2026-04-05T02:50:21Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-repos fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-478=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-repos-4.7-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 16:30:30 -0000 Subject: SUSE-SU-2026:20969-1: moderate: Security update for polkit Message-ID: <177566583060.16473.15006125676798069719@ea440c8e37cc> # Security update for polkit Announcement ID: SUSE-SU-2026:20969-1 Release Date: 2026-04-07T11:49:24Z Rating: moderate References: * bsc#1259711 * bsc#1259726 * bsc#1259729 * bsc#1260859 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 * CVE-2026-4897 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-4897 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro 6.2 An update that solves four vulnerabilities can now be installed. ## Security update for polkit ### Description: This update for polkit fixes the following issue: * CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). ## Security update for expat ### Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-466=1 * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-652=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-160000.5.1 * libexpat1-2.7.1-160000.5.1 * expat-debuginfo-2.7.1-160000.5.1 * libexpat1-debuginfo-2.7.1-160000.5.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libpolkit-gobject-1-0-debuginfo-121-4.1 * polkit-121-4.1 * polkit-debuginfo-121-4.1 * libpolkit-agent-1-0-debuginfo-121-4.1 * polkit-debugsource-121-4.1 * libpolkit-gobject-1-0-121-4.1 * libpolkit-agent-1-0-121-4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://www.suse.com/security/cve/CVE-2026-4897.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 * https://bugzilla.suse.com/show_bug.cgi?id=1260859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 16:30:38 -0000 Subject: SUSE-SU-2026:20968-1: moderate: Security update for gnutls Message-ID: <177566583886.16473.2939432155412279488@ea440c8e37cc> # Security update for gnutls Announcement ID: SUSE-SU-2026:20968-1 Release Date: 2026-03-30T14:33:01Z Rating: moderate References: * bsc#1254132 * bsc#1257960 * bsc#1258083 * jsc#PED-15752 * jsc#PED-15753 Cross-References: * CVE-2025-14831 * CVE-2025-9820 CVSS scores: * CVE-2025-14831 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities, contains two features and has one fix can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. (bsc#1257960) * CVE-2025-9820: Fixed a buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) * Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. (bsc#1258083, jsc#PED-15752, jsc#PED-15753) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-464=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libgnutls30-3.8.10-160000.2.1 * gnutls-debuginfo-3.8.10-160000.2.1 * libgnutls30-debuginfo-3.8.10-160000.2.1 * gnutls-debugsource-3.8.10-160000.2.1 * gnutls-3.8.10-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14831.html * https://www.suse.com/security/cve/CVE-2025-9820.html * https://bugzilla.suse.com/show_bug.cgi?id=1254132 * https://bugzilla.suse.com/show_bug.cgi?id=1257960 * https://bugzilla.suse.com/show_bug.cgi?id=1258083 * https://jira.suse.com/browse/PED-15752 * https://jira.suse.com/browse/PED-15753 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 16:30:41 -0000 Subject: SUSE-SU-2026:20967-1: important: Security update for cockpit-repos Message-ID: <177566584160.16473.8126307299732673425@ea440c8e37cc> # Security update for cockpit-repos Announcement ID: SUSE-SU-2026:20967-1 Release Date: 2026-04-05T02:50:21Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-repos fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-478=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-repos-4.7-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 16:30:58 -0000 Subject: SUSE-SU-2026:20963-1: important: Security update for expat Message-ID: <177566585826.16473.10699350263694000306@ea440c8e37cc> # Security update for expat Announcement ID: SUSE-SU-2026:20963-1 Release Date: 2026-03-30T14:58:50Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-466=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-160000.5.1 * libexpat1-2.7.1-160000.5.1 * expat-debuginfo-2.7.1-160000.5.1 * libexpat1-debuginfo-2.7.1-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:31:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 16:31:03 -0000 Subject: SUSE-SU-2026:20962-1: moderate: Security update for gnutls Message-ID: <177566586398.16473.8946727971685140877@ea440c8e37cc> # Security update for gnutls Announcement ID: SUSE-SU-2026:20962-1 Release Date: 2026-03-30T14:33:01Z Rating: moderate References: * bsc#1254132 * bsc#1257960 * bsc#1258083 * jsc#PED-15752 * jsc#PED-15753 Cross-References: * CVE-2025-14831 * CVE-2025-9820 CVSS scores: * CVE-2025-14831 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities, contains two features and has one fix can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. (bsc#1257960) * CVE-2025-9820: Fixed a buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) * Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. (bsc#1258083, jsc#PED-15752, jsc#PED-15753) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-464=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libgnutls30-3.8.10-160000.2.1 * gnutls-debuginfo-3.8.10-160000.2.1 * libgnutls30-debuginfo-3.8.10-160000.2.1 * gnutls-debugsource-3.8.10-160000.2.1 * gnutls-3.8.10-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14831.html * https://www.suse.com/security/cve/CVE-2025-9820.html * https://bugzilla.suse.com/show_bug.cgi?id=1254132 * https://bugzilla.suse.com/show_bug.cgi?id=1257960 * https://bugzilla.suse.com/show_bug.cgi?id=1258083 * https://jira.suse.com/browse/PED-15752 * https://jira.suse.com/browse/PED-15753 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:31:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 16:31:14 -0000 Subject: SUSE-SU-2026:1212-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5) Message-ID: <177566587455.16473.13030456124262371045@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1212-1 Release Date: 2026-04-08T10:04:55Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1211=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1212=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1212=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1211=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-9-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_30-debugsource-9-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_44-debugsource-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-10-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_44-debugsource-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-10-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-9-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_30-debugsource-9-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 20:30:13 -0000 Subject: SUSE-SU-2026:1218-1: moderate: Security update for python-requests Message-ID: <177568021385.16953.8493724805431583633@ea440c8e37cc> # Security update for python-requests Announcement ID: SUSE-SU-2026:1218-1 Release Date: 2026-04-08T14:39:50Z Rating: moderate References: * bsc#1260589 Cross-References: * CVE-2026-25645 CVSS scores: * CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1218=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1218=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-requests-2.24.0-8.26.1 * python-requests-2.24.0-8.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python-requests-2.24.0-8.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25645.html * https://bugzilla.suse.com/show_bug.cgi?id=1260589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 20:30:16 -0000 Subject: SUSE-SU-2026:1217-1: important: Security update for freerdp Message-ID: <177568021674.16953.2427353806257492941@ea440c8e37cc> # Security update for freerdp Announcement ID: SUSE-SU-2026:1217-1 Release Date: 2026-04-08T12:28:39Z Rating: important References: * bsc#1257991 Cross-References: * CVE-2026-24684 CVSS scores: * CVE-2026-24684 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24684 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24684 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-24684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for freerdp fixes the following issue: * CVE-2026-24684: Heap-use-after-free in play_thread (bsc#1257991). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1217=1 openSUSE-SLE-15.6-2026-1217=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1217=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * freerdp-server-2.11.2-150600.4.21.1 * libwinpr2-2-debuginfo-2.11.2-150600.4.21.1 * uwac0-0-devel-2.11.2-150600.4.21.1 * freerdp-proxy-2.11.2-150600.4.21.1 * libfreerdp2-2-2.11.2-150600.4.21.1 * freerdp-debuginfo-2.11.2-150600.4.21.1 * freerdp-devel-2.11.2-150600.4.21.1 * freerdp-debugsource-2.11.2-150600.4.21.1 * freerdp-proxy-debuginfo-2.11.2-150600.4.21.1 * freerdp-2.11.2-150600.4.21.1 * freerdp-wayland-2.11.2-150600.4.21.1 * freerdp-wayland-debuginfo-2.11.2-150600.4.21.1 * libuwac0-0-debuginfo-2.11.2-150600.4.21.1 * libwinpr2-2-2.11.2-150600.4.21.1 * winpr-devel-2.11.2-150600.4.21.1 * libfreerdp2-2-debuginfo-2.11.2-150600.4.21.1 * freerdp-server-debuginfo-2.11.2-150600.4.21.1 * libuwac0-0-2.11.2-150600.4.21.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp-debuginfo-2.11.2-150600.4.21.1 * freerdp-debugsource-2.11.2-150600.4.21.1 * uwac0-0-devel-2.11.2-150600.4.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24684.html * https://bugzilla.suse.com/show_bug.cgi?id=1257991 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 20:30:25 -0000 Subject: SUSE-SU-2026:1216-1: important: Security update for openssl-1_1 Message-ID: <177568022586.16953.10958680989306696213@ea440c8e37cc> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1216-1 Release Date: 2026-04-08T12:28:22Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1216=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1216=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.109.1 * libopenssl1_1-hmac-1.1.1d-150200.11.109.1 * libopenssl-1_1-devel-1.1.1d-150200.11.109.1 * openssl-1_1-1.1.1d-150200.11.109.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.109.1 * libopenssl1_1-1.1.1d-150200.11.109.1 * openssl-1_1-debugsource-1.1.1d-150200.11.109.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.109.1 * libopenssl1_1-hmac-1.1.1d-150200.11.109.1 * libopenssl-1_1-devel-1.1.1d-150200.11.109.1 * openssl-1_1-1.1.1d-150200.11.109.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.109.1 * libopenssl1_1-1.1.1d-150200.11.109.1 * openssl-1_1-debugsource-1.1.1d-150200.11.109.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 20:30:35 -0000 Subject: SUSE-SU-2026:1215-1: important: Security update for openssl-3 Message-ID: <177568023550.16953.6917913154388772613@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1215-1 Release Date: 2026-04-08T12:28:03Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1215=1 openSUSE-SLE-15.6-2026-1215=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1215=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1215=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-3.1.4-150600.5.45.1 * libopenssl-3-devel-3.1.4-150600.5.45.1 * openssl-3-debuginfo-3.1.4-150600.5.45.1 * openssl-3-3.1.4-150600.5.45.1 * openssl-3-debugsource-3.1.4-150600.5.45.1 * openSUSE Leap 15.6 (x86_64) * libopenssl3-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-32bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-devel-32bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.45.1 * openSUSE Leap 15.6 (noarch) * openssl-3-doc-3.1.4-150600.5.45.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libopenssl-3-devel-64bit-3.1.4-150600.5.45.1 * libopenssl3-64bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-64bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-64bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-64bit-3.1.4-150600.5.45.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-3.1.4-150600.5.45.1 * libopenssl-3-devel-3.1.4-150600.5.45.1 * openssl-3-debuginfo-3.1.4-150600.5.45.1 * openssl-3-3.1.4-150600.5.45.1 * openssl-3-debugsource-3.1.4-150600.5.45.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libopenssl3-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-32bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libopenssl3-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-3.1.4-150600.5.45.1 * libopenssl-3-devel-3.1.4-150600.5.45.1 * openssl-3-debuginfo-3.1.4-150600.5.45.1 * openssl-3-3.1.4-150600.5.45.1 * openssl-3-debugsource-3.1.4-150600.5.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libopenssl3-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-32bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.45.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 20:30:43 -0000 Subject: SUSE-SU-2026:1214-1: important: Security update for openssl-3 Message-ID: <177568024394.16953.12882955370509106836@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1214-1 Release Date: 2026-04-08T12:27:50Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1214=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1214=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1214=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1214=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1214=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1214=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1214=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1214=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1214=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 * openSUSE Leap 15.4 (x86_64) * libopenssl3-32bit-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-32bit-3.0.8-150400.4.81.1 * libopenssl-3-devel-32bit-3.0.8-150400.4.81.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.81.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl3-64bit-3.0.8-150400.4.81.1 * libopenssl-3-devel-64bit-3.0.8-150400.4.81.1 * libopenssl3-64bit-debuginfo-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 08 Apr 2026 20:30:52 -0000 Subject: SUSE-SU-2026:1213-1: important: Security update for openssl-3 Message-ID: <177568025234.16953.13833513677663248161@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1213-1 Release Date: 2026-04-08T12:27:11Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1213=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1213=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1213=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1213=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1213=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-3.0.8-150500.5.60.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.60.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.60.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.60.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-64bit-3.0.8-150500.5.60.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 08:30:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 08:30:17 -0000 Subject: SUSE-SU-2026:1221-1: important: Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5) Message-ID: <177572341737.18282.184301107971688760@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1221-1 Release Date: 2026-04-08T16:04:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.255 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1221=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_255-default-15-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 08:30:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 08:30:20 -0000 Subject: SUSE-SU-2026:1220-1: moderate: Security update for python-poetry Message-ID: <177572342090.18282.17888161856388911402@ea440c8e37cc> # Security update for python-poetry Announcement ID: SUSE-SU-2026:1220-1 Release Date: 2026-04-08T16:03:10Z Rating: moderate References: * bsc#1261383 Cross-References: * CVE-2026-34591 CVSS scores: * CVE-2026-34591 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34591 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-34591 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-poetry fixes the following issue: * CVE-2026-34591: From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write (bsc#1261383). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1220=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-poetry-1.7.1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34591.html * https://bugzilla.suse.com/show_bug.cgi?id=1261383 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 12:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 12:30:21 -0000 Subject: SUSE-SU-2026:1225-1: important: Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6) Message-ID: <177573782146.18853.12931649269783721815@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1225-1 Release Date: 2026-04-09T01:53:44Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.70 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1225=1 SUSE-2026-1224=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1225=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1224=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_73-default-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-5-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_73-default-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-5-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 12:30:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 12:30:33 -0000 Subject: SUSE-SU-2026:1222-1: important: Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4) Message-ID: <177573783315.18853.10865754292575634682@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1222-1 Release Date: 2026-04-09T02:36:32Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.164 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1222=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1222=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1226=1 SUSE-2026-1223=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1226=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1223=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-7-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-7-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-7-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-7-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_40-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_43-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-11-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_40-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_43-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-11-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:30:05 -0000 Subject: SUSE-SU-2026:20997-1: important: Security update for cockpit-repos Message-ID: <177575220595.22761.11341901279503693488@7334c935c7bb> # Security update for cockpit-repos Announcement ID: SUSE-SU-2026:20997-1 Release Date: 2026-04-05T02:55:36Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-repos fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-478=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * cockpit-repos-4.7-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:30:12 -0000 Subject: SUSE-SU-2026:20995-1: low: Security update for dnsdist Message-ID: <177575221282.22761.16417083949273582473@7334c935c7bb> # Security update for dnsdist Announcement ID: SUSE-SU-2026:20995-1 Release Date: 2026-04-02T09:11:51Z Rating: low References: * bsc#1250054 * bsc#1253852 Cross-References: * CVE-2025-30187 * CVE-2025-8671 CVSS scores: * CVE-2025-30187 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-30187 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-30187 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-8671 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-8671 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-8671 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: * CVE-2025-8671: add mitigations for the HTTP/2 MadeYouReset attack (bsc#1253852). * CVE-2025-30187: denial of service via crafted DoH exchange (bsc#1250054). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-475=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 s390x x86_64) * dnsdist-debugsource-1.9.11-160000.1.1 * dnsdist-1.9.11-160000.1.1 * dnsdist-debuginfo-1.9.11-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-30187.html * https://www.suse.com/security/cve/CVE-2025-8671.html * https://bugzilla.suse.com/show_bug.cgi?id=1250054 * https://bugzilla.suse.com/show_bug.cgi?id=1253852 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:30:20 -0000 Subject: SUSE-SU-2026:20993-1: important: Security update for perl-XML-Parser Message-ID: <177575222061.22761.3392383405808069967@7334c935c7bb> # Security update for perl-XML-Parser Announcement ID: SUSE-SU-2026:20993-1 Release Date: 2026-04-01T16:23:38Z Rating: important References: * bsc#1259901 * bsc#1259902 Cross-References: * CVE-2006-10002 * CVE-2006-10003 CVSS scores: * CVE-2006-10002 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2006-10002 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2006-10002 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2006-10002 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2006-10003 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2006-10003 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2006-10003 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2006-10003 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for perl-XML-Parser fixes the following issues: * CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901). * CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-474=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * perl-XML-Parser-2.470.0-160000.3.1 * perl-XML-Parser-debugsource-2.470.0-160000.3.1 * perl-XML-Parser-debuginfo-2.470.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2006-10002.html * https://www.suse.com/security/cve/CVE-2006-10003.html * https://bugzilla.suse.com/show_bug.cgi?id=1259901 * https://bugzilla.suse.com/show_bug.cgi?id=1259902 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:30:23 -0000 Subject: SUSE-SU-2026:20992-1: important: Security update for python-Pillow Message-ID: <177575222335.22761.4115791328098693035@7334c935c7bb> # Security update for python-Pillow Announcement ID: SUSE-SU-2026:20992-1 Release Date: 2026-04-01T14:57:29Z Rating: important References: * bsc#1258125 Cross-References: * CVE-2026-25990 CVSS scores: * CVE-2026-25990 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25990 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25990 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25990 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. (bsc#1258125) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-473=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * python313-Pillow-tk-11.3.0-160000.3.1 * python313-Pillow-tk-debuginfo-11.3.0-160000.3.1 * python-Pillow-debugsource-11.3.0-160000.3.1 * python313-Pillow-11.3.0-160000.3.1 * python313-Pillow-debuginfo-11.3.0-160000.3.1 * python-Pillow-debuginfo-11.3.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25990.html * https://bugzilla.suse.com/show_bug.cgi?id=1258125 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:30:43 -0000 Subject: SUSE-SU-2026:20989-1: important: Security update for kea Message-ID: <177575224319.22761.4005777132278269469@7334c935c7bb> # Security update for kea Announcement ID: SUSE-SU-2026:20989-1 Release Date: 2026-04-01T09:24:21Z Rating: important References: * bsc#1252863 * bsc#1260380 Cross-References: * CVE-2025-11232 * CVE-2026-3608 CVSS scores: * CVE-2025-11232 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-11232 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-11232 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3608 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3608 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3608 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for kea fixes the following issues: Update to 3.0.3: * CVE-2025-11232: invalid characters cause assert (bsc#1252863). * CVE-2026-3608: stack overflow via maliciously crafted message (bsc#1260380). Changelog: * A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. (CVE-2026-3608) [bsc#1260380] * When a hostname or FQDN received from a client is reduced to an empty string by hostname sanitizing, kea-dhcp4 and kea-dhcp6 will now drop the option. (CVE-2025-11232) [bsc#1252863] * A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry. * UNIX sockets are now created as group-writable. * Removed logging an error in ping check hook library if using lease cache treshold. * Fixed deadlock in ping-check hooks library. * Fixed a data race in ping-check hooks library. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-470=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libkea-log75-3.0.3-160000.1.1 * libkea-dns71-3.0.3-160000.1.1 * kea-hooks-3.0.3-160000.1.1 * libkea-hooks121-3.0.3-160000.1.1 * libkea-stats53-debuginfo-3.0.3-160000.1.1 * libkea-log-interprocess3-3.0.3-160000.1.1 * libkea-log75-debuginfo-3.0.3-160000.1.1 * libkea-dhcp109-debuginfo-3.0.3-160000.1.1 * kea-debugsource-3.0.3-160000.1.1 * libkea-dhcpsrv131-debuginfo-3.0.3-160000.1.1 * libkea-exceptions45-3.0.3-160000.1.1 * libkea-config84-3.0.3-160000.1.1 * libkea-dhcp_ddns68-3.0.3-160000.1.1 * libkea-process91-debuginfo-3.0.3-160000.1.1 * libkea-database76-3.0.3-160000.1.1 * libkea-eval84-debuginfo-3.0.3-160000.1.1 * libkea-config84-debuginfo-3.0.3-160000.1.1 * libkea-stats53-3.0.3-160000.1.1 * libkea-dhcpsrv131-3.0.3-160000.1.1 * libkea-cc83-debuginfo-3.0.3-160000.1.1 * libkea-d2srv63-3.0.3-160000.1.1 * libkea-database76-debuginfo-3.0.3-160000.1.1 * libkea-cfgrpt3-3.0.3-160000.1.1 * kea-devel-debuginfo-3.0.3-160000.1.1 * libkea-util-io12-3.0.3-160000.1.1 * libkea-tcp33-3.0.3-160000.1.1 * libkea-d2srv63-debuginfo-3.0.3-160000.1.1 * libkea-asiolink88-3.0.3-160000.1.1 * libkea-asiolink88-debuginfo-3.0.3-160000.1.1 * libkea-dns71-debuginfo-3.0.3-160000.1.1 * libkea-hooks121-debuginfo-3.0.3-160000.1.1 * libkea-eval84-3.0.3-160000.1.1 * libkea-pgsql88-3.0.3-160000.1.1 * libkea-asiodns62-3.0.3-160000.1.1 * kea-3.0.3-160000.1.1 * libkea-cryptolink64-debuginfo-3.0.3-160000.1.1 * libkea-http87-3.0.3-160000.1.1 * libkea-cfgrpt3-debuginfo-3.0.3-160000.1.1 * libkea-cc83-3.0.3-160000.1.1 * libkea-dhcp_ddns68-debuginfo-3.0.3-160000.1.1 * libkea-mysql88-3.0.3-160000.1.1 * libkea-pgsql88-debuginfo-3.0.3-160000.1.1 * libkea-log-interprocess3-debuginfo-3.0.3-160000.1.1 * python3-kea-3.0.3-160000.1.1 * libkea-util102-3.0.3-160000.1.1 * libkea-asiodns62-debuginfo-3.0.3-160000.1.1 * libkea-tcp33-debuginfo-3.0.3-160000.1.1 * libkea-http87-debuginfo-3.0.3-160000.1.1 * libkea-exceptions45-debuginfo-3.0.3-160000.1.1 * libkea-process91-3.0.3-160000.1.1 * libkea-util102-debuginfo-3.0.3-160000.1.1 * libkea-dhcp109-3.0.3-160000.1.1 * libkea-cryptolink64-3.0.3-160000.1.1 * kea-hooks-debuginfo-3.0.3-160000.1.1 * kea-debuginfo-3.0.3-160000.1.1 * kea-devel-3.0.3-160000.1.1 * libkea-util-io12-debuginfo-3.0.3-160000.1.1 * libkea-mysql88-debuginfo-3.0.3-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * kea-doc-3.0.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11232.html * https://www.suse.com/security/cve/CVE-2026-3608.html * https://bugzilla.suse.com/show_bug.cgi?id=1252863 * https://bugzilla.suse.com/show_bug.cgi?id=1260380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:30:47 -0000 Subject: SUSE-SU-2026:20988-1: important: Security update for gnome-online-accounts, gvfs Message-ID: <177575224791.22761.2282360702047239553@7334c935c7bb> # Security update for gnome-online-accounts, gvfs Announcement ID: SUSE-SU-2026:20988-1 Release Date: 2026-03-31T09:11:58Z Rating: important References: * bsc#1258953 * bsc#1258954 Cross-References: * CVE-2026-28295 * CVE-2026-28296 CVSS scores: * CVE-2026-28295 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28295 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28295 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28296 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28296 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-28296 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: * CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers (bsc#1258953). * CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths (bsc#1258954). Changelog: Update to version 1.59.90: * client: Fix use-after-free when creating async proxy failed * udisks2: Emit changed signals from update_all() * daemon: Fix race on subscribers list when on thread * ftp: Validate fe_size when parsing symlink target * ftp: Check localtime() return value before use * gphoto2: Use g_try_realloc() instead of g_realloc() * cdda: Reject path traversal in mount URI host * client: Fail when URI has invalid UTF-8 chars * udisks2: Fix memory corruption with duplicate mount paths * build: Update GOA dependency to > 3.57.0 * Some other fixes * ftp: Use control connection address for PASV data. * ftp: Reject paths containing CR/LF characters Update to version 1.59.1: * mtp: replace Android extension checks with capability checks * dav: Add X-OC-Mtime header on push to preserve last modified time * udisks2: Use hash tables in the volume monitor to improve performance * onedrive: Check for identity instead of presentation identity * build: Disable google option and mark as deprecated Update to version 1.58.2: * ftp: Use control connection address for PASV data * ftp: Reject paths containing CR/LF characters Update to version 1.58.1: * cdda: Fix duration of last track for some media * build: Fix build when google option is disabled * Fix various memory leaks * Updated translations. Update to version 1.58.0: * mtp: Allow cancelling ongoing folder enumerations * wsdd: Use socket-activated service if available * onedrive: Set emblem for remote data * fix: Add file rename support in MTP backend move operation * mtp: Fix -Wmaybe-uninitialized warning in pad_file * fuse: use fuse_(un)set_feature_flag for libfuse 3.17+ * smbbrowse: Purge server cache for next auth try * metatree: Open files with O_CLOEXEC * cdda: Fix incorrect track duration for 99-track CDs * metadata: Fix journal file permissions inconsistency * dav: recognize 308 Permanent Redirect Changes for gnome-online-accounts: Update to version 3.58.0: * SMTP server without password cannot be configured * Remove unneeded SMTP password escaping * build: Disable google provider Files feature * MS365: Fix mail address and name * Google: Set mail name to presentation identity * Updated translations. Update to version 3.57.1: * Default Microsoft 365 client is unverified * Microsoft 365: Make use of email for id * goadaemon: Allow manage system notifications * goamsgraphprovider: bump credentials generation * goaprovider: Allow to disable, instead of enable, selected providers Changes from version 3.57.0: * Support for saving a Kerberos password to the keychain after the first login * changing expired kerberos password is not supported. * Provided Files URI does not override undiscovered endpoint * DAV client rejects 204 status in OPTIONS request handler * Include emblem-default-symbolic.svg * Connecting a Runbox CardDAV/CalDAV account hangs/freezes after sign in * i81n: fix translatable string * goaimapsmptprovider: fix accounts without SMTP or authentication-less SMTP * build: only install icons for the goabackend build * build: don't require goabackend to build documentation * ci: test the build without gtk4 * DAV-client: Added short path for SOGo Update to version 3.56.4: * Bugs fixed: * Unclear which part of "IMAP+SMTP" account test failed * Adding nextcloud account which has a subfolder does not work * goadaemon: Handle broken account configs Update to version 3.56.3: * Add DAV detection and configuration for SOGo * DAV discovery fails when certain SRV lookups fail Update to version 3.56.1: * Support for saving a Kerberos password after the first login * Changing expired kerberos password is not supported * Provided Files URI does not override undiscovered endpoint * DAV client rejects 204 status in OPTIONS request handler Update to version 3.56.0: * Code style and logging cleanups * Updated translations Update to version 3.55.2: * goaoauth2provider: improve error handling for auth/token endpoints Update to version 3.55.1: * Support Webflow authentication for Nextcloud * Rename dconf key in gnome-online-accounts settings * "Account Name" GUI field is a bit ambiguous * Failed to generate a new POT file for the user interface of "gnome-online- accounts" (domain: "po") and some missing files from POTFILES.in Update to version 3.55.0: * Add progress spinner for OAuth2 dialogs * Remove Windows Live! option * Improve goa_oauth2_provider_ensure_credentials_sync * Authentication failure in goa IMAP accounts * Missing files from POTFILES.in * WebDAV not detected for mail.ru * goaoauth2provider: fix task chaining for subclasses * Always lowercase domains when looking up base * goadavclient: check Nextcloud fallback last * goabackend: add a composite widget for authflow links * goadavclient: fix the mailbox.org preconfig Update to version 3.54.5: * Adding GOA account fails with sonic.net IMAP service * Cannot add a ProtonMail bridge with IMAP + TLS * Nextcloud login does not work anymore due to OPTIONS /login request * Linked online accounts no longer work * Invalid URI when adding Google account * goamsgraphprovider: ensure a valid PresentationIdentity * goadaemon: complete GTasks to avoid a scary debug warning ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-469=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * gvfs-debuginfo-1.59.90-160000.1.1 * gvfs-fuse-debuginfo-1.59.90-160000.1.1 * gnome-online-accounts-debuginfo-3.58.0-160000.1.1 * gvfs-debugsource-1.59.90-160000.1.1 * typelib-1_0-Goa-1_0-3.58.0-160000.1.1 * gvfs-backends-1.59.90-160000.1.1 * gvfs-fuse-1.59.90-160000.1.1 * gnome-online-accounts-debugsource-3.58.0-160000.1.1 * libgoa-backend-1_0-2-3.58.0-160000.1.1 * libgoa-backend-1_0-2-debuginfo-3.58.0-160000.1.1 * gvfs-1.59.90-160000.1.1 * gvfs-backends-debuginfo-1.59.90-160000.1.1 * libgoa-1_0-0-3.58.0-160000.1.1 * libgoa-1_0-0-debuginfo-3.58.0-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * gvfs-lang-1.59.90-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28295.html * https://www.suse.com/security/cve/CVE-2026-28296.html * https://bugzilla.suse.com/show_bug.cgi?id=1258953 * https://bugzilla.suse.com/show_bug.cgi?id=1258954 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:30:53 -0000 Subject: SUSE-SU-2026:20986-1: important: Security update for postgresql13 Message-ID: <177575225319.22761.8842540413640183757@7334c935c7bb> # Security update for postgresql13 Announcement ID: SUSE-SU-2026:20986-1 Release Date: 2026-03-30T15:14:07Z Rating: important References: * bsc#1253332 * bsc#1253333 Cross-References: * CVE-2025-12817 * CVE-2025-12818 CVSS scores: * CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for postgresql13 fixes the following issues: Security fixes: * CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts (bsc#1253332) * CVE-2025-12818: Fixed several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer (bsc#1253333) Other fixes: * Update to 13.23 * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/13.23 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-467=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * postgresql13-pltcl-13.23-160000.1.1 * postgresql13-server-devel-13.23-160000.1.1 * postgresql13-13.23-160000.1.1 * postgresql13-devel-debuginfo-13.23-160000.1.1 * postgresql13-contrib-debuginfo-13.23-160000.1.1 * postgresql13-devel-13.23-160000.1.1 * postgresql13-plpython-13.23-160000.1.1 * postgresql13-server-13.23-160000.1.1 * postgresql13-server-debuginfo-13.23-160000.1.1 * postgresql13-server-devel-debuginfo-13.23-160000.1.1 * postgresql13-plpython-debuginfo-13.23-160000.1.1 * postgresql13-plperl-13.23-160000.1.1 * postgresql13-contrib-13.23-160000.1.1 * postgresql13-pltcl-debuginfo-13.23-160000.1.1 * postgresql13-debugsource-13.23-160000.1.1 * postgresql13-plperl-debuginfo-13.23-160000.1.1 * postgresql13-debuginfo-13.23-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * postgresql13-docs-13.23-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12817.html * https://www.suse.com/security/cve/CVE-2025-12818.html * https://bugzilla.suse.com/show_bug.cgi?id=1253332 * https://bugzilla.suse.com/show_bug.cgi?id=1253333 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:30:58 -0000 Subject: SUSE-SU-2026:20985-1: important: Security update for expat Message-ID: <177575225870.22761.13491796149006069973@7334c935c7bb> # Security update for expat Announcement ID: SUSE-SU-2026:20985-1 Release Date: 2026-03-30T14:59:16Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-466=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-160000.5.1 * expat-2.7.1-160000.5.1 * libexpat-devel-2.7.1-160000.5.1 * expat-debuginfo-2.7.1-160000.5.1 * libexpat1-2.7.1-160000.5.1 * libexpat1-debuginfo-2.7.1-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:31:05 -0000 Subject: SUSE-SU-2026:20984-1: moderate: Security update for gnutls Message-ID: <177575226505.22761.6066370216372735082@7334c935c7bb> # Security update for gnutls Announcement ID: SUSE-SU-2026:20984-1 Release Date: 2026-03-30T14:36:07Z Rating: moderate References: * bsc#1254132 * bsc#1257960 * bsc#1258083 * jsc#PED-15752 * jsc#PED-15753 Cross-References: * CVE-2025-14831 * CVE-2025-9820 CVSS scores: * CVE-2025-14831 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities, contains two features and has one fix can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. (bsc#1257960) * CVE-2025-9820: Fixed a buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) * Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. (bsc#1258083, jsc#PED-15752, jsc#PED-15753) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-464=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * gnutls-debugsource-3.8.10-160000.2.1 * libgnutls-devel-3.8.10-160000.2.1 * libgnutls30-3.8.10-160000.2.1 * gnutls-3.8.10-160000.2.1 * libgnutlsxx-devel-3.8.10-160000.2.1 * libgnutlsxx30-debuginfo-3.8.10-160000.2.1 * libgnutls30-debuginfo-3.8.10-160000.2.1 * gnutls-debuginfo-3.8.10-160000.2.1 * libgnutlsxx30-3.8.10-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14831.html * https://www.suse.com/security/cve/CVE-2025-9820.html * https://bugzilla.suse.com/show_bug.cgi?id=1254132 * https://bugzilla.suse.com/show_bug.cgi?id=1257960 * https://bugzilla.suse.com/show_bug.cgi?id=1258083 * https://jira.suse.com/browse/PED-15752 * https://jira.suse.com/browse/PED-15753 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:31:12 -0000 Subject: SUSE-SU-2026:20983-1: important: Security update for postgresql16 Message-ID: <177575227299.22761.7239780482336561584@7334c935c7bb> # Security update for postgresql16 Announcement ID: SUSE-SU-2026:20983-1 Release Date: 2026-03-30T14:27:44Z Rating: important References: * bsc#1258008 * bsc#1258009 * bsc#1258010 * bsc#1258011 * bsc#1258754 Cross-References: * CVE-2026-2003 * CVE-2026-2004 * CVE-2026-2005 * CVE-2026-2006 CVSS scores: * CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql16 fixes the following issues: * Update to versio 16.13. (bsc#1258754) * CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) * CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) * CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) * CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-465=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * postgresql16-16.13-160000.1.1 * postgresql16-plperl-16.13-160000.1.1 * postgresql16-server-16.13-160000.1.1 * postgresql16-contrib-debuginfo-16.13-160000.1.1 * postgresql16-server-devel-16.13-160000.1.1 * postgresql16-debugsource-16.13-160000.1.1 * postgresql16-contrib-16.13-160000.1.1 * postgresql16-pltcl-debuginfo-16.13-160000.1.1 * postgresql16-server-debuginfo-16.13-160000.1.1 * postgresql16-devel-debuginfo-16.13-160000.1.1 * postgresql16-plpython-16.13-160000.1.1 * postgresql16-plpython-debuginfo-16.13-160000.1.1 * postgresql16-pltcl-16.13-160000.1.1 * postgresql16-plperl-debuginfo-16.13-160000.1.1 * postgresql16-debuginfo-16.13-160000.1.1 * postgresql16-server-devel-debuginfo-16.13-160000.1.1 * postgresql16-devel-16.13-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * postgresql16-docs-16.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2003.html * https://www.suse.com/security/cve/CVE-2026-2004.html * https://www.suse.com/security/cve/CVE-2026-2005.html * https://www.suse.com/security/cve/CVE-2026-2006.html * https://bugzilla.suse.com/show_bug.cgi?id=1258008 * https://bugzilla.suse.com/show_bug.cgi?id=1258009 * https://bugzilla.suse.com/show_bug.cgi?id=1258010 * https://bugzilla.suse.com/show_bug.cgi?id=1258011 * https://bugzilla.suse.com/show_bug.cgi?id=1258754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:31:23 -0000 Subject: SUSE-SU-2026:20982-1: important: Security update for tomcat10 Message-ID: <177575228324.22761.12486292201707787114@7334c935c7bb> # Security update for tomcat10 Announcement ID: SUSE-SU-2026:20982-1 Release Date: 2026-03-30T08:14:01Z Rating: important References: * bsc#1252753 * bsc#1252756 * bsc#1252905 * bsc#1253460 * bsc#1258371 * bsc#1258385 * bsc#1258387 Cross-References: * CVE-2025-55752 * CVE-2025-55754 * CVE-2025-61795 * CVE-2025-66614 * CVE-2026-24733 * CVE-2026-24734 CVSS scores: * CVE-2025-55752 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55752 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-55752 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-55754 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-55754 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-55754 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-61795 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61795 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2026-24733 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24733 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24733 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-24733 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24734 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-24734 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-24734 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves six vulnerabilities and has one fix can now be installed. ## Description: This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: * CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753). * CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905). * CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756). * CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). * CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). * CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: * Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) * Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) * Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) * Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) * Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) * Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) * Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) * Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) * Fix: Add log warnings for additional Host appBase suspicious values. (remm) * Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) * Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) * Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) * Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) * Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) * Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Fix: Log warnings when the SSO configuration does not comply with the documentation. (remm) * Update: Deprecate the RemoteAddrFilter and RemoteAddrValve in favour of the RemoteCIDRFilter and RemoteCIDRValve. (markt) * Fix: 69837: Fix corruption of the class path generated by the Loader when running on Windows. (markt) * Fix: Reject requests that map to invalid Windows file names earlier. (markt) * Fix: 69839: Ensure that changes to session IDs (typically after authentication) are promulgated to the SSO Valve to ensure that SSO entries are fully clean-up on session expiration. Patch provided by Kim Johan Andersson. (markt) * Fix: Fix a race condition in the creation of the storage location for the FileStore. (markt) * Cluster * Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering * Fix: Correct a regression introduced in 10.1.45 that broke some clustering configurations. (markt) * Coyote * Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) * Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm) * Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) * Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) * Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) * Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) * Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) * Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) * Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) * Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) * Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) * Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) * Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. * Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) * Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) * Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) * Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) * Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) * Fix: Fix use of deferAccept attribute in JMX, since it is normally only removed in Tomcat 11. (remm) * Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) * Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) * Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. * Fix: 69848: Fix copy/paste errors in 10.1.47 that meant DELETE requests received via the AJP connector were processed as OPTIONS requests and PROPFIND requests were processed as TRACE. (markt) * Fix: Various OCSP processing issues in the OpenSSL FFM code. (dsoumis) * General * Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) * Jasper * Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) * Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) * Fix: Fix populating the classpath with the webapp classloader repositories. (remm) * Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool * Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications * Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) * Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) * Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket * Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Fix: 69845: When using permessage-deflate with Java 25 onwards, handle the underlying Inflater and/or Deflater throwing IllegalStateException when closed rather than NullPointerException as they do in Java 24 and earlier. * Other * Update: Update the internal fork of Commons Pool to 2.13.1. (markt) * Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) * Update: Update Commons Daemon to 1.5.1. (markt) * Update: Update ByteBuddy to 1.18.3. (markt) * Update: Update UnboundID to 7.0.4. (markt) * Update: Update Checkstyle to 12.3.1. (markt) * Add: Improvements to French translations. (markt) * Add: Improvements to Japanese translations provided by tak7iji. (markt) * Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) * Update: Update Tomcat Native to 2.0.12. (markt) * Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) * Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile= to run specific test subsets without using patterns directly. Profile patterns are defined in test- profiles.properties. (csutherl) * Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) * Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) * Update: Update Commons Daemon to 1.5.0. (markt) * Update: Update Byte Buddy to 1.18.2. (markt) * Update: Update Checkstyle to 12.2.0. (markt) * Add: Improvements to Spanish translations provided by White Vogel. (markt) * Add: Improvements to French translations. (remm) * Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) * Update: Update to Byte Buddy 1.17.8. (markt) * Update: Update to Checkstyle 12.1.1. (markt) * Update: Update to Jacoco 0.8.14. (markt) * Update: Update to SpotBugs 4.9.8. (markt) * Update: Update to JSign 7.4. (markt) * Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) Update to Tomcat 10.1.48: * Update: Deprecate the RemoteAddrFilter and RemoteAddValve in favour of the RemoteCIDRFilter and RemoteCIDRValve. (markt) * Fix: HTTP methods are case-sensitive so always use case sensitive comparisons when comparing HTTP methods. (markt) * Fix: 69814: Ensure that HttpSession.isNew() returns false once the client has joined the session. (markt) * Fix: Further performance improvements for ParameterMap. (jengebr/markt) * Code: Refactor access log time stamps to be based on the Instant request processing starts. (markt) * Fix: Fix a case-sensitivity issue in the trailer header allow list. * Fix: Be proactive in cleaning up temporary files after a failed multi-part upload rather than waiting for GC to do it. (markt) * Update: Change the digest used to calculate strong ETags (if enabled) for the default Servlet from SHA-1 to SHA-256 to align with the recommendation in RFC 9110 that hash functions used to generate strong ETags should be collision resistant. (markt) * Fix: Correct a regression in the fix for 69781 that broke FileStore. * Code: Remove a number of unnecessary packages from the catalina- deployer.jar. (markt) * Fix: 69781: Fix concurrent access issues in the session FileStore implementation that were causing lost sessions when the store was used with the PersistentValve. Based on pull request #882 by Aaron Ogburn. * Fix: Fix handling of QSA and QSD flags in RewriteValve. (markt) * Fix: Prevent the channel configuration (sender, receiver, membership service) from being changed unless the channel is fully stopped. (markt) * Fix: Handle spurious wake-ups during leader election for NonBlockingCoordinator. (markt) * Fix: Handle spurious wake-ups during sending of messages by RpcChannel. * Update: Add specific certificate selection code for TLS 1.3 supporting post quantum cryptography. Certificates defined with type MLDSA will be selected depending on the TLS client hello. (remm) * Update: Add groups attribute on SSLHostConfig allowing to restrict which groups can be enabled on the SSL engine. (remm) * Add: Optimize the conversion of HTTP method from byte form to String form. * Fix: Store HTTP request headers using the original case for the header name rather than forcing it to lower case. (markt) * Update: Add hybrid PQC support to OpenSSL, based on code from mod_ssl. Using this OpenSSL specific code path, additional PQC certificates defined with type MLDSA are added to contexts which use classic certificates. (jfclere/remm) * Fix: Ensure keys are handed out to OpenSSL even if PEMFile fails to process it, with appropriate logging. (remm) * Fix: Add new ML-DSA key algorithm to PEMFile and improve reporting when reading a key fails. (remm) * Fix: Fix possible early timeouts for network operations caused by a spurious wake-up of a waiting thread. Found by Coverity Scan. (markt) * Fix: Documentation. Clarify the purpose of the maxPostSize attribute of the Connector element. (markt) * Fix: Avoid NPE in manager webapp displaying certificate information. * Update: Update Byte Buddy to 1.17.7. (markt) * Update: Update Checkstyle to 11.1.0. (markt) * Update: Update SpotBugs to 4.9.6. (markt) * Update: Update Jsign to 7.2. (markt) * Add: Improvements to Russian translations provided by usmazat. (markt) * Update: Minor refactoring in JULI loggers. Patch provided by minjund. * Code: Review logging and include the full stack trace and exception message by default rather then just the exception message when logging an error or warning in response to an exception. (markt) * Add: Add escaping to log formatters to align with JSON formatter. (markt) * Update: Update Checkstyle to 11.0.0. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-462=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * tomcat10-admin-webapps-10.1.52-160000.1.1 * tomcat10-jsvc-10.1.52-160000.1.1 * tomcat10-webapps-10.1.52-160000.1.1 * tomcat10-lib-10.1.52-160000.1.1 * tomcat10-10.1.52-160000.1.1 * tomcat10-servlet-6_0-api-10.1.52-160000.1.1 * tomcat10-doc-10.1.52-160000.1.1 * tomcat10-jsp-3_1-api-10.1.52-160000.1.1 * tomcat10-docs-webapp-10.1.52-160000.1.1 * tomcat10-embed-10.1.52-160000.1.1 * tomcat10-el-5_0-api-10.1.52-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55752.html * https://www.suse.com/security/cve/CVE-2025-55754.html * https://www.suse.com/security/cve/CVE-2025-61795.html * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24733.html * https://www.suse.com/security/cve/CVE-2026-24734.html * https://bugzilla.suse.com/show_bug.cgi?id=1252753 * https://bugzilla.suse.com/show_bug.cgi?id=1252756 * https://bugzilla.suse.com/show_bug.cgi?id=1252905 * https://bugzilla.suse.com/show_bug.cgi?id=1253460 * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1258385 * https://bugzilla.suse.com/show_bug.cgi?id=1258387 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:31:30 -0000 Subject: SUSE-SU-2026:20978-1: important: Security update for MozillaFirefox Message-ID: <177575229025.22761.3820987837813046206@7334c935c7bb> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:20978-1 Release Date: 2026-03-27T12:32:55Z Rating: important References: * bsc#1260083 Cross-References: * CVE-2025-59375 * CVE-2026-4684 * CVE-2026-4685 * CVE-2026-4686 * CVE-2026-4687 * CVE-2026-4688 * CVE-2026-4689 * CVE-2026-4690 * CVE-2026-4691 * CVE-2026-4692 * CVE-2026-4693 * CVE-2026-4694 * CVE-2026-4695 * CVE-2026-4696 * CVE-2026-4697 * CVE-2026-4698 * CVE-2026-4699 * CVE-2026-4700 * CVE-2026-4701 * CVE-2026-4702 * CVE-2026-4704 * CVE-2026-4705 * CVE-2026-4706 * CVE-2026-4707 * CVE-2026-4708 * CVE-2026-4709 * CVE-2026-4710 * CVE-2026-4711 * CVE-2026-4712 * CVE-2026-4713 * CVE-2026-4714 * CVE-2026-4715 * CVE-2026-4716 * CVE-2026-4717 * CVE-2026-4718 * CVE-2026-4719 * CVE-2026-4720 * CVE-2026-4721 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4684 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4685 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4686 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4687 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4687 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2026-4687 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4689 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4690 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4690 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2026-4690 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4692 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4692 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4692 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4693 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4694 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4695 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4696 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4697 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4698 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4700 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4701 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4702 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4704 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4705 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4706 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4707 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4708 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4709 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4710 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4711 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4713 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4714 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4715 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4716 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4717 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4718 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-4719 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4720 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4721 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4721 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves 38 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR (MFSA 2026-22, bsc#1260083): * CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component * CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component * CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component * CVE-2026-4692: Sandbox escape in the Responsive Design Mode component * CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component * CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component * CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component * CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component * CVE-2026-4700: Mitigation bypass in the Networking: HTTP component * CVE-2026-4701: Use-after-free in the JavaScript Engine component * CVE-2026-4702: JIT miscompilation in the JavaScript Engine component * CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component * CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component * CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4708: Incorrect boundary conditions in the Graphics component * CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component * CVE-2026-4711: Use-after-free in the Widget: Cocoa component * CVE-2026-4712: Information disclosure in the Widget: Cocoa component * CVE-2026-4713: Incorrect boundary conditions in the Graphics component * CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component * CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component * CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component * CVE-2026-4717: Privilege escalation in the Netmonitor component * CVE-2025-59375: Denial-of-service in the XML component * CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component * CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component * CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 * CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-456=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-140.9.0-160000.1.1 * MozillaFirefox-debuginfo-140.9.0-160000.1.1 * MozillaFirefox-translations-other-140.9.0-160000.1.1 * MozillaFirefox-140.9.0-160000.1.1 * MozillaFirefox-debugsource-140.9.0-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * MozillaFirefox-devel-140.9.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://www.suse.com/security/cve/CVE-2026-4684.html * https://www.suse.com/security/cve/CVE-2026-4685.html * https://www.suse.com/security/cve/CVE-2026-4686.html * https://www.suse.com/security/cve/CVE-2026-4687.html * https://www.suse.com/security/cve/CVE-2026-4688.html * https://www.suse.com/security/cve/CVE-2026-4689.html * https://www.suse.com/security/cve/CVE-2026-4690.html * https://www.suse.com/security/cve/CVE-2026-4691.html * https://www.suse.com/security/cve/CVE-2026-4692.html * https://www.suse.com/security/cve/CVE-2026-4693.html * https://www.suse.com/security/cve/CVE-2026-4694.html * https://www.suse.com/security/cve/CVE-2026-4695.html * https://www.suse.com/security/cve/CVE-2026-4696.html * https://www.suse.com/security/cve/CVE-2026-4697.html * https://www.suse.com/security/cve/CVE-2026-4698.html * https://www.suse.com/security/cve/CVE-2026-4699.html * https://www.suse.com/security/cve/CVE-2026-4700.html * https://www.suse.com/security/cve/CVE-2026-4701.html * https://www.suse.com/security/cve/CVE-2026-4702.html * https://www.suse.com/security/cve/CVE-2026-4704.html * https://www.suse.com/security/cve/CVE-2026-4705.html * https://www.suse.com/security/cve/CVE-2026-4706.html * https://www.suse.com/security/cve/CVE-2026-4707.html * https://www.suse.com/security/cve/CVE-2026-4708.html * https://www.suse.com/security/cve/CVE-2026-4709.html * https://www.suse.com/security/cve/CVE-2026-4710.html * https://www.suse.com/security/cve/CVE-2026-4711.html * https://www.suse.com/security/cve/CVE-2026-4712.html * https://www.suse.com/security/cve/CVE-2026-4713.html * https://www.suse.com/security/cve/CVE-2026-4714.html * https://www.suse.com/security/cve/CVE-2026-4715.html * https://www.suse.com/security/cve/CVE-2026-4716.html * https://www.suse.com/security/cve/CVE-2026-4717.html * https://www.suse.com/security/cve/CVE-2026-4718.html * https://www.suse.com/security/cve/CVE-2026-4719.html * https://www.suse.com/security/cve/CVE-2026-4720.html * https://www.suse.com/security/cve/CVE-2026-4721.html * https://bugzilla.suse.com/show_bug.cgi?id=1260083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:31:39 -0000 Subject: SUSE-SU-2026:20976-1: important: Security update for docker-compose Message-ID: <177575229967.22761.17133675173516319680@7334c935c7bb> # Security update for docker-compose Announcement ID: SUSE-SU-2026:20976-1 Release Date: 2026-03-27T10:04:45Z Rating: important References: * bsc#1252752 * bsc#1253584 * bsc#1254041 Cross-References: * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-62725 CVSS scores: * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-62725 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-62725 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-62725 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for docker-compose fixes the following issues: * CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253584). * CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). * CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files (bsc#1252752). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-455=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * docker-compose-2.33.1-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-62725.html * https://bugzilla.suse.com/show_bug.cgi?id=1252752 * https://bugzilla.suse.com/show_bug.cgi?id=1253584 * https://bugzilla.suse.com/show_bug.cgi?id=1254041 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:31:42 -0000 Subject: SUSE-SU-2026:1231-1: important: Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise 15 SP4) Message-ID: <177575230236.22761.11143104874814487819@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1231-1 Release Date: 2026-04-09T09:04:40Z Rating: important References: * bsc#1258784 Cross-References: * CVE-2026-23209 CVSS scores: * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.194 fixes one security issue The following security issue was fixed: * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1231=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1231=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_194-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_48-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_194-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_48-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:31:46 -0000 Subject: SUSE-SU-2026:1232-1: important: Security update for cockpit Message-ID: <177575230653.22761.18174209223115047735@7334c935c7bb> # Security update for cockpit Announcement ID: SUSE-SU-2026:1232-1 Release Date: 2026-04-09T10:47:30Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1232=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1232=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cockpit-251.3-150300.6.9.1 * cockpit-bridge-251.3-150300.6.9.1 * cockpit-debuginfo-251.3-150300.6.9.1 * cockpit-debugsource-251.3-150300.6.9.1 * cockpit-bridge-debuginfo-251.3-150300.6.9.1 * cockpit-ws-251.3-150300.6.9.1 * cockpit-ws-debuginfo-251.3-150300.6.9.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * cockpit-system-251.3-150300.6.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cockpit-251.3-150300.6.9.1 * cockpit-bridge-251.3-150300.6.9.1 * cockpit-debuginfo-251.3-150300.6.9.1 * cockpit-debugsource-251.3-150300.6.9.1 * cockpit-bridge-debuginfo-251.3-150300.6.9.1 * cockpit-ws-251.3-150300.6.9.1 * cockpit-ws-debuginfo-251.3-150300.6.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cockpit-system-251.3-150300.6.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:31:50 -0000 Subject: SUSE-SU-2026:1230-1: important: Security update for bind Message-ID: <177575231050.22761.7606423337834630186@7334c935c7bb> # Security update for bind Announcement ID: SUSE-SU-2026:1230-1 Release Date: 2026-04-09T08:58:39Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1230=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1230=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1230=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1230=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1230=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1230=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * openSUSE Leap 15.5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * bind-utils-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 16:31:53 -0000 Subject: SUSE-SU-2026:1229-1: important: Security update for bind Message-ID: <177575231390.22761.12055543082649575131@7334c935c7bb> # Security update for bind Announcement ID: SUSE-SU-2026:1229-1 Release Date: 2026-04-09T08:58:10Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1229=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1229=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libirs161-debuginfo-9.11.22-3.68.1 * libisccfg163-9.11.22-3.68.1 * bind-9.11.22-3.68.1 * libdns1110-9.11.22-3.68.1 * bind-debugsource-9.11.22-3.68.1 * liblwres161-9.11.22-3.68.1 * libdns1110-debuginfo-9.11.22-3.68.1 * libisccc161-debuginfo-9.11.22-3.68.1 * libisc1107-debuginfo-9.11.22-3.68.1 * libbind9-161-debuginfo-9.11.22-3.68.1 * bind-utils-9.11.22-3.68.1 * liblwres161-debuginfo-9.11.22-3.68.1 * bind-debuginfo-9.11.22-3.68.1 * bind-utils-debuginfo-9.11.22-3.68.1 * bind-chrootenv-9.11.22-3.68.1 * libisccfg163-debuginfo-9.11.22-3.68.1 * libisc1107-9.11.22-3.68.1 * libisccc161-9.11.22-3.68.1 * bind-devel-9.11.22-3.68.1 * libbind9-161-9.11.22-3.68.1 * libirs161-9.11.22-3.68.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * bind-doc-9.11.22-3.68.1 * python-bind-9.11.22-3.68.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libisc1107-32bit-9.11.22-3.68.1 * libisc1107-debuginfo-32bit-9.11.22-3.68.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libirs161-debuginfo-9.11.22-3.68.1 * libisccfg163-9.11.22-3.68.1 * bind-9.11.22-3.68.1 * libdns1110-9.11.22-3.68.1 * bind-debugsource-9.11.22-3.68.1 * liblwres161-9.11.22-3.68.1 * libdns1110-debuginfo-9.11.22-3.68.1 * libisccc161-debuginfo-9.11.22-3.68.1 * libisc1107-debuginfo-9.11.22-3.68.1 * libbind9-161-debuginfo-9.11.22-3.68.1 * bind-utils-9.11.22-3.68.1 * liblwres161-debuginfo-9.11.22-3.68.1 * libisc1107-debuginfo-32bit-9.11.22-3.68.1 * bind-debuginfo-9.11.22-3.68.1 * bind-utils-debuginfo-9.11.22-3.68.1 * bind-chrootenv-9.11.22-3.68.1 * libisc1107-32bit-9.11.22-3.68.1 * libisccfg163-debuginfo-9.11.22-3.68.1 * libisc1107-9.11.22-3.68.1 * libisccc161-9.11.22-3.68.1 * bind-devel-9.11.22-3.68.1 * libbind9-161-9.11.22-3.68.1 * libirs161-9.11.22-3.68.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * bind-doc-9.11.22-3.68.1 * python-bind-9.11.22-3.68.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 20:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 09 Apr 2026 20:30:16 -0000 Subject: SUSE-SU-2026:1236-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Message-ID: <177576661675.19813.8645213678289500950@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1236-1 Release Date: 2026-04-09T14:22:37Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1236=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1236=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_53-default-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-14-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-14-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_53-default-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-14-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-14-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 08:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 08:30:21 -0000 Subject: SUSE-SU-2026:1239-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6) Message-ID: <177580982142.21169.9039727913049036925@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1239-1 Release Date: 2026-04-09T19:04:34Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.47 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1239=1 SUSE-2026-1238=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1239=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1238=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-14-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-15-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-14-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-14-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-15-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-14-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 08:30:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 08:30:30 -0000 Subject: SUSE-SU-2026:1237-1: important: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) Message-ID: <177580983015.21169.4486072493846532240@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1237-1 Release Date: 2026-04-09T17:05:00Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1237=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1237=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_47-debugsource-4-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_47-debugsource-4-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 12:31:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 12:31:19 -0000 Subject: SUSE-SU-2026:1242-1: important: Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4) Message-ID: <177582427917.21608.7997337822856151752@634a8d224e68> # Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1242-1 Release Date: 2026-04-10T07:04:48Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.179 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1241=1 SUSE-2026-1242=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1242=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1241=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1240=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1240=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_24-debugsource-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-15-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_24-debugsource-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-15-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_45-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-8-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_45-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-8-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 16:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 16:30:16 -0000 Subject: SUSE-SU-2026:1248-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) Message-ID: <177583861628.25885.354536067802478717@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1248-1 Release Date: 2026-04-10T11:04:25Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.113 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1246=1 SUSE-2026-1248=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1246=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1248=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_28-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_29-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-12-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_28-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-12-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x) * kernel-livepatch-SLE15-SP5_Update_29-debugsource-12-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 16:32:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 16:32:33 -0000 Subject: SUSE-SU-2026:1244-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7) Message-ID: <177583875348.22066.18431980960311359270@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1244-1 Release Date: 2026-04-10T08:04:54Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1244=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_16-default-8-150700.2.1 * kernel-livepatch-6_4_0-150700_53_16-default-debuginfo-8-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_4-debugsource-8-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 16:32:55 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 16:32:55 -0000 Subject: SUSE-SU-2026:1252-1: important: Security update for tigervnc Message-ID: <177583877535.22066.7013616644807425884@ea440c8e37cc> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1252-1 Release Date: 2026-04-10T11:37:03Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1252=1 openSUSE-SLE-15.6-2026-1252=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1252=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1252=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libXvnc1-debuginfo-1.13.1-150600.4.3.1 * tigervnc-debugsource-1.13.1-150600.4.3.1 * libXvnc1-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-1.13.1-150600.4.3.1 * libXvnc-devel-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1 * tigervnc-1.13.1-150600.4.3.1 * tigervnc-debuginfo-1.13.1-150600.4.3.1 * openSUSE Leap 15.6 (noarch) * tigervnc-x11vnc-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-java-1.13.1-150600.4.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64 i586) * xorg-x11-Xvnc-module-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libXvnc1-debuginfo-1.13.1-150600.4.3.1 * tigervnc-debugsource-1.13.1-150600.4.3.1 * libXvnc1-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-1.13.1-150600.4.3.1 * libXvnc-devel-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1 * tigervnc-1.13.1-150600.4.3.1 * tigervnc-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libXvnc1-debuginfo-1.13.1-150600.4.3.1 * tigervnc-debugsource-1.13.1-150600.4.3.1 * libXvnc1-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-1.13.1-150600.4.3.1 * libXvnc-devel-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1 * tigervnc-1.13.1-150600.4.3.1 * tigervnc-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 20:30:12 -0000 Subject: SUSE-SU-2026:1254-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) Message-ID: <177585301205.26409.15330314011709591380@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1254-1 Release Date: 2026-04-10T14:04:42Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.127 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1254=1 SUSE-2026-1253=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1254=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1253=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_34-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_32-debugsource-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_34-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_32-debugsource-4-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 20:30:20 -0000 Subject: SUSE-SU-2026:1257-1: important: Security update for openssl-1_1 Message-ID: <177585302074.26409.7186724615540258372@7334c935c7bb> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1257-1 Release Date: 2026-04-10T15:06:44Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1257=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1257=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1257=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1257=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1257=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1257=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1257=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1257=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1257=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.90.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl1_1-64bit-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-64bit-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-64bit-1.1.1l-150400.7.90.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 20:30:29 -0000 Subject: SUSE-SU-2026:1256-1: important: Security update for openssl-1_0_0 Message-ID: <177585302907.26409.13252377738056812188@7334c935c7bb> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2026:1256-1 Release Date: 2026-04-10T14:57:45Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1256=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1256=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-hmac-1.0.2p-3.106.1 * openssl-1_0_0-debugsource-1.0.2p-3.106.1 * libopenssl-1_0_0-devel-1.0.2p-3.106.1 * openssl-1_0_0-1.0.2p-3.106.1 * libopenssl1_0_0-1.0.2p-3.106.1 * openssl-1_0_0-debuginfo-1.0.2p-3.106.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.106.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * openssl-1_0_0-doc-1.0.2p-3.106.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libopenssl1_0_0-32bit-1.0.2p-3.106.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.106.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-hmac-1.0.2p-3.106.1 * openssl-1_0_0-debugsource-1.0.2p-3.106.1 * libopenssl-1_0_0-devel-1.0.2p-3.106.1 * libopenssl1_0_0-32bit-1.0.2p-3.106.1 * openssl-1_0_0-1.0.2p-3.106.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-1.0.2p-3.106.1 * openssl-1_0_0-debuginfo-1.0.2p-3.106.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.106.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * openssl-1_0_0-doc-1.0.2p-3.106.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 20:30:35 -0000 Subject: SUSE-SU-2026:1255-1: important: Security update for openssl-1_1 Message-ID: <177585303598.26409.16738255860393020693@7334c935c7bb> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1255-1 Release Date: 2026-04-10T14:56:49Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1255=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1255=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.125.1 * openssl-1_1-debugsource-1.1.1d-2.125.1 * libopenssl-1_1-devel-1.1.1d-2.125.1 * openssl-1_1-1.1.1d-2.125.1 * libopenssl1_1-1.1.1d-2.125.1 * libopenssl1_1-debuginfo-1.1.1d-2.125.1 * libopenssl1_1-hmac-1.1.1d-2.125.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.125.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.125.1 * libopenssl1_1-32bit-1.1.1d-2.125.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.125.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * openssl-1_1-debuginfo-1.1.1d-2.125.1 * libopenssl-1_1-devel-32bit-1.1.1d-2.125.1 * openssl-1_1-debugsource-1.1.1d-2.125.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.125.1 * libopenssl1_1-hmac-1.1.1d-2.125.1 * libopenssl-1_1-devel-1.1.1d-2.125.1 * openssl-1_1-1.1.1d-2.125.1 * libopenssl1_1-1.1.1d-2.125.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.125.1 * libopenssl1_1-32bit-1.1.1d-2.125.1 * libopenssl1_1-debuginfo-1.1.1d-2.125.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 20:30:39 -0000 Subject: SUSE-SU-2026:1251-1: important: Security update for cockpit-podman Message-ID: <177585303905.26409.3075470973545811343@7334c935c7bb> # Security update for cockpit-podman Announcement ID: SUSE-SU-2026:1251-1 Release Date: 2026-04-10T11:36:50Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-podman fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1251=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1251=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * cockpit-podman-33-150300.6.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cockpit-podman-33-150300.6.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 20:30:43 -0000 Subject: SUSE-SU-2026:1250-1: important: Security update for cockpit-tukit Message-ID: <177585304303.26409.15658608931975858208@7334c935c7bb> # Security update for cockpit-tukit Announcement ID: SUSE-SU-2026:1250-1 Release Date: 2026-04-10T11:36:40Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-tukit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1250=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1250=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * cockpit-tukit-0.0.3~git14.ff11a9a-150300.1.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cockpit-tukit-0.0.3~git14.ff11a9a-150300.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 20:30:47 -0000 Subject: SUSE-SU-2026:1249-1: important: Security update for cockpit-machines Message-ID: <177585304719.26409.18247034294899122273@7334c935c7bb> # Security update for cockpit-machines Announcement ID: SUSE-SU-2026:1249-1 Release Date: 2026-04-10T11:36:32Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-machines fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1249=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1249=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * cockpit-machines-249.1-150300.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cockpit-machines-249.1-150300.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 10 Apr 2026 20:30:50 -0000 Subject: SUSE-SU-2026:1247-1: important: Security update for nghttp2 Message-ID: <177585305016.26409.5548814717478529011@7334c935c7bb> # Security update for nghttp2 Announcement ID: SUSE-SU-2026:1247-1 Release Date: 2026-04-10T10:35:16Z Rating: important References: * bsc#1259845 Cross-References: * CVE-2026-27135 CVSS scores: * CVE-2026-27135 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27135 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issue: * CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1247=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1247=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1247=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1247=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1247=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1247=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1247=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1247=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1247=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1247=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1247=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1247=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1247=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1247=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1247=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27135.html * https://bugzilla.suse.com/show_bug.cgi?id=1259845 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:30:14 -0000 Subject: SUSE-SU-2026:1285-1: important: Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) Message-ID: <177606901455.28623.17672415758835876156@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1285-1 Release Date: 2026-04-12T19:04:23Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1285=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_258-default-13-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:30:26 -0000 Subject: SUSE-SU-2026:21024-1: important: Security update for cockpit-machines Message-ID: <177606902689.28623.11368968553778807135@c2c2e0ac4d9f> # Security update for cockpit-machines Announcement ID: SUSE-SU-2026:21024-1 Release Date: 2026-04-10T11:34:47Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-machines fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-519=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-machines-346-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:30:30 -0000 Subject: SUSE-SU-2026:21023-1: important: Security update for cockpit-podman Message-ID: <177606903059.28623.2337769331621604500@c2c2e0ac4d9f> # Security update for cockpit-podman Announcement ID: SUSE-SU-2026:21023-1 Release Date: 2026-04-10T11:33:40Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-podman fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-518=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-podman-117-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:30:34 -0000 Subject: SUSE-SU-2026:21022-1: important: Security update for cockpit Message-ID: <177606903442.28623.12454664051968192373@c2c2e0ac4d9f> # Security update for cockpit Announcement ID: SUSE-SU-2026:21022-1 Release Date: 2026-04-10T11:27:10Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-520=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * cockpit-ws-selinux-354-160000.2.1 * cockpit-ws-debuginfo-354-160000.2.1 * cockpit-ws-354-160000.2.1 * cockpit-354-160000.2.1 * cockpit-debugsource-354-160000.2.1 * SUSE Linux Micro 6.2 (noarch) * cockpit-system-354-160000.2.1 * cockpit-bridge-354-160000.2.1 * cockpit-selinux-354-160000.2.1 * cockpit-networkmanager-354-160000.2.1 * cockpit-storaged-354-160000.2.1 * cockpit-firewalld-354-160000.2.1 * cockpit-kdump-354-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:30:38 -0000 Subject: SUSE-SU-2026:21021-1: important: Security update for python-cryptography Message-ID: <177606903839.28623.13446741980421797060@c2c2e0ac4d9f> # Security update for python-cryptography Announcement ID: SUSE-SU-2026:21021-1 Release Date: 2026-04-10T11:23:42Z Rating: important References: * bsc#1258074 * bsc#1260876 Cross-References: * CVE-2026-26007 * CVE-2026-34073 CVSS scores: * CVE-2026-26007 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-26007 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-26007 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26007 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-34073 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34073 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34073 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34073 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) * CVE-2026-26007: missing validation can lead to security issues for signature verification (ECDSA) and shared key negotiation (ECDH) (bsc#1258074). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-522=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * python313-cryptography-debuginfo-44.0.3-160000.3.1 * python313-cryptography-44.0.3-160000.3.1 * python-cryptography-debugsource-44.0.3-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26007.html * https://www.suse.com/security/cve/CVE-2026-34073.html * https://bugzilla.suse.com/show_bug.cgi?id=1258074 * https://bugzilla.suse.com/show_bug.cgi?id=1260876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:30:46 -0000 Subject: SUSE-SU-2026:21020-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177606904664.28623.13035381907773458462@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21020-1 Release Date: 2026-04-10T08:13:56Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-517=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_9-default-3-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-debuginfo-3-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:30:52 -0000 Subject: SUSE-SU-2026:21019-1: important: Security update for glibc Message-ID: <177606905201.28623.9023673494536434111@c2c2e0ac4d9f> # Security update for glibc Announcement ID: SUSE-SU-2026:21019-1 Release Date: 2026-04-10T06:18:59Z Rating: important References: * bsc#1258319 * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for glibc fixes the following issues: Security fixes: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). Other fixes: * nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-516=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * glibc-locale-base-2.40-160000.4.1 * glibc-devel-debuginfo-2.40-160000.4.1 * glibc-devel-2.40-160000.4.1 * glibc-locale-2.40-160000.4.1 * glibc-debuginfo-2.40-160000.4.1 * glibc-2.40-160000.4.1 * glibc-debugsource-2.40-160000.4.1 * SUSE Linux Micro 6.2 (aarch64 x86_64) * glibc-gconv-modules-extra-2.40-160000.4.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1258319 * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:30:54 -0000 Subject: SUSE-SU-2026:21018-1: moderate: Security update for ovmf Message-ID: <177606905456.28623.13077181309293195296@c2c2e0ac4d9f> # Security update for ovmf Announcement ID: SUSE-SU-2026:21018-1 Release Date: 2026-04-09T15:05:01Z Rating: moderate References: * bsc#1252441 Cross-References: * CVE-2025-59438 CVSS scores: * CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59438 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for ovmf fixes the following issue: * CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-514=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * qemu-ovmf-x86_64-202502-160000.4.1 * qemu-uefi-aarch64-202502-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59438.html * https://bugzilla.suse.com/show_bug.cgi?id=1252441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:31:02 -0000 Subject: SUSE-SU-2026:21016-1: moderate: Security update for util-linux Message-ID: <177606906278.28623.1960166111992758445@c2c2e0ac4d9f> # Security update for util-linux Announcement ID: SUSE-SU-2026:21016-1 Release Date: 2026-04-09T13:02:47Z Rating: moderate References: * bsc#1222465 * bsc#1254666 * bsc#1258859 * jsc#PED-13682 Cross-References: * CVE-2025-14104 * CVE-2026-3184 CVSS scores: * CVE-2025-14104 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-14104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-14104 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-3184 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-3184 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for util-linux fixes the following issues: Security issues: * CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). * CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: * fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). * lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-510=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * util-linux-debuginfo-2.41.1-160000.3.1 * util-linux-2.41.1-160000.3.1 * util-linux-systemd-debugsource-2.41.1-160000.3.1 * libsmartcols1-2.41.1-160000.3.1 * libsmartcols1-debuginfo-2.41.1-160000.3.1 * libuuid1-2.41.1-160000.3.1 * util-linux-systemd-debuginfo-2.41.1-160000.3.1 * libblkid1-debuginfo-2.41.1-160000.3.1 * libfdisk1-2.41.1-160000.3.1 * util-linux-debugsource-2.41.1-160000.3.1 * libfdisk1-debuginfo-2.41.1-160000.3.1 * liblastlog2-2-debuginfo-2.41.1-160000.3.1 * libmount1-debuginfo-2.41.1-160000.3.1 * libuuid1-debuginfo-2.41.1-160000.3.1 * util-linux-systemd-2.41.1-160000.3.1 * libmount1-2.41.1-160000.3.1 * lastlog2-2.41.1-160000.3.1 * liblastlog2-2-2.41.1-160000.3.1 * lastlog2-debuginfo-2.41.1-160000.3.1 * libblkid1-2.41.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14104.html * https://www.suse.com/security/cve/CVE-2026-3184.html * https://bugzilla.suse.com/show_bug.cgi?id=1222465 * https://bugzilla.suse.com/show_bug.cgi?id=1254666 * https://bugzilla.suse.com/show_bug.cgi?id=1258859 * https://jira.suse.com/browse/PED-13682 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:31:10 -0000 Subject: SUSE-SU-2026:21013-1: moderate: Security update for zlib Message-ID: <177606907028.28623.12009066465788927221@c2c2e0ac4d9f> # Security update for zlib Announcement ID: SUSE-SU-2026:21013-1 Release Date: 2026-04-09T11:25:32Z Rating: moderate References: * bsc#1216378 * bsc#1258392 Cross-References: * CVE-2023-45853 * CVE-2026-27171 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45853 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) * CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-502=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * zlib-devel-1.2.13-160000.3.1 * libz1-1.2.13-160000.3.1 * zlib-debugsource-1.2.13-160000.3.1 * libz1-debuginfo-1.2.13-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://www.suse.com/security/cve/CVE-2026-27171.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 * https://bugzilla.suse.com/show_bug.cgi?id=1258392 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:31:28 -0000 Subject: SUSE-SU-2026:21009-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177606908860.28623.1222850095148739071@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21009-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-493=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-SLE16-RT_Update_2-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_7-rt-debuginfo-4-160000.1.1 * kernel-livepatch-6_12_0-160000_7-rt-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:31:40 -0000 Subject: SUSE-SU-2026:21008-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177606910037.28623.15603789662896682903@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21008-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-492=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_6-rt-debuginfo-6-160000.1.1 * kernel-livepatch-SLE16-RT_Update_1-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_6-rt-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:31:51 -0000 Subject: SUSE-SU-2026:21007-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177606911188.28623.1691020468175834909@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21007-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-491=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-SLE16-RT_Update_0-debugsource-7-160000.3.4 * kernel-livepatch-6_12_0-160000_5-rt-7-160000.3.4 * kernel-livepatch-6_12_0-160000_5-rt-debuginfo-7-160000.3.4 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:31:59 -0000 Subject: SUSE-SU-2026:21006-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177606911972.28623.3977149852831219296@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21006-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-490=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_8-rt-debuginfo-3-160000.1.1 * kernel-livepatch-6_12_0-160000_8-rt-3-160000.1.1 * kernel-livepatch-SLE16-RT_Update_3-debugsource-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:32:07 -0000 Subject: SUSE-SU-2026:21005-1: important: Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177606912770.28623.2055301627903874174@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21005-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-489=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_9-rt-3-160000.1.1 * kernel-livepatch-SLE16-RT_Update_4-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_9-rt-debuginfo-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:32:13 -0000 Subject: SUSE-SU-2026:21004-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177606913305.28623.17647223599391774471@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21004-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-488=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_26-rt-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-rt-debuginfo-2-160000.1.1 * kernel-livepatch-SLE16-RT_Update_5-debugsource-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:32:20 -0000 Subject: SUSE-SU-2026:21003-1: important: Security update for systemd Message-ID: <177606914058.28623.2457337308034013402@c2c2e0ac4d9f> # Security update for systemd Announcement ID: SUSE-SU-2026:21003-1 Release Date: 2026-04-07T15:08:39Z Rating: important References: * bsc#1255326 * bsc#1258344 * bsc#1259418 * bsc#1259650 * bsc#1259697 * jsc#PED-14853 Cross-References: * CVE-2026-29111 * CVE-2026-4105 CVSS scores: * CVE-2026-29111 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29111 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4105 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4105 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4105 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities, contains one feature and has three fixes can now be installed. ## Description: This update for systemd fixes the following issues: Update to systemd v257.13: Security issues: * CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). * CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). * udev: local root execution via malicious hardware devices and unsanitized kernel output (bsc#1259697). Non security issues: * Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853). * Sign systemd-boot EFI binary on aarch64 (bsc#1258344) * terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) Changelog: * 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105) * 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697) * 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111) * fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28 ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-485=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * systemd-portable-257.13-160000.1.1 * libsystemd0-debuginfo-257.13-160000.1.1 * libsystemd0-257.13-160000.1.1 * udev-257.13-160000.1.1 * systemd-debugsource-257.13-160000.1.1 * libudev1-debuginfo-257.13-160000.1.1 * systemd-container-257.13-160000.1.1 * systemd-experimental-debuginfo-257.13-160000.1.1 * udev-debuginfo-257.13-160000.1.1 * systemd-experimental-257.13-160000.1.1 * systemd-container-debuginfo-257.13-160000.1.1 * systemd-journal-remote-257.13-160000.1.1 * systemd-portable-debuginfo-257.13-160000.1.1 * systemd-journal-remote-debuginfo-257.13-160000.1.1 * systemd-debuginfo-257.13-160000.1.1 * systemd-257.13-160000.1.1 * libudev1-257.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29111.html * https://www.suse.com/security/cve/CVE-2026-4105.html * https://bugzilla.suse.com/show_bug.cgi?id=1255326 * https://bugzilla.suse.com/show_bug.cgi?id=1258344 * https://bugzilla.suse.com/show_bug.cgi?id=1259418 * https://bugzilla.suse.com/show_bug.cgi?id=1259650 * https://bugzilla.suse.com/show_bug.cgi?id=1259697 * https://jira.suse.com/browse/PED-14853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:32:25 -0000 Subject: SUSE-SU-2026:21002-1: important: Security update for tar Message-ID: <177606914550.28623.2327710743880777375@c2c2e0ac4d9f> # Security update for tar Announcement ID: SUSE-SU-2026:21002-1 Release Date: 2026-04-07T14:55:48Z Rating: important References: * bsc#1246399 * bsc#1246607 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for tar fixes the following issue: Security issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). Non security issue: * Fixes tar creating invalid tarballs when used with --delete (bsc#1246607) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-486=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * tar-debuginfo-1.35-160000.3.1 * tar-debugsource-1.35-160000.3.1 * tar-1.35-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 * https://bugzilla.suse.com/show_bug.cgi?id=1246607 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:32:28 -0000 Subject: SUSE-SU-2026:21001-1: moderate: Security update for libtasn1 Message-ID: <177606914833.28623.12748962027952414496@c2c2e0ac4d9f> # Security update for libtasn1 Announcement ID: SUSE-SU-2026:21001-1 Release Date: 2026-04-07T14:45:56Z Rating: moderate References: * bsc#1256341 Cross-References: * CVE-2025-13151 CVSS scores: * CVE-2025-13151 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-13151 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-13151 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for libtasn1 fixes the following issues: * CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-484=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libtasn1-debugsource-4.21.0-160000.1.1 * libtasn1-6-debuginfo-4.21.0-160000.1.1 * libtasn1-6-4.21.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13151.html * https://bugzilla.suse.com/show_bug.cgi?id=1256341 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:32:34 -0000 Subject: SUSE-SU-2026:21000-1: important: Security update for libpng16 Message-ID: <177606915429.28623.17113986774854588811@c2c2e0ac4d9f> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21000-1 Release Date: 2026-04-07T11:59:28Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-480=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libpng16-16-debuginfo-1.6.44-160000.6.1 * libpng16-16-1.6.44-160000.6.1 * libpng16-debugsource-1.6.44-160000.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:32:39 -0000 Subject: SUSE-SU-2026:20999-1: important: Security update for glibc Message-ID: <177606915964.28623.8049121826267205628@c2c2e0ac4d9f> # Security update for glibc Announcement ID: SUSE-SU-2026:20999-1 Release Date: 2026-04-10T07:11:54Z Rating: important References: * bsc#1258319 * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for glibc fixes the following issues: Security fixes: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). Other fixes: * nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-516=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * glibc-debuginfo-2.40-160000.4.1 * glibc-gconv-modules-extra-2.40-160000.4.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.4.1 * glibc-debugsource-2.40-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1258319 * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:32:47 -0000 Subject: SUSE-SU-2026:20998-1: important: Security update for systemd Message-ID: <177606916708.28623.12815590160988809218@c2c2e0ac4d9f> # Security update for systemd Announcement ID: SUSE-SU-2026:20998-1 Release Date: 2026-04-07T15:10:12Z Rating: important References: * bsc#1255326 * bsc#1258344 * bsc#1259418 * bsc#1259650 * bsc#1259697 * jsc#PED-14853 Cross-References: * CVE-2026-29111 * CVE-2026-4105 CVSS scores: * CVE-2026-29111 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29111 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4105 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4105 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4105 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves two vulnerabilities, contains one feature and has three fixes can now be installed. ## Description: This update for systemd fixes the following issues: Update to systemd v257.13: Security issues: * CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). * CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). * udev: local root execution via malicious hardware devices and unsanitized kernel output (bsc#1259697). Non security issues: * Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853). * Sign systemd-boot EFI binary on aarch64 (bsc#1258344) * terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) Changelog: * 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105) * 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697) * 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111) * fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28 ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-485=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * systemd-debuginfo-257.13-160000.1.1 * systemd-devel-257.13-160000.1.1 * systemd-debugsource-257.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29111.html * https://www.suse.com/security/cve/CVE-2026-4105.html * https://bugzilla.suse.com/show_bug.cgi?id=1255326 * https://bugzilla.suse.com/show_bug.cgi?id=1258344 * https://bugzilla.suse.com/show_bug.cgi?id=1259418 * https://bugzilla.suse.com/show_bug.cgi?id=1259650 * https://bugzilla.suse.com/show_bug.cgi?id=1259697 * https://jira.suse.com/browse/PED-14853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:32:54 -0000 Subject: SUSE-SU-2026:1284-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Message-ID: <177606917468.28623.15887296519932254831@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1284-1 Release Date: 2026-04-12T10:34:11Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.25 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1284=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_7-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_25-default-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:33:06 -0000 Subject: SUSE-SU-2026:1283-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606918625.28623.2988309987258552194@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1283-1 Release Date: 2026-04-12T10:34:05Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.60 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1283=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1282=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1282=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_51-default-13-150700.3.36.1 * kernel-livepatch-6_4_0-150700_51-default-debuginfo-13-150700.3.36.1 * kernel-livepatch-SLE15-SP7_Update_0-debugsource-13-150700.3.36.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_13-debugsource-12-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-12-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-12-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_13-debugsource-12-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-12-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-12-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:33:17 -0000 Subject: SUSE-SU-2026:1281-1: important: Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606919744.28623.13164294386945379834@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1281-1 Release Date: 2026-04-12T08:35:33Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.170 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1281=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1281=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-14-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-14-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:33:26 -0000 Subject: SUSE-SU-2026:1280-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606920694.28623.8700758762799710590@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1280-1 Release Date: 2026-04-12T02:04:37Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.167 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1280=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1280=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_41-debugsource-15-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_41-debugsource-15-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:33:34 -0000 Subject: SUSE-SU-2026:1279-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Message-ID: <177606921490.28623.10655790640207636586@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1279-1 Release Date: 2026-04-12T00:08:13Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1279=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_28-default-debuginfo-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_8-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_28-default-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:33:47 -0000 Subject: SUSE-SU-2026:1278-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Message-ID: <177606922741.28623.11862542971679812245@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1278-1 Release Date: 2026-04-12T00:08:07Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.3 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1278=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1277=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1276=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1275=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_6-default-debuginfo-12-150700.2.1 * kernel-livepatch-6_4_0-150700_53_19-default-debuginfo-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_19-default-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-13-150700.2.1 * kernel-livepatch-6_4_0-150700_53_11-default-8-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_3-debugsource-8-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-13-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_5-debugsource-5-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_2-debugsource-12-150700.2.1 * kernel-livepatch-6_4_0-150700_53_11-default-debuginfo-8-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_1-debugsource-13-150700.2.1 * kernel-livepatch-6_4_0-150700_53_6-default-12-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:33:58 -0000 Subject: SUSE-SU-2026:1274-1: important: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606923837.28623.16388896235776047767@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1274-1 Release Date: 2026-04-11T20:04:33Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 * bsc#1259896 * bsc#1259962 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities and has two security fixes can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). The following non security issue was fixed: * Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1274=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1274=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-3-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 * https://bugzilla.suse.com/show_bug.cgi?id=1259896 * https://bugzilla.suse.com/show_bug.cgi?id=1259962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:34:06 -0000 Subject: SUSE-SU-2026:1272-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606924669.28623.2942488008752903756@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1272-1 Release Date: 2026-04-11T18:04:50Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1272=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1272=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-3-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:34:19 -0000 Subject: SUSE-SU-2026:1271-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606925963.28623.5851402236735793494@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1271-1 Release Date: 2026-04-11T18:04:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1271=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1271=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_65-default-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-8-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_65-default-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-8-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:34:27 -0000 Subject: SUSE-SU-2026:1270-1: important: Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5) Message-ID: <177606926728.28623.18206288642604408836@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1270-1 Release Date: 2026-04-11T16:34:14Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.130 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1270=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1270=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-4-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:34:36 -0000 Subject: SUSE-SU-2026:1269-1: important: Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606927688.28623.8168082424167558391@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1269-1 Release Date: 2026-04-11T16:04:45Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.153 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1269=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1269=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_37-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_153-default-17-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_37-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_153-default-17-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:34:49 -0000 Subject: SUSE-SU-2026:1268-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606928979.28623.15617179581646009488@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1268-1 Release Date: 2026-04-11T14:04:52Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.158 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1267=1 SUSE-2026-1268=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1267=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1268=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_38-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-16-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_38-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-16-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:34:40 -0000 Subject: SUSE-SU-2026:1273-1: important: Security update for MozillaFirefox Message-ID: <177606928007.28623.9659077985657918189@c2c2e0ac4d9f> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:1273-1 Release Date: 2026-04-11T19:04:49Z Rating: important References: * bsc#1261663 * jsc#PED-15778 Cross-References: * CVE-2026-5731 * CVE-2026-5732 * CVE-2026-5734 CVSS scores: * CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5731 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5732 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Update to 149.0.2 and 140.9.1esr (bsc#1261663). * CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1273=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1273=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-140.9.1-112.307.1 * MozillaFirefox-debugsource-140.9.1-112.307.1 * MozillaFirefox-debuginfo-140.9.1-112.307.1 * MozillaFirefox-translations-common-140.9.1-112.307.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * MozillaFirefox-devel-140.9.1-112.307.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * MozillaFirefox-140.9.1-112.307.1 * MozillaFirefox-debugsource-140.9.1-112.307.1 * MozillaFirefox-debuginfo-140.9.1-112.307.1 * MozillaFirefox-translations-common-140.9.1-112.307.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * MozillaFirefox-devel-140.9.1-112.307.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5731.html * https://www.suse.com/security/cve/CVE-2026-5732.html * https://www.suse.com/security/cve/CVE-2026-5734.html * https://bugzilla.suse.com/show_bug.cgi?id=1261663 * https://jira.suse.com/browse/PED-15778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:34:57 -0000 Subject: SUSE-SU-2026:1266-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606929769.28623.17391758410658532730@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1266-1 Release Date: 2026-04-11T11:04:41Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 * bsc#1259896 * bsc#1259962 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.87 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). The following non security issue was fixed: * Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1266=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1266=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_87-default-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-2-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_87-default-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-2-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 * https://bugzilla.suse.com/show_bug.cgi?id=1259896 * https://bugzilla.suse.com/show_bug.cgi?id=1259962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:35:05 -0000 Subject: SUSE-SU-2026:1265-1: important: Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606930511.28623.14459082117339781096@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1265-1 Release Date: 2026-04-11T04:34:33Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.184 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1265=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1265=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_46-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_46-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-4-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:35:15 -0000 Subject: SUSE-SU-2026:1263-1: important: Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5) Message-ID: <177606931530.28623.13089738932882698095@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1263-1 Release Date: 2026-04-11T03:36:25Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.100 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1263=1 SUSE-2026-1264=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1263=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1264=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-16-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-16-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-16-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-16-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-16-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-16-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:35:24 -0000 Subject: SUSE-SU-2026:1262-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177606932407.28623.12486572674413142365@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1262-1 Release Date: 2026-04-10T21:43:56Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 * bsc#1259896 * bsc#1259962 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.31 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). The following non security issue was fixed: * Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1262=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_9-debugsource-2-150700.2.1 * kernel-livepatch-6_4_0-150700_53_31-default-debuginfo-2-150700.2.1 * kernel-livepatch-6_4_0-150700_53_31-default-2-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 * https://bugzilla.suse.com/show_bug.cgi?id=1259896 * https://bugzilla.suse.com/show_bug.cgi?id=1259962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:35:35 -0000 Subject: SUSE-SU-2026:1261-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606933536.28623.11104326618672139365@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1261-1 Release Date: 2026-04-10T19:34:47Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1261=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1260=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1260=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_22-default-debuginfo-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_6-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_22-default-3-150700.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_78-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_17-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-3-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_78-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_17-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:35:48 -0000 Subject: SUSE-SU-2026:1259-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606934805.28623.5613625476499769310@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1259-1 Release Date: 2026-04-10T17:35:16Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.42 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1259=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1259=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_9-debugsource-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_42-default-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-16-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_9-debugsource-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_42-default-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-16-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 08:35:52 -0000 Subject: SUSE-SU-2026:1258-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5) Message-ID: <177606935286.28623.17216682611232879780@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1258-1 Release Date: 2026-04-10T17:35:09Z Rating: important References: * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1258=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1258=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_136-default-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_35-debugsource-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-3-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_136-default-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_35-debugsource-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-3-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 12:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 12:30:12 -0000 Subject: SUSE-SU-2026:1288-1: important: Security update for the Linux Kernel (Live Patch 74 for SUSE Linux Enterprise 12 SP5) Message-ID: <177608341295.1635.9658745070106355173@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 74 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1288-1 Release Date: 2026-04-13T06:34:14Z Rating: important References: * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.280 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1288=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_280-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 12:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 12:30:24 -0000 Subject: SUSE-SU-2026:1287-1: important: Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5) Message-ID: <177608342477.1635.9361764081690343266@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1287-1 Release Date: 2026-04-12T23:15:16Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.261 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1287=1 SUSE-SLE-Live- Patching-12-SP5-2026-1286=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_266-default-12-2.1 * kgraft-patch-4_12_14-122_261-default-12-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:30:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:30:22 -0000 Subject: SUSE-SU-2026:1297-1: important: Security update for the Linux Kernel (Live Patch 66 for SUSE Linux Enterprise 12 SP5) Message-ID: <177609782262.29674.9790860873084473796@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 66 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1297-1 Release Date: 2026-04-13T12:42:15Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.250 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1297=1 SUSE-SLE-Live- Patching-12-SP5-2026-1295=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_269-default-9-2.1 * kgraft-patch-4_12_14-122_250-default-16-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:30:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:30:32 -0000 Subject: SUSE-SU-2026:1296-1: important: Security update for python39 Message-ID: <177609783287.29674.664492488713242382@ea440c8e37cc> # Security update for python39 Announcement ID: SUSE-SU-2026:1296-1 Release Date: 2026-04-13T12:32:58Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for python39 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1296=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1296=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1296=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1296=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python39-curses-3.9.25-150300.4.99.1 * python39-base-3.9.25-150300.4.99.1 * python39-3.9.25-150300.4.99.1 * python39-dbm-3.9.25-150300.4.99.1 * libpython3_9-1_0-3.9.25-150300.4.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python39-curses-3.9.25-150300.4.99.1 * python39-base-3.9.25-150300.4.99.1 * python39-3.9.25-150300.4.99.1 * python39-dbm-3.9.25-150300.4.99.1 * libpython3_9-1_0-3.9.25-150300.4.99.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python39-dbm-debuginfo-3.9.25-150300.4.99.1 * python39-doc-devhelp-3.9.25-150300.4.99.1 * python39-base-debuginfo-3.9.25-150300.4.99.1 * python39-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-3.9.25-150300.4.99.1 * python39-tk-3.9.25-150300.4.99.1 * python39-curses-debuginfo-3.9.25-150300.4.99.1 * python39-base-3.9.25-150300.4.99.1 * python39-testsuite-debuginfo-3.9.25-150300.4.99.1 * python39-doc-3.9.25-150300.4.99.1 * libpython3_9-1_0-debuginfo-3.9.25-150300.4.99.1 * python39-core-debugsource-3.9.25-150300.4.99.1 * python39-curses-3.9.25-150300.4.99.1 * python39-dbm-3.9.25-150300.4.99.1 * python39-tk-debuginfo-3.9.25-150300.4.99.1 * python39-3.9.25-150300.4.99.1 * python39-tools-3.9.25-150300.4.99.1 * python39-debugsource-3.9.25-150300.4.99.1 * python39-idle-3.9.25-150300.4.99.1 * python39-testsuite-3.9.25-150300.4.99.1 * python39-devel-3.9.25-150300.4.99.1 * openSUSE Leap 15.3 (x86_64) * python39-32bit-3.9.25-150300.4.99.1 * libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.99.1 * python39-32bit-debuginfo-3.9.25-150300.4.99.1 * python39-base-32bit-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-32bit-3.9.25-150300.4.99.1 * python39-base-32bit-3.9.25-150300.4.99.1 * openSUSE Leap 15.3 (aarch64_ilp32) * python39-base-64bit-3.9.25-150300.4.99.1 * python39-64bit-3.9.25-150300.4.99.1 * python39-64bit-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-64bit-3.9.25-150300.4.99.1 * python39-base-64bit-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-64bit-debuginfo-3.9.25-150300.4.99.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python39-dbm-debuginfo-3.9.25-150300.4.99.1 * python39-doc-devhelp-3.9.25-150300.4.99.1 * python39-base-debuginfo-3.9.25-150300.4.99.1 * python39-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-3.9.25-150300.4.99.1 * python39-tk-3.9.25-150300.4.99.1 * python39-curses-debuginfo-3.9.25-150300.4.99.1 * python39-base-3.9.25-150300.4.99.1 * python39-testsuite-debuginfo-3.9.25-150300.4.99.1 * python39-doc-3.9.25-150300.4.99.1 * libpython3_9-1_0-debuginfo-3.9.25-150300.4.99.1 * python39-core-debugsource-3.9.25-150300.4.99.1 * python39-curses-3.9.25-150300.4.99.1 * python39-dbm-3.9.25-150300.4.99.1 * python39-tk-debuginfo-3.9.25-150300.4.99.1 * python39-3.9.25-150300.4.99.1 * python39-tools-3.9.25-150300.4.99.1 * python39-debugsource-3.9.25-150300.4.99.1 * python39-idle-3.9.25-150300.4.99.1 * python39-testsuite-3.9.25-150300.4.99.1 * python39-devel-3.9.25-150300.4.99.1 * openSUSE Leap 15.6 (x86_64) * python39-32bit-3.9.25-150300.4.99.1 * libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.99.1 * python39-32bit-debuginfo-3.9.25-150300.4.99.1 * python39-base-32bit-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-32bit-3.9.25-150300.4.99.1 * python39-base-32bit-3.9.25-150300.4.99.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:30:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:30:48 -0000 Subject: SUSE-SU-2026:21091-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609784854.29674.13593635896631941284@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21091-1 Release Date: 2026-04-09T13:21:21Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-339=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-25-rt-debuginfo-17-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_5-debugsource-17-1.1 * kernel-livepatch-6_4_0-25-rt-17-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:31:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:31:07 -0000 Subject: SUSE-SU-2026:21090-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609786702.29674.12475371079494212992@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21090-1 Release Date: 2026-04-09T13:21:21Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-338=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-28-rt-debuginfo-15-3.1 * kernel-livepatch-6_4_0-28-rt-15-3.1 * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-15-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:31:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:31:23 -0000 Subject: SUSE-SU-2026:21089-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609788340.29674.1984537989506574583@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21089-1 Release Date: 2026-04-09T13:21:12Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-337=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-30-rt-15-1.3 * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-15-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-15-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:31:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:31:39 -0000 Subject: SUSE-SU-2026:21088-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609789908.29674.2751333449025859843@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21088-1 Release Date: 2026-04-09T13:21:12Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-336=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-31-rt-14-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-14-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:31:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:31:54 -0000 Subject: SUSE-SU-2026:21087-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609791443.29674.8003484380046434413@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21087-1 Release Date: 2026-04-09T13:20:57Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-335=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-12-1.2 * kernel-livepatch-6_4_0-33-rt-debuginfo-12-1.2 * kernel-livepatch-6_4_0-33-rt-12-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:32:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:32:11 -0000 Subject: SUSE-SU-2026:21086-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609793166.29674.6353179594630495843@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21086-1 Release Date: 2026-04-09T13:20:57Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-334=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_10-debugsource-12-1.1 * kernel-livepatch-6_4_0-34-rt-debuginfo-12-1.1 * kernel-livepatch-6_4_0-34-rt-12-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:32:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:32:26 -0000 Subject: SUSE-SU-2026:21085-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609794618.29674.12946133203626585320@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21085-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-333=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-8-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-8-1.1 * kernel-livepatch-6_4_0-35-rt-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:32:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:32:41 -0000 Subject: SUSE-SU-2026:21084-1: important: Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609796164.29674.8902829254451270232@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21084-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-332=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-36-rt-7-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_12-debugsource-7-1.1 * kernel-livepatch-6_4_0-36-rt-debuginfo-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:33:00 -0000 Subject: SUSE-SU-2026:21083-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609798094.29674.17306597631382118789@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21083-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-37.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-331=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-37-rt-3-1.1 * kernel-livepatch-6_4_0-37-rt-debuginfo-3-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_13-debugsource-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:33:13 -0000 Subject: SUSE-SU-2026:21082-1: important: Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609799362.29674.8296705009722647050@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21082-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-330=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_14-debugsource-3-1.1 * kernel-livepatch-6_4_0-38-rt-debuginfo-3-1.1 * kernel-livepatch-6_4_0-38-rt-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:33:23 -0000 Subject: SUSE-SU-2026:21081-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609800377.29674.7978803798566026150@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21081-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-329=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_15-debugsource-2-1.1 * kernel-livepatch-6_4_0-39-rt-2-1.1 * kernel-livepatch-6_4_0-39-rt-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:33:37 -0000 Subject: SUSE-SU-2026:21080-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609801744.29674.14441918751135016624@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21080-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-328=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-25-default-18-1.2 * kernel-livepatch-MICRO-6-0_Update_5-debugsource-18-1.2 * kernel-livepatch-6_4_0-25-default-debuginfo-18-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:33:50 -0000 Subject: SUSE-SU-2026:21079-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609803055.29674.13195476028281220594@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21079-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-327=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_6-debugsource-16-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-16-3.1 * kernel-livepatch-6_4_0-28-default-16-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:34:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:34:04 -0000 Subject: SUSE-SU-2026:21078-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609804459.29674.3185013921189874687@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21078-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-326=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-29-default-15-1.2 * kernel-livepatch-6_4_0-29-default-debuginfo-15-1.2 * kernel-livepatch-MICRO-6-0_Update_7-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:34:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:34:18 -0000 Subject: SUSE-SU-2026:21077-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609805879.29674.13064387259795630799@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21077-1 Release Date: 2026-04-09T13:20:22Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-325=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-debuginfo-14-1.2 * kernel-livepatch-6_4_0-30-default-14-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:34:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:34:43 -0000 Subject: SUSE-SU-2026:21076-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609808316.29674.5161896700476334885@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21076-1 Release Date: 2026-04-09T13:20:22Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-324=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-31-default-debuginfo-14-1.2 * kernel-livepatch-6_4_0-31-default-14-1.2 * kernel-livepatch-MICRO-6-0_Update_9-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:34:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:34:57 -0000 Subject: SUSE-SU-2026:21075-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609809736.29674.13238917731685348994@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21075-1 Release Date: 2026-04-09T13:20:09Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-323=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_10-debugsource-8-1.1 * kernel-livepatch-6_4_0-32-default-8-1.1 * kernel-livepatch-6_4_0-32-default-debuginfo-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:35:10 -0000 Subject: SUSE-SU-2026:21074-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609811080.29674.3777576983686125864@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21074-1 Release Date: 2026-04-09T13:20:09Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-322=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-34-default-7-1.1 * kernel-livepatch-MICRO-6-0_Update_11-debugsource-7-1.1 * kernel-livepatch-6_4_0-34-default-debuginfo-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:35:25 -0000 Subject: SUSE-SU-2026:21073-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609812526.29674.5168102021705663527@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21073-1 Release Date: 2026-04-09T13:19:58Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-321=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-35-default-debuginfo-7-1.1 * kernel-livepatch-MICRO-6-0_Update_12-debugsource-7-1.1 * kernel-livepatch-6_4_0-35-default-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:35:36 -0000 Subject: SUSE-SU-2026:21072-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609813677.29674.13775965434714862832@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21072-1 Release Date: 2026-04-09T13:19:58Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-320=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_13-debugsource-5-1.1 * kernel-livepatch-6_4_0-36-default-5-1.1 * kernel-livepatch-6_4_0-36-default-debuginfo-5-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:35:45 -0000 Subject: SUSE-SU-2026:21071-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609814589.29674.12109494378992915827@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21071-1 Release Date: 2026-04-09T13:19:47Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-319=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-38-default-3-1.2 * kernel-livepatch-6_4_0-38-default-debuginfo-3-1.2 * kernel-livepatch-MICRO-6-0_Update_14-debugsource-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:35:57 -0000 Subject: SUSE-SU-2026:21070-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609815739.29674.16332222292854668820@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21070-1 Release Date: 2026-04-09T13:19:46Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-318=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_16-debugsource-2-1.1 * kernel-livepatch-6_4_0-39-default-2-1.1 * kernel-livepatch-6_4_0-39-default-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:36:01 -0000 Subject: SUSE-SU-2026:21069-1: important: Security update for glibc Message-ID: <177609816192.29674.4240985269229397424@ea440c8e37cc> # Security update for glibc Announcement ID: SUSE-SU-2026:21069-1 Release Date: 2026-04-09T10:41:58Z Rating: important References: * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-659=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * glibc-locale-2.38-12.1 * glibc-locale-base-2.38-12.1 * glibc-2.38-12.1 * glibc-debuginfo-2.38-12.1 * glibc-devel-debuginfo-2.38-12.1 * glibc-devel-2.38-12.1 * glibc-debugsource-2.38-12.1 * glibc-locale-base-debuginfo-2.38-12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:36:18 -0000 Subject: SUSE-SU-2026:21067-1: important: Security update for libpng16 Message-ID: <177609817839.29674.13627726016985759249@ea440c8e37cc> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21067-1 Release Date: 2026-04-09T10:15:35Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-660=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.43-4.1 * libpng16-debugsource-1.6.43-4.1 * libpng16-16-1.6.43-4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:36:28 -0000 Subject: SUSE-SU-2026:21065-1: important: Security update for openssl-3 Message-ID: <177609818870.29674.12250053568475433913@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:21065-1 Release Date: 2026-04-08T16:35:01Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-657=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libopenssl-3-fips-provider-3.1.4-12.1 * openssl-3-debugsource-3.1.4-12.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-12.1 * libopenssl3-debuginfo-3.1.4-12.1 * libopenssl3-3.1.4-12.1 * openssl-3-debuginfo-3.1.4-12.1 * libopenssl-3-devel-3.1.4-12.1 * openssl-3-3.1.4-12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:36:31 -0000 Subject: SUSE-SU-2026:21064-1: moderate: Security update for libtpms Message-ID: <177609819198.29674.9170315562155766698@ea440c8e37cc> # Security update for libtpms Announcement ID: SUSE-SU-2026:21064-1 Release Date: 2026-04-08T14:16:30Z Rating: moderate References: * bsc#1244528 Cross-References: * CVE-2025-49133 CVSS scores: * CVE-2025-49133 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for libtpms fixes the following issues: * CVE-2025-49133: out-of-bounds (OOB) access due to HMAC signing issue leads to abort and vTPM DoS (bsc#1244528). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-656=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libtpms-debugsource-0.9.6-2.1 * libtpms0-debuginfo-0.9.6-2.1 * libtpms0-0.9.6-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49133.html * https://bugzilla.suse.com/show_bug.cgi?id=1244528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:36:35 -0000 Subject: SUSE-SU-2026:21063-1: moderate: Security update for python-requests Message-ID: <177609819511.29674.14380229088434684893@ea440c8e37cc> # Security update for python-requests Announcement ID: SUSE-SU-2026:21063-1 Release Date: 2026-04-08T14:11:11Z Rating: moderate References: * bsc#1260589 Cross-References: * CVE-2026-25645 CVSS scores: * CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issue: * CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-655=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * python311-requests-2.32.3-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25645.html * https://bugzilla.suse.com/show_bug.cgi?id=1260589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:36:42 -0000 Subject: SUSE-SU-2026:21062-1: important: Security update for expat Message-ID: <177609820252.29674.10994849857634108541@ea440c8e37cc> # Security update for expat Announcement ID: SUSE-SU-2026:21062-1 Release Date: 2026-04-07T18:52:25Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-654=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-5.1 * expat-debugsource-2.7.1-5.1 * libexpat1-2.7.1-5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:36:56 -0000 Subject: SUSE-SU-2026:21061-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609821699.29674.12603382109181801771@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21061-1 Release Date: 2026-04-09T13:21:21Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-339=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-25-rt-debuginfo-17-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_5-debugsource-17-1.1 * kernel-livepatch-6_4_0-25-rt-17-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:37:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:37:10 -0000 Subject: SUSE-SU-2026:21060-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609823072.29674.16391967531637826451@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21060-1 Release Date: 2026-04-09T13:21:21Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-338=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-28-rt-debuginfo-15-3.1 * kernel-livepatch-6_4_0-28-rt-15-3.1 * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-15-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:37:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:37:25 -0000 Subject: SUSE-SU-2026:21059-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609824542.29674.7521234009091265312@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21059-1 Release Date: 2026-04-09T13:21:12Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-337=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-30-rt-15-1.3 * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-15-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-15-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:37:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:37:38 -0000 Subject: SUSE-SU-2026:21058-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609825881.29674.17596220453294556535@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21058-1 Release Date: 2026-04-09T13:21:12Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-336=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-31-rt-14-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-14-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:37:55 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:37:55 -0000 Subject: SUSE-SU-2026:21057-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609827500.29674.5743364903015273718@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21057-1 Release Date: 2026-04-09T13:20:57Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-335=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-12-1.2 * kernel-livepatch-6_4_0-33-rt-debuginfo-12-1.2 * kernel-livepatch-6_4_0-33-rt-12-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:38:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:38:08 -0000 Subject: SUSE-SU-2026:21056-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609828899.29674.2673036130404481115@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21056-1 Release Date: 2026-04-09T13:20:57Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-334=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_10-debugsource-12-1.1 * kernel-livepatch-6_4_0-34-rt-debuginfo-12-1.1 * kernel-livepatch-6_4_0-34-rt-12-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:38:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:38:22 -0000 Subject: SUSE-SU-2026:21055-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609830290.29674.12166885509674345471@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21055-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-333=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-8-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-8-1.1 * kernel-livepatch-6_4_0-35-rt-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:38:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:38:37 -0000 Subject: SUSE-SU-2026:21054-1: important: Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609831741.29674.5865694841465500808@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21054-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-332=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-36-rt-7-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_12-debugsource-7-1.1 * kernel-livepatch-6_4_0-36-rt-debuginfo-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:38:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:38:50 -0000 Subject: SUSE-SU-2026:21053-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609833062.29674.4796306732598563891@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21053-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-37.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-331=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-37-rt-3-1.1 * kernel-livepatch-6_4_0-37-rt-debuginfo-3-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_13-debugsource-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:39:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:39:01 -0000 Subject: SUSE-SU-2026:21052-1: important: Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609834119.29674.17102791107234650639@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21052-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-330=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_14-debugsource-3-1.1 * kernel-livepatch-6_4_0-38-rt-debuginfo-3-1.1 * kernel-livepatch-6_4_0-38-rt-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:39:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:39:10 -0000 Subject: SUSE-SU-2026:21051-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609835026.29674.16034687227241553214@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21051-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-329=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_15-debugsource-2-1.1 * kernel-livepatch-6_4_0-39-rt-2-1.1 * kernel-livepatch-6_4_0-39-rt-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:39:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:39:26 -0000 Subject: SUSE-SU-2026:21050-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609836661.29674.18116364879881447645@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21050-1 Release Date: 2026-04-09T13:20:33Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-328=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-25-default-18-1.2 * kernel-livepatch-MICRO-6-0_Update_5-debugsource-18-1.2 * kernel-livepatch-6_4_0-25-default-debuginfo-18-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:39:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:39:44 -0000 Subject: SUSE-SU-2026:21049-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609838495.29674.15693151607753330203@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21049-1 Release Date: 2026-04-09T13:20:25Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-327=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_6-debugsource-16-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-16-3.1 * kernel-livepatch-6_4_0-28-default-16-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:40:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:40:07 -0000 Subject: SUSE-SU-2026:21048-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609840759.29674.14227324595806885288@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21048-1 Release Date: 2026-04-09T13:20:25Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-326=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-29-default-15-1.2 * kernel-livepatch-6_4_0-29-default-debuginfo-15-1.2 * kernel-livepatch-MICRO-6-0_Update_7-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:40:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:40:22 -0000 Subject: SUSE-SU-2026:21047-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609842225.29674.15671238009807200766@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21047-1 Release Date: 2026-04-09T13:20:15Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-325=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-debuginfo-14-1.2 * kernel-livepatch-6_4_0-30-default-14-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:40:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:40:38 -0000 Subject: SUSE-SU-2026:21046-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609843811.29674.3727250617568835836@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21046-1 Release Date: 2026-04-09T13:20:15Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-324=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-31-default-debuginfo-14-1.2 * kernel-livepatch-6_4_0-31-default-14-1.2 * kernel-livepatch-MICRO-6-0_Update_9-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:40:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:40:52 -0000 Subject: SUSE-SU-2026:21045-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609845242.29674.2430529358918933778@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21045-1 Release Date: 2026-04-09T13:20:06Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-323=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_10-debugsource-8-1.1 * kernel-livepatch-6_4_0-32-default-8-1.1 * kernel-livepatch-6_4_0-32-default-debuginfo-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:41:10 -0000 Subject: SUSE-SU-2026:21044-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609847027.29674.16666570605015484066@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21044-1 Release Date: 2026-04-09T13:20:06Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-322=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-34-default-7-1.1 * kernel-livepatch-MICRO-6-0_Update_11-debugsource-7-1.1 * kernel-livepatch-6_4_0-34-default-debuginfo-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:41:22 -0000 Subject: SUSE-SU-2026:21043-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609848201.29674.14136516331128503615@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21043-1 Release Date: 2026-04-09T13:20:01Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-321=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-35-default-debuginfo-7-1.1 * kernel-livepatch-MICRO-6-0_Update_12-debugsource-7-1.1 * kernel-livepatch-6_4_0-35-default-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:41:31 -0000 Subject: SUSE-SU-2026:21042-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609849141.29674.13609668150487883563@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21042-1 Release Date: 2026-04-09T13:20:01Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-320=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_13-debugsource-5-1.1 * kernel-livepatch-6_4_0-36-default-5-1.1 * kernel-livepatch-6_4_0-36-default-debuginfo-5-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:41:44 -0000 Subject: SUSE-SU-2026:21041-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609850458.29674.1059652385150050191@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21041-1 Release Date: 2026-04-09T13:20:01Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-319=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-38-default-3-1.2 * kernel-livepatch-6_4_0-38-default-debuginfo-3-1.2 * kernel-livepatch-MICRO-6-0_Update_14-debugsource-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:41:50 -0000 Subject: SUSE-SU-2026:21040-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609851024.29674.15723088336177721274@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21040-1 Release Date: 2026-04-09T13:20:01Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-318=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_16-debugsource-2-1.1 * kernel-livepatch-6_4_0-39-default-2-1.1 * kernel-livepatch-6_4_0-39-default-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:41:54 -0000 Subject: SUSE-SU-2026:21039-1: important: Security update for glibc Message-ID: <177609851440.29674.10187362683363454692@ea440c8e37cc> # Security update for glibc Announcement ID: SUSE-SU-2026:21039-1 Release Date: 2026-04-09T11:38:10Z Rating: important References: * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-478=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * glibc-devel-debuginfo-2.38-slfo.1.1_7.1 * glibc-devel-2.38-slfo.1.1_7.1 * glibc-locale-2.38-slfo.1.1_7.1 * glibc-locale-base-2.38-slfo.1.1_7.1 * glibc-debugsource-2.38-slfo.1.1_7.1 * glibc-locale-base-debuginfo-2.38-slfo.1.1_7.1 * glibc-debuginfo-2.38-slfo.1.1_7.1 * glibc-2.38-slfo.1.1_7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:41:58 -0000 Subject: SUSE-SU-2026:21038-1: important: Security update for libpng16 Message-ID: <177609851853.29674.16247442351340050750@ea440c8e37cc> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21038-1 Release Date: 2026-04-09T10:48:50Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-479=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libpng16-debugsource-1.6.43-slfo.1.1_4.1 * libpng16-16-1.6.43-slfo.1.1_4.1 * libpng16-16-debuginfo-1.6.43-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:42:07 -0000 Subject: SUSE-SU-2026:21037-1: important: Security update for openssl-3 Message-ID: <177609852755.29674.7976418383420518029@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:21037-1 Release Date: 2026-04-08T15:06:09Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-477=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.1.4-slfo.1.1_9.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-slfo.1.1_9.1 * libopenssl3-3.1.4-slfo.1.1_9.1 * libopenssl-3-devel-3.1.4-slfo.1.1_9.1 * openssl-3-debugsource-3.1.4-slfo.1.1_9.1 * openssl-3-3.1.4-slfo.1.1_9.1 * libopenssl-3-fips-provider-3.1.4-slfo.1.1_9.1 * openssl-3-debuginfo-3.1.4-slfo.1.1_9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:42:10 -0000 Subject: SUSE-SU-2026:21036-1: moderate: Security update for python-requests Message-ID: <177609853027.29674.9553513328414003653@ea440c8e37cc> # Security update for python-requests Announcement ID: SUSE-SU-2026:21036-1 Release Date: 2026-04-08T14:29:25Z Rating: moderate References: * bsc#1260589 Cross-References: * CVE-2026-25645 CVSS scores: * CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issue: * CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-475=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * python311-requests-2.32.4-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25645.html * https://bugzilla.suse.com/show_bug.cgi?id=1260589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:42:13 -0000 Subject: SUSE-SU-2026:21035-1: moderate: Security update for libtpms Message-ID: <177609853323.29674.7475144756058924510@ea440c8e37cc> # Security update for libtpms Announcement ID: SUSE-SU-2026:21035-1 Release Date: 2026-04-08T14:28:15Z Rating: moderate References: * bsc#1244528 Cross-References: * CVE-2025-49133 CVSS scores: * CVE-2025-49133 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for libtpms fixes the following issues: * CVE-2025-49133: out-of-bounds (OOB) access due to HMAC signing issue leads to abort and vTPM DoS (bsc#1244528). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-476=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libtpms0-debuginfo-0.9.6-slfo.1.1_2.1 * libtpms-debugsource-0.9.6-slfo.1.1_2.1 * libtpms0-0.9.6-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49133.html * https://bugzilla.suse.com/show_bug.cgi?id=1244528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:42:30 -0000 Subject: SUSE-SU-2026:21032-1: moderate: Security update for polkit Message-ID: <177609855071.29674.13573400891791938043@ea440c8e37cc> # Security update for polkit Announcement ID: SUSE-SU-2026:21032-1 Release Date: 2026-04-07T11:36:42Z Rating: moderate References: * bsc#1260859 Cross-References: * CVE-2026-4897 CVSS scores: * CVE-2026-4897 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for polkit fixes the following issue: * CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-472=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * polkit-121-slfo.1.1_3.1 * libpolkit-agent-1-0-debuginfo-121-slfo.1.1_3.1 * libpolkit-gobject-1-0-debuginfo-121-slfo.1.1_3.1 * libpolkit-gobject-1-0-121-slfo.1.1_3.1 * polkit-debugsource-121-slfo.1.1_3.1 * libpolkit-agent-1-0-121-slfo.1.1_3.1 * polkit-debuginfo-121-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4897.html * https://bugzilla.suse.com/show_bug.cgi?id=1260859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:42:36 -0000 Subject: SUSE-SU-2026:21031-1: important: Security update for expat Message-ID: <177609855645.29674.8000427932485533394@ea440c8e37cc> # Security update for expat Announcement ID: SUSE-SU-2026:21031-1 Release Date: 2026-04-07T11:08:58Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-471=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-slfo.1.1_5.1 * libexpat1-2.7.1-slfo.1.1_5.1 * libexpat1-debuginfo-2.7.1-slfo.1.1_5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:42:47 -0000 Subject: SUSE-SU-2026:1294-1: important: Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5) Message-ID: <177609856734.29674.16654647390208843974@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1294-1 Release Date: 2026-04-13T09:04:34Z Rating: important References: * bsc#1255235 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.293 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1294=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_293-default-3-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:42:57 -0000 Subject: SUSE-SU-2026:1293-1: important: Security update for the Linux Kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5) Message-ID: <177609857720.29674.73700751641683667@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1293-1 Release Date: 2026-04-13T08:35:44Z Rating: important References: * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.283 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1293=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_283-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:43:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:43:05 -0000 Subject: SUSE-SU-2026:1292-1: important: Security update for python312 Message-ID: <177609858545.29674.16404250696025226896@ea440c8e37cc> # Security update for python312 Announcement ID: SUSE-SU-2026:1292-1 Release Date: 2026-04-13T08:10:53Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1292=1 openSUSE-SLE-15.6-2026-1292=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1292=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1292=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-core-debugsource-3.12.13-150600.3.53.1 * python312-tk-debuginfo-3.12.13-150600.3.53.1 * python312-curses-debuginfo-3.12.13-150600.3.53.1 * python312-tools-3.12.13-150600.3.53.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.53.1 * python312-base-3.12.13-150600.3.53.1 * python312-devel-3.12.13-150600.3.53.1 * python312-dbm-debuginfo-3.12.13-150600.3.53.1 * python312-base-debuginfo-3.12.13-150600.3.53.1 * python312-debugsource-3.12.13-150600.3.53.1 * python312-3.12.13-150600.3.53.1 * python312-debuginfo-3.12.13-150600.3.53.1 * python312-dbm-3.12.13-150600.3.53.1 * python312-doc-3.12.13-150600.3.53.1 * python312-testsuite-3.12.13-150600.3.53.1 * python312-testsuite-debuginfo-3.12.13-150600.3.53.1 * python312-idle-3.12.13-150600.3.53.1 * python312-tk-3.12.13-150600.3.53.1 * python312-doc-devhelp-3.12.13-150600.3.53.1 * python312-curses-3.12.13-150600.3.53.1 * libpython3_12-1_0-3.12.13-150600.3.53.1 * openSUSE Leap 15.6 (x86_64) * python312-32bit-debuginfo-3.12.13-150600.3.53.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.53.1 * python312-32bit-3.12.13-150600.3.53.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.53.1 * libpython3_12-1_0-32bit-3.12.13-150600.3.53.1 * python312-base-32bit-3.12.13-150600.3.53.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpython3_12-1_0-64bit-3.12.13-150600.3.53.1 * python312-base-64bit-3.12.13-150600.3.53.1 * python312-base-64bit-debuginfo-3.12.13-150600.3.53.1 * python312-64bit-debuginfo-3.12.13-150600.3.53.1 * python312-64bit-3.12.13-150600.3.53.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python312-base-debuginfo-3.12.13-150600.3.53.1 * python312-dbm-debuginfo-3.12.13-150600.3.53.1 * python312-curses-debuginfo-3.12.13-150600.3.53.1 * python312-tools-3.12.13-150600.3.53.1 * python312-idle-3.12.13-150600.3.53.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.53.1 * python312-base-3.12.13-150600.3.53.1 * python312-core-debugsource-3.12.13-150600.3.53.1 * python312-tk-3.12.13-150600.3.53.1 * python312-debugsource-3.12.13-150600.3.53.1 * python312-tk-debuginfo-3.12.13-150600.3.53.1 * python312-3.12.13-150600.3.53.1 * python312-dbm-3.12.13-150600.3.53.1 * python312-debuginfo-3.12.13-150600.3.53.1 * python312-devel-3.12.13-150600.3.53.1 * python312-curses-3.12.13-150600.3.53.1 * libpython3_12-1_0-3.12.13-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python312-base-debuginfo-3.12.13-150600.3.53.1 * python312-dbm-debuginfo-3.12.13-150600.3.53.1 * python312-curses-debuginfo-3.12.13-150600.3.53.1 * python312-tools-3.12.13-150600.3.53.1 * python312-idle-3.12.13-150600.3.53.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.53.1 * python312-base-3.12.13-150600.3.53.1 * python312-core-debugsource-3.12.13-150600.3.53.1 * python312-tk-3.12.13-150600.3.53.1 * python312-debugsource-3.12.13-150600.3.53.1 * python312-tk-debuginfo-3.12.13-150600.3.53.1 * python312-3.12.13-150600.3.53.1 * python312-dbm-3.12.13-150600.3.53.1 * python312-debuginfo-3.12.13-150600.3.53.1 * python312-devel-3.12.13-150600.3.53.1 * python312-curses-3.12.13-150600.3.53.1 * libpython3_12-1_0-3.12.13-150600.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:43:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:43:15 -0000 Subject: SUSE-SU-2026:1291-1: important: Security update for openssl-1_0_0 Message-ID: <177609859515.29674.11024132658668575761@ea440c8e37cc> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2026:1291-1 Release Date: 2026-04-13T08:10:19Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Legacy Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1291=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1291=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1291=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1291=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1291=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1291=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1291=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1291=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1291=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1291=1 ## Package List: * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-steam-1.0.2p-150000.3.105.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.105.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.105.1 * libopenssl1_0_0-1.0.2p-150000.3.105.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openSUSE Leap 15.6 (x86_64) * libopenssl1_0_0-32bit-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.105.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.105.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.105.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.105.1 * openSUSE Leap 15.6 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.105.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:43:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 16:43:30 -0000 Subject: SUSE-SU-2026:1290-1: important: Security update for openssl-1_1 Message-ID: <177609861034.29674.7263042477106649311@ea440c8e37cc> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1290-1 Release Date: 2026-04-13T08:08:55Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1290=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1290=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1290=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1290=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1290=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1290=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.51.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-64bit-1.1.1l-150500.17.51.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 20:30:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 20:30:15 -0000 Subject: SUSE-SU-2026:1298-1: important: Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5) Message-ID: <177611221570.2784.7865063041917610884@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1298-1 Release Date: 2026-04-13T15:04:44Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1298=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_272-default-8-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 20:30:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 20:30:20 -0000 Subject: SUSE-SU-2026:1300-1: important: Security update for GraphicsMagick Message-ID: <177611222014.2784.6992093587089147352@7334c935c7bb> # Security update for GraphicsMagick Announcement ID: SUSE-SU-2026:1300-1 Release Date: 2026-04-13T15:58:01Z Rating: important References: * bsc#1258765 * bsc#1259456 Cross-References: * CVE-2026-26284 * CVE-2026-28690 CVSS scores: * CVE-2026-26284 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-26284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-26284 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-26284 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for GraphicsMagick fixes the following issues: * CVE-2026-26284: heap overflow in pcd decoder leads to out of bounds read (bsc#1258765). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1300=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1300=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * GraphicsMagick-devel-1.3.42-150600.3.18.1 * libGraphicsMagick++-devel-1.3.42-150600.3.18.1 * libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick++-Q16-12-1.3.42-150600.3.18.1 * GraphicsMagick-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.18.1 * perl-GraphicsMagick-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick3-config-1.3.42-150600.3.18.1 * GraphicsMagick-1.3.42-150600.3.18.1 * perl-GraphicsMagick-1.3.42-150600.3.18.1 * GraphicsMagick-debugsource-1.3.42-150600.3.18.1 * libGraphicsMagickWand-Q16-2-1.3.42-150600.3.18.1 * libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick-Q16-3-1.3.42-150600.3.18.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * GraphicsMagick-devel-1.3.42-150600.3.18.1 * libGraphicsMagick++-devel-1.3.42-150600.3.18.1 * libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick++-Q16-12-1.3.42-150600.3.18.1 * GraphicsMagick-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.18.1 * perl-GraphicsMagick-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick3-config-1.3.42-150600.3.18.1 * GraphicsMagick-1.3.42-150600.3.18.1 * perl-GraphicsMagick-1.3.42-150600.3.18.1 * GraphicsMagick-debugsource-1.3.42-150600.3.18.1 * libGraphicsMagickWand-Q16-2-1.3.42-150600.3.18.1 * libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick-Q16-3-1.3.42-150600.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26284.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://bugzilla.suse.com/show_bug.cgi?id=1258765 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 20:30:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 13 Apr 2026 20:30:34 -0000 Subject: SUSE-SU-2026:1299-1: important: Security update for nodejs24 Message-ID: <177611223479.2784.1182551512941510325@7334c935c7bb> # Security update for nodejs24 Announcement ID: SUSE-SU-2026:1299-1 Release Date: 2026-04-13T15:54:46Z Rating: important References: * bsc#1256572 * bsc#1256576 * bsc#1260455 * bsc#1260460 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2025-59464 * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21712 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2025-59464 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-59464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-59464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59464 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21712 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21712 ( NVD ): 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves nine vulnerabilities can now be installed. ## Description: This update for nodejs24 fixes the following issues: * Update to 24.14.1 * CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service (bsc#1256576). * CVE-2026-21710: uncaught TypeError exception can cause a denial of service (bsc#1260455). * CVE-2026-21712: malformed URL format can lead to a crash (bsc#1260460). * CVE-2026-21713: timing side-channel in HMAC verification via memcmp can lead to potential MAC forgery (bsc#1260463). * CVE-2026-21714: WINDOW_UPDATE frames on stream 0 can lead to memory leak (bsc#1260480). * CVE-2026-21715: permission model bypass in realpathSync.native can allow file existence disclosure (bsc#1260482). * CVE-2026-21716: promise-based FileHandle methods can be used to modify file permissions and ownership (bsc#1260462). * CVE-2026-21717: crafted request can lead to trivially predictable hash collisions (bsc#1260494). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1299=1 ## Package List: * Web and Scripting Module 15-SP7 (aarch64 ppc64le s390x x86_64) * npm24-24.14.1-150700.15.8.1 * nodejs24-debuginfo-24.14.1-150700.15.8.1 * nodejs24-24.14.1-150700.15.8.1 * nodejs24-debugsource-24.14.1-150700.15.8.1 * nodejs24-devel-24.14.1-150700.15.8.1 * Web and Scripting Module 15-SP7 (noarch) * nodejs24-docs-24.14.1-150700.15.8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59464.html * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21712.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256572 * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260460 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 08:30:18 -0000 Subject: SUSE-SU-2026:1305-1: important: Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5) Message-ID: <177615541822.31304.15594867362919546389@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1305-1 Release Date: 2026-04-13T18:34:02Z Rating: important References: * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.290 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1305=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_290-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 08:30:31 -0000 Subject: SUSE-SU-2026:1304-1: important: Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5) Message-ID: <177615543131.31304.13166729745625764355@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1304-1 Release Date: 2026-04-13T16:04:42Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1304=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_275-default-6-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 08:30:35 -0000 Subject: SUSE-SU-2026:1303-1: important: Security update for tigervnc Message-ID: <177615543528.31304.17551088111300190089@c2c2e0ac4d9f> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1303-1 Release Date: 2026-04-13T16:03:04Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1303=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1303=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1303=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1303=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1303=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * openSUSE Leap 15.4 (noarch) * tigervnc-x11vnc-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-java-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64 i586) * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 08:30:38 -0000 Subject: SUSE-SU-2026:1302-1: important: Security update for tigervnc Message-ID: <177615543891.31304.5644305157764627368@c2c2e0ac4d9f> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1302-1 Release Date: 2026-04-13T16:02:17Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1302=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1302=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1302=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1302=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1302=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (noarch) * xorg-x11-Xvnc-java-1.12.0-150500.4.3.1 * tigervnc-x11vnc-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 08:30:42 -0000 Subject: SUSE-SU-2026:1301-1: important: Security update for tigervnc Message-ID: <177615544234.31304.15627575220450478911@c2c2e0ac4d9f> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1301-1 Release Date: 2026-04-13T16:01:26Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1301=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1301=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * tigervnc-1.6.0-22.23.1 * libXvnc1-1.6.0-22.23.1 * xorg-x11-Xvnc-debuginfo-1.6.0-22.23.1 * tigervnc-debuginfo-1.6.0-22.23.1 * libXvnc1-debuginfo-1.6.0-22.23.1 * tigervnc-debugsource-1.6.0-22.23.1 * xorg-x11-Xvnc-1.6.0-22.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * tigervnc-1.6.0-22.23.1 * libXvnc1-1.6.0-22.23.1 * xorg-x11-Xvnc-debuginfo-1.6.0-22.23.1 * tigervnc-debuginfo-1.6.0-22.23.1 * libXvnc1-debuginfo-1.6.0-22.23.1 * tigervnc-debugsource-1.6.0-22.23.1 * xorg-x11-Xvnc-1.6.0-22.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 12:30:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 12:30:06 -0000 Subject: SUSE-SU-2026:1306-1: moderate: Security update for openvswitch Message-ID: <177616980662.74.13301910473167642064@7d0c564dccbc> # Security update for openvswitch Announcement ID: SUSE-SU-2026:1306-1 Release Date: 2026-04-13T20:02:56Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler (bsc#1261273). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1306=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * ovn-debuginfo-23.03.3-150600.33.12.1 * ovn-vtep-debuginfo-23.03.3-150600.33.12.1 * libovn-23_03-0-debuginfo-23.03.3-150600.33.12.1 * openvswitch-test-debuginfo-3.1.7-150600.33.12.1 * openvswitch-devel-3.1.7-150600.33.12.1 * openvswitch-debugsource-3.1.7-150600.33.12.1 * openvswitch-vtep-debuginfo-3.1.7-150600.33.12.1 * openvswitch-vtep-3.1.7-150600.33.12.1 * libopenvswitch-3_1-0-3.1.7-150600.33.12.1 * libovn-23_03-0-23.03.3-150600.33.12.1 * ovn-devel-23.03.3-150600.33.12.1 * python3-ovs-3.1.7-150600.33.12.1 * ovn-central-debuginfo-23.03.3-150600.33.12.1 * ovn-23.03.3-150600.33.12.1 * openvswitch-ipsec-3.1.7-150600.33.12.1 * openvswitch-test-3.1.7-150600.33.12.1 * ovn-central-23.03.3-150600.33.12.1 * openvswitch-pki-3.1.7-150600.33.12.1 * openvswitch-3.1.7-150600.33.12.1 * ovn-host-debuginfo-23.03.3-150600.33.12.1 * libopenvswitch-3_1-0-debuginfo-3.1.7-150600.33.12.1 * openvswitch-debuginfo-3.1.7-150600.33.12.1 * ovn-host-23.03.3-150600.33.12.1 * ovn-vtep-23.03.3-150600.33.12.1 * ovn-docker-23.03.3-150600.33.12.1 * openSUSE Leap 15.6 (noarch) * openvswitch-doc-3.1.7-150600.33.12.1 * ovn-doc-23.03.3-150600.33.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:30:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 16:30:49 -0000 Subject: SUSE-SU-2026:21092-1: important: Security update 5.1.2 for Multi-Linux Manager Client Tools and Salt Bundle Message-ID: <177618424910.121.17275688629074587760@5d6d53449fb2> # Security update 5.1.2 for Multi-Linux Manager Client Tools and Salt Bundle Announcement ID: SUSE-SU-2026:21092-1 Release Date: 2026-03-05T16:40:22Z Rating: important References: * bsc#1227579 * bsc#1247644 * bsc#1247721 * bsc#1248848 * bsc#1249400 * bsc#1249532 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1251995 * bsc#1253174 * bsc#1253282 * bsc#1253347 * bsc#1253659 * bsc#1253738 * bsc#1253966 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 Cross-References: * CVE-2024-52804 * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2024-52804 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-52804 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-52804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 16 An update that solves four vulnerabilities and has 19 fixes can now be installed. ## Description: This update fixes the following issues: Changes in spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions Changes in supportutils-plugin-susemanager-client: * Version 5.1.5-0 * Non-customer-facing optimization and update Changes in supportutils-plugin-salt: * New package Changes in uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27 (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the begining of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) * Version 5.1.23-0 * Update the default tag Changes in venv-salt-minion: * Backported security patches for Salt vendored tornado: * CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 16 zypper in -t patch Multi-Linux-ManagerTools-SLE-16-2=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 16 (noarch) * supportutils-plugin-susemanager-client-5.1.5-160002.1.1 * mgrctl-zsh-completion-5.1.24-160002.1.1 * spacecmd-5.1.12-160002.1.1 * mgrctl-bash-completion-5.1.24-160002.1.1 * mgrctl-lang-5.1.24-160002.1.1 * supportutils-plugin-salt-1.2.3-160002.1.1 * SUSE Multi-Linux Manager Client Tools for SLE 16 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-160002.4.1 * mgrctl-5.1.24-160002.1.1 * mgrctl-debuginfo-5.1.24-160002.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-52804.html * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:30:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 16:30:54 -0000 Subject: SUSE-SU-2026:1314-1: important: Security update for ignition Message-ID: <177618425450.121.12503883874712376691@5d6d53449fb2> # Security update for ignition Announcement ID: SUSE-SU-2026:1314-1 Release Date: 2026-04-14T11:07:17Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * HPC Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 `:path` pseudo-header (bsc#1260251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1314=1 * HPC Module 15-SP7 zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2026-1314=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1314=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1314=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ignition-dracut-grub2-2.14.0-150400.9.15.1 * ignition-2.14.0-150400.9.15.1 * ignition-debuginfo-2.14.0-150400.9.15.1 * HPC Module 15-SP7 (aarch64 x86_64) * ignition-dracut-grub2-2.14.0-150400.9.15.1 * ignition-2.14.0-150400.9.15.1 * ignition-debuginfo-2.14.0-150400.9.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64) * ignition-dracut-grub2-2.14.0-150400.9.15.1 * ignition-2.14.0-150400.9.15.1 * ignition-debuginfo-2.14.0-150400.9.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * ignition-dracut-grub2-2.14.0-150400.9.15.1 * ignition-2.14.0-150400.9.15.1 * ignition-debuginfo-2.14.0-150400.9.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:30:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 16:30:58 -0000 Subject: SUSE-SU-2026:1313-1: important: Security update for freerdp2 Message-ID: <177618425808.121.18428911379891480055@5d6d53449fb2> # Security update for freerdp2 Announcement ID: SUSE-SU-2026:1313-1 Release Date: 2026-04-14T10:47:32Z Rating: important References: * bsc#1257991 Cross-References: * CVE-2026-24684 CVSS scores: * CVE-2026-24684 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24684 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24684 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-24684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for freerdp2 fixes the following issues: * Fix the CVE-2026-24684 patch, as the previous version wrongly deleted a check for an error condition (bsc#1257991). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1313=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1313=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * winpr2-devel-2.11.7-150700.3.17.1 * freerdp2-debuginfo-2.11.7-150700.3.17.1 * freerdp2-debugsource-2.11.7-150700.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libfreerdp2-2-debuginfo-2.11.7-150700.3.17.1 * libwinpr2-2-2.11.7-150700.3.17.1 * freerdp2-proxy-debuginfo-2.11.7-150700.3.17.1 * freerdp2-2.11.7-150700.3.17.1 * freerdp2-debuginfo-2.11.7-150700.3.17.1 * freerdp2-server-2.11.7-150700.3.17.1 * libfreerdp2-2-2.11.7-150700.3.17.1 * freerdp2-server-debuginfo-2.11.7-150700.3.17.1 * winpr2-devel-2.11.7-150700.3.17.1 * libwinpr2-2-debuginfo-2.11.7-150700.3.17.1 * freerdp2-debugsource-2.11.7-150700.3.17.1 * freerdp2-devel-2.11.7-150700.3.17.1 * freerdp2-proxy-2.11.7-150700.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24684.html * https://bugzilla.suse.com/show_bug.cgi?id=1257991 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 16:31:01 -0000 Subject: SUSE-SU-2026:1312-1: important: Security update for bind Message-ID: <177618426113.121.17740798689741051459@5d6d53449fb2> # Security update for bind Announcement ID: SUSE-SU-2026:1312-1 Release Date: 2026-04-14T10:46:38Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1312=1 openSUSE-SLE-15.6-2026-1312=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1312=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1312=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * bind-debugsource-9.18.33-150600.3.21.1 * bind-utils-9.18.33-150600.3.21.1 * bind-utils-debuginfo-9.18.33-150600.3.21.1 * bind-9.18.33-150600.3.21.1 * bind-debuginfo-9.18.33-150600.3.21.1 * openSUSE Leap 15.6 (noarch) * bind-doc-9.18.33-150600.3.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * bind-debugsource-9.18.33-150600.3.21.1 * bind-utils-9.18.33-150600.3.21.1 * bind-utils-debuginfo-9.18.33-150600.3.21.1 * bind-9.18.33-150600.3.21.1 * bind-debuginfo-9.18.33-150600.3.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * bind-doc-9.18.33-150600.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * bind-debugsource-9.18.33-150600.3.21.1 * bind-utils-9.18.33-150600.3.21.1 * bind-utils-debuginfo-9.18.33-150600.3.21.1 * bind-9.18.33-150600.3.21.1 * bind-debuginfo-9.18.33-150600.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * bind-doc-9.18.33-150600.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 16:31:04 -0000 Subject: SUSE-SU-2026:1311-1: important: Security update for libpng16 Message-ID: <177618426414.121.1640623350764558805@5d6d53449fb2> # Security update for libpng16 Announcement ID: SUSE-SU-2026:1311-1 Release Date: 2026-04-14T10:44:55Z Rating: important References: * bsc#1260754 Cross-References: * CVE-2026-33416 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issue: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1311=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1311=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng16-compat-devel-1.6.8-15.21.1 * libpng16-16-debuginfo-1.6.8-15.21.1 * libpng16-devel-1.6.8-15.21.1 * libpng16-debugsource-1.6.8-15.21.1 * libpng16-16-1.6.8-15.21.1 * libpng16-16-32bit-1.6.8-15.21.1 * libpng16-16-debuginfo-32bit-1.6.8-15.21.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.8-15.21.1 * libpng16-16-debuginfo-1.6.8-15.21.1 * libpng16-devel-1.6.8-15.21.1 * libpng16-debugsource-1.6.8-15.21.1 * libpng16-16-1.6.8-15.21.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpng16-16-32bit-1.6.8-15.21.1 * libpng16-16-debuginfo-32bit-1.6.8-15.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 16:31:07 -0000 Subject: SUSE-SU-2026:1310-1: moderate: Security update for libssh Message-ID: <177618426794.121.7028233160645506102@5d6d53449fb2> # Security update for libssh Announcement ID: SUSE-SU-2026:1310-1 Release Date: 2026-04-14T10:42:17Z Rating: moderate References: * bsc#1259377 Cross-References: * CVE-2026-3731 CVSS scores: * CVE-2026-3731 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3731 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3731 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3731 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3731 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libssh fixes the following issues: * CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1310=1 openSUSE-SLE-15.6-2026-1310=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1310=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libssh4-0.9.8-150600.11.12.1 * libssh-debugsource-0.9.8-150600.11.12.1 * libssh-devel-0.9.8-150600.11.12.1 * libssh4-debuginfo-0.9.8-150600.11.12.1 * libssh-config-0.9.8-150600.11.12.1 * openSUSE Leap 15.6 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150600.11.12.1 * libssh4-32bit-0.9.8-150600.11.12.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libssh4-64bit-0.9.8-150600.11.12.1 * libssh4-64bit-debuginfo-0.9.8-150600.11.12.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libssh4-0.9.8-150600.11.12.1 * libssh-debugsource-0.9.8-150600.11.12.1 * libssh-devel-0.9.8-150600.11.12.1 * libssh4-debuginfo-0.9.8-150600.11.12.1 * libssh-config-0.9.8-150600.11.12.1 * Basesystem Module 15-SP7 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150600.11.12.1 * libssh4-32bit-0.9.8-150600.11.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3731.html * https://bugzilla.suse.com/show_bug.cgi?id=1259377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 16:31:11 -0000 Subject: SUSE-SU-2026:1309-1: important: Security update for sudo Message-ID: <177618427108.121.18004170790376511787@5d6d53449fb2> # Security update for sudo Announcement ID: SUSE-SU-2026:1309-1 Release Date: 2026-04-14T10:39:43Z Rating: important References: * bsc#1261420 Cross-References: * CVE-2026-35535 CVSS scores: * CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for sudo fixes the following issue: * CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1309=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1309=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1309=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1309=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1309=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1309=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1309=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1309=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1309=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-test-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sudo-1.9.9-150400.4.42.1 * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sudo-1.9.9-150400.4.42.1 * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sudo-1.9.9-150400.4.42.1 * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sudo-1.9.9-150400.4.42.1 * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35535.html * https://bugzilla.suse.com/show_bug.cgi?id=1261420 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 16:31:17 -0000 Subject: SUSE-SU-2026:1307-1: important: Security update for strongswan Message-ID: <177618427763.121.13406527448363470790@5d6d53449fb2> # Security update for strongswan Announcement ID: SUSE-SU-2026:1307-1 Release Date: 2026-04-14T10:35:45Z Rating: important References: * bsc#1259472 Cross-References: * CVE-2026-25075 CVSS scores: * CVE-2026-25075 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25075 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25075 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25075 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issue: * CVE-2026-25075: integer underflow when handling EAP-TTLS AVP (bsc#1259472). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1307=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1307=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * strongswan-libs0-debuginfo-5.1.3-26.32.1 * strongswan-5.1.3-26.32.1 * strongswan-libs0-5.1.3-26.32.1 * strongswan-debugsource-5.1.3-26.32.1 * strongswan-hmac-5.1.3-26.32.1 * strongswan-ipsec-debuginfo-5.1.3-26.32.1 * strongswan-ipsec-5.1.3-26.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * strongswan-doc-5.1.3-26.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * strongswan-libs0-debuginfo-5.1.3-26.32.1 * strongswan-5.1.3-26.32.1 * strongswan-libs0-5.1.3-26.32.1 * strongswan-debugsource-5.1.3-26.32.1 * strongswan-hmac-5.1.3-26.32.1 * strongswan-ipsec-debuginfo-5.1.3-26.32.1 * strongswan-ipsec-5.1.3-26.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * strongswan-doc-5.1.3-26.32.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25075.html * https://bugzilla.suse.com/show_bug.cgi?id=1259472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 16:31:14 -0000 Subject: SUSE-SU-2026:1308-1: important: Security update for sudo Message-ID: <177618427430.121.9908259827424395656@5d6d53449fb2> # Security update for sudo Announcement ID: SUSE-SU-2026:1308-1 Release Date: 2026-04-14T10:38:02Z Rating: important References: * bsc#1261420 Cross-References: * CVE-2026-35535 CVSS scores: * CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for sudo fixes the following issue: * CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1308=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1308=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1308=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1308=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1308=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1308=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-test-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * sudo-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35535.html * https://bugzilla.suse.com/show_bug.cgi?id=1261420 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 20:30:11 -0000 Subject: SUSE-SU-2026:1325-1: moderate: Security update for clamav Message-ID: <177619861191.321.11692884272015501194@5d6d53449fb2> # Security update for clamav Announcement ID: SUSE-SU-2026:1325-1 Release Date: 2026-04-14T13:15:54Z Rating: moderate References: * bsc#1221954 * bsc#1258072 * bsc#1259207 * jsc#PED-14819 Cross-References: * CVE-2026-20031 CVSS scores: * CVE-2026-20031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-20031 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-20031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: * CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file (bsc#1259207). Non security issue: * Support transactional updates (jsc#PED-14819). Changelog: * Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. * The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. * Freshclam: Fix CLD verification bug with PrivateMirror option. * Upgraded the Rust bytes dependency to a newer version to resolve RUSTSEC-2026-0007 advisory. * Fixed a possible crash caused by invalid pointer alignment on some platforms. * Minimal required Rust version is now 1.87. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1325=1 openSUSE-SLE-15.6-2026-1325=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1325=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1325=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1325=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libclamav12-1.5.2-150600.18.25.1 * clamav-debuginfo-1.5.2-150600.18.25.1 * clamav-1.5.2-150600.18.25.1 * clamav-milter-debuginfo-1.5.2-150600.18.25.1 * libclamav12-debuginfo-1.5.2-150600.18.25.1 * clamav-devel-1.5.2-150600.18.25.1 * libclammspack0-debuginfo-1.5.2-150600.18.25.1 * libclammspack0-1.5.2-150600.18.25.1 * clamav-debugsource-1.5.2-150600.18.25.1 * clamav-milter-1.5.2-150600.18.25.1 * libfreshclam4-1.5.2-150600.18.25.1 * libfreshclam4-debuginfo-1.5.2-150600.18.25.1 * openSUSE Leap 15.6 (noarch) * clamav-docs-html-1.5.2-150600.18.25.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libclamav12-1.5.2-150600.18.25.1 * clamav-debuginfo-1.5.2-150600.18.25.1 * clamav-1.5.2-150600.18.25.1 * clamav-milter-debuginfo-1.5.2-150600.18.25.1 * libclamav12-debuginfo-1.5.2-150600.18.25.1 * clamav-devel-1.5.2-150600.18.25.1 * libclammspack0-debuginfo-1.5.2-150600.18.25.1 * libclammspack0-1.5.2-150600.18.25.1 * clamav-debugsource-1.5.2-150600.18.25.1 * clamav-milter-1.5.2-150600.18.25.1 * libfreshclam4-1.5.2-150600.18.25.1 * libfreshclam4-debuginfo-1.5.2-150600.18.25.1 * Basesystem Module 15-SP7 (noarch) * clamav-docs-html-1.5.2-150600.18.25.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libclamav12-1.5.2-150600.18.25.1 * clamav-debuginfo-1.5.2-150600.18.25.1 * clamav-1.5.2-150600.18.25.1 * clamav-milter-debuginfo-1.5.2-150600.18.25.1 * libclamav12-debuginfo-1.5.2-150600.18.25.1 * clamav-devel-1.5.2-150600.18.25.1 * libclammspack0-debuginfo-1.5.2-150600.18.25.1 * libclammspack0-1.5.2-150600.18.25.1 * clamav-debugsource-1.5.2-150600.18.25.1 * clamav-milter-1.5.2-150600.18.25.1 * libfreshclam4-1.5.2-150600.18.25.1 * libfreshclam4-debuginfo-1.5.2-150600.18.25.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * clamav-docs-html-1.5.2-150600.18.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libclamav12-1.5.2-150600.18.25.1 * clamav-debuginfo-1.5.2-150600.18.25.1 * clamav-1.5.2-150600.18.25.1 * clamav-milter-debuginfo-1.5.2-150600.18.25.1 * libclamav12-debuginfo-1.5.2-150600.18.25.1 * clamav-devel-1.5.2-150600.18.25.1 * libclammspack0-debuginfo-1.5.2-150600.18.25.1 * libclammspack0-1.5.2-150600.18.25.1 * clamav-debugsource-1.5.2-150600.18.25.1 * clamav-milter-1.5.2-150600.18.25.1 * libfreshclam4-1.5.2-150600.18.25.1 * libfreshclam4-debuginfo-1.5.2-150600.18.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * clamav-docs-html-1.5.2-150600.18.25.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20031.html * https://bugzilla.suse.com/show_bug.cgi?id=1221954 * https://bugzilla.suse.com/show_bug.cgi?id=1258072 * https://bugzilla.suse.com/show_bug.cgi?id=1259207 * https://jira.suse.com/browse/PED-14819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 20:30:18 -0000 Subject: SUSE-SU-2026:1324-1: moderate: Security update for clamav Message-ID: <177619861818.321.7029408966607038579@5d6d53449fb2> # Security update for clamav Announcement ID: SUSE-SU-2026:1324-1 Release Date: 2026-04-14T13:15:34Z Rating: moderate References: * bsc#1221954 * bsc#1258072 * bsc#1259207 * jsc#PED-14819 Cross-References: * CVE-2026-20031 CVSS scores: * CVE-2026-20031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-20031 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-20031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update for clamav fixes the following issues: Update to clamav 1.5.2: * CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file (bsc#1259207). Non security issue: * Support transactional updates (jsc#PED-14819). * Require main and library packages to be of the same version and release (bsc#1258072). Changelog: * Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. * The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. * Freshclam: Fix CLD verification bug with PrivateMirror option. * Upgraded the Rust bytes dependency to a newer version to resolve RUSTSEC-2026-0007 advisory. * Fixed a possible crash caused by invalid pointer alignment on some platforms. * Minimal required Rust version is now 1.87. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1324=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1324=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * clamav-debuginfo-1.5.2-3.53.1 * clamav-milter-1.5.2-3.53.1 * libclammspack0-1.5.2-3.53.1 * clamav-1.5.2-3.53.1 * clamav-debugsource-1.5.2-3.53.1 * libfreshclam4-1.5.2-3.53.1 * libclamav12-debuginfo-1.5.2-3.53.1 * libfreshclam4-debuginfo-1.5.2-3.53.1 * libclamav12-1.5.2-3.53.1 * libclammspack0-debuginfo-1.5.2-3.53.1 * clamav-devel-1.5.2-3.53.1 * clamav-milter-debuginfo-1.5.2-3.53.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * clamav-docs-html-1.5.2-3.53.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * clamav-debuginfo-1.5.2-3.53.1 * clamav-milter-1.5.2-3.53.1 * libclammspack0-1.5.2-3.53.1 * clamav-1.5.2-3.53.1 * clamav-debugsource-1.5.2-3.53.1 * libfreshclam4-1.5.2-3.53.1 * libclamav12-debuginfo-1.5.2-3.53.1 * libfreshclam4-debuginfo-1.5.2-3.53.1 * libclamav12-1.5.2-3.53.1 * libclammspack0-debuginfo-1.5.2-3.53.1 * clamav-devel-1.5.2-3.53.1 * clamav-milter-debuginfo-1.5.2-3.53.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * clamav-docs-html-1.5.2-3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20031.html * https://bugzilla.suse.com/show_bug.cgi?id=1221954 * https://bugzilla.suse.com/show_bug.cgi?id=1258072 * https://bugzilla.suse.com/show_bug.cgi?id=1259207 * https://jira.suse.com/browse/PED-14819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 20:30:21 -0000 Subject: SUSE-SU-2026:1323-1: important: Security update for libpng16 Message-ID: <177619862160.321.504744974756660390@5d6d53449fb2> # Security update for libpng16 Announcement ID: SUSE-SU-2026:1323-1 Release Date: 2026-04-14T13:12:33Z Rating: important References: * bsc#1260754 Cross-References: * CVE-2026-33416 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1323=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1323=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1323=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1323=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1323=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1323=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1323=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1323=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1323=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1323=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1323=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1323=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1323=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1323=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1323=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 20:30:24 -0000 Subject: SUSE-SU-2026:1322-1: important: Security update for MozillaFirefox Message-ID: <177619862468.321.1027435012280447005@5d6d53449fb2> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:1322-1 Release Date: 2026-04-14T12:42:13Z Rating: important References: * bsc#1261663 * jsc#PED-15778 Cross-References: * CVE-2026-5731 * CVE-2026-5732 * CVE-2026-5734 CVSS scores: * CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5731 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5732 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Update to 149.0.2 and 140.9.1esr (bsc#1261663). * CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1322=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1322=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1322=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1322=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1322=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1322=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1322=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1322=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1322=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1322=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1322=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * Desktop Applications Module 15-SP7 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5731.html * https://www.suse.com/security/cve/CVE-2026-5732.html * https://www.suse.com/security/cve/CVE-2026-5734.html * https://bugzilla.suse.com/show_bug.cgi?id=1261663 * https://jira.suse.com/browse/PED-15778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 20:30:40 -0000 Subject: SUSE-SU-2026:1321-1: important: Security update for go1.25 Message-ID: <177619864046.321.13266474093699799742@5d6d53449fb2> # Security update for go1.25 Announcement ID: SUSE-SU-2026:1321-1 Release Date: 2026-04-14T12:40:54Z Rating: important References: * bsc#1244485 * bsc#1261653 * bsc#1261654 * bsc#1261655 * bsc#1261656 * bsc#1261657 * bsc#1261658 * bsc#1261659 * bsc#1261660 * bsc#1261661 Cross-References: * CVE-2026-27140 * CVE-2026-27143 * CVE-2026-27144 * CVE-2026-32280 * CVE-2026-32281 * CVE-2026-32282 * CVE-2026-32283 * CVE-2026-32288 * CVE-2026-32289 CVSS scores: * CVE-2026-27140 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32280 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves nine vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.25 fixes the following issues: * Update to go1.25.9 (bsc#1244485). * CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). * CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). * CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). * CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). * CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). * CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). * CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1321=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1321=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1321=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1321=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1321=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1321=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1321=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1321=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1321=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1321=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1321=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27140.html * https://www.suse.com/security/cve/CVE-2026-27143.html * https://www.suse.com/security/cve/CVE-2026-27144.html * https://www.suse.com/security/cve/CVE-2026-32280.html * https://www.suse.com/security/cve/CVE-2026-32281.html * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32283.html * https://www.suse.com/security/cve/CVE-2026-32288.html * https://www.suse.com/security/cve/CVE-2026-32289.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1261653 * https://bugzilla.suse.com/show_bug.cgi?id=1261654 * https://bugzilla.suse.com/show_bug.cgi?id=1261655 * https://bugzilla.suse.com/show_bug.cgi?id=1261656 * https://bugzilla.suse.com/show_bug.cgi?id=1261657 * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1261659 * https://bugzilla.suse.com/show_bug.cgi?id=1261660 * https://bugzilla.suse.com/show_bug.cgi?id=1261661 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 14 Apr 2026 20:30:58 -0000 Subject: SUSE-SU-2026:1320-1: important: Security update for go1.26 Message-ID: <177619865818.321.12272122608942067567@5d6d53449fb2> # Security update for go1.26 Announcement ID: SUSE-SU-2026:1320-1 Release Date: 2026-04-14T12:39:44Z Rating: important References: * bsc#1255111 * bsc#1261653 * bsc#1261654 * bsc#1261655 * bsc#1261656 * bsc#1261657 * bsc#1261658 * bsc#1261659 * bsc#1261660 * bsc#1261661 * bsc#1261662 Cross-References: * CVE-2026-27140 * CVE-2026-27143 * CVE-2026-27144 * CVE-2026-32280 * CVE-2026-32281 * CVE-2026-32282 * CVE-2026-32283 * CVE-2026-32288 * CVE-2026-32289 * CVE-2026-33810 CVSS scores: * CVE-2026-27140 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32280 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-33810 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 10 vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.26 fixes the following issues: * Update to go1.26.2 (bsc#1255111). * CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). * CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). * CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). * CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). * CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). * CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). * CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). * CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains (bsc#1261662). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1320=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1320=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1320=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1320=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1320=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1320=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1320=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1320=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1320=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1320=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1320=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27140.html * https://www.suse.com/security/cve/CVE-2026-27143.html * https://www.suse.com/security/cve/CVE-2026-27144.html * https://www.suse.com/security/cve/CVE-2026-32280.html * https://www.suse.com/security/cve/CVE-2026-32281.html * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32283.html * https://www.suse.com/security/cve/CVE-2026-32288.html * https://www.suse.com/security/cve/CVE-2026-32289.html * https://www.suse.com/security/cve/CVE-2026-33810.html * https://bugzilla.suse.com/show_bug.cgi?id=1255111 * https://bugzilla.suse.com/show_bug.cgi?id=1261653 * https://bugzilla.suse.com/show_bug.cgi?id=1261654 * https://bugzilla.suse.com/show_bug.cgi?id=1261655 * https://bugzilla.suse.com/show_bug.cgi?id=1261656 * https://bugzilla.suse.com/show_bug.cgi?id=1261657 * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1261659 * https://bugzilla.suse.com/show_bug.cgi?id=1261660 * https://bugzilla.suse.com/show_bug.cgi?id=1261661 * https://bugzilla.suse.com/show_bug.cgi?id=1261662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 08:30:16 -0000 Subject: SUSE-SU-2026:1335-1: important: Security update for xorg-x11-server Message-ID: <177624181608.1114.487357657454327681@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1335-1 Release Date: 2026-04-14T17:28:43Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1335=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1335=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1335=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1335=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1335=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-source-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 08:30:25 -0000 Subject: SUSE-SU-2026:1333-1: important: Security update for xorg-x11-server Message-ID: <177624182588.1114.15054558372883355589@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1333-1 Release Date: 2026-04-14T17:19:03Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1333=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1333=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1333=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1333=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1333=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-source-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 08:30:35 -0000 Subject: SUSE-SU-2026:1332-1: important: Security update for xorg-x11-server Message-ID: <177624183501.1114.7056180070037281387@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1332-1 Release Date: 2026-04-14T17:15:09Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1332=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1332=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-1.19.6-10.99.1 * xorg-x11-server-debuginfo-1.19.6-10.99.1 * xorg-x11-server-1.19.6-10.99.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.99.1 * xorg-x11-server-debugsource-1.19.6-10.99.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * xorg-x11-server-extra-1.19.6-10.99.1 * xorg-x11-server-debuginfo-1.19.6-10.99.1 * xorg-x11-server-1.19.6-10.99.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.99.1 * xorg-x11-server-debugsource-1.19.6-10.99.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 08:30:44 -0000 Subject: SUSE-SU-2026:1331-1: important: Security update for xorg-x11-server Message-ID: <177624184440.1114.11948200456058547764@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1331-1 Release Date: 2026-04-14T17:11:42Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1331=1 openSUSE-SLE-15.6-2026-1331=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1331=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1331=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-sdk-21.1.11-150600.5.25.1 * xorg-x11-server-source-21.1.11-150600.5.25.1 * xorg-x11-server-21.1.11-150600.5.25.1 * xorg-x11-server-debugsource-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-extra-21.1.11-150600.5.25.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.25.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-sdk-21.1.11-150600.5.25.1 * xorg-x11-server-21.1.11-150600.5.25.1 * xorg-x11-server-debugsource-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-extra-21.1.11-150600.5.25.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * xorg-x11-server-sdk-21.1.11-150600.5.25.1 * xorg-x11-server-21.1.11-150600.5.25.1 * xorg-x11-server-debugsource-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-extra-21.1.11-150600.5.25.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.25.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 08:30:53 -0000 Subject: SUSE-SU-2026:1330-1: important: Security update for xorg-x11-server Message-ID: <177624185388.1114.14991666763588772858@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1330-1 Release Date: 2026-04-14T17:09:03Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1330=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1330=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debuginfo-21.1.15-150700.5.16.1 * xorg-x11-server-sdk-21.1.15-150700.5.16.1 * xorg-x11-server-debugsource-21.1.15-150700.5.16.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-21.1.15-150700.5.16.1 * xorg-x11-server-debugsource-21.1.15-150700.5.16.1 * xorg-x11-server-extra-21.1.15-150700.5.16.1 * xorg-x11-server-debuginfo-21.1.15-150700.5.16.1 * xorg-x11-server-Xvfb-debuginfo-21.1.15-150700.5.16.1 * xorg-x11-server-21.1.15-150700.5.16.1 * xorg-x11-server-Xvfb-21.1.15-150700.5.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:31:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 08:31:03 -0000 Subject: SUSE-SU-2026:1329-1: important: Security update for xwayland Message-ID: <177624186331.1114.6024078828539439177@5d6d53449fb2> # Security update for xwayland Announcement ID: SUSE-SU-2026:1329-1 Release Date: 2026-04-14T17:06:21Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.6 An update that solves five vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1329=1 openSUSE-SLE-15.6-2026-1329=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xwayland-debuginfo-24.1.1-150600.5.23.1 * xwayland-24.1.1-150600.5.23.1 * xwayland-debugsource-24.1.1-150600.5.23.1 * xwayland-devel-24.1.1-150600.5.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:31:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 08:31:12 -0000 Subject: SUSE-SU-2026:1328-1: important: Security update for xwayland Message-ID: <177624187229.1114.1272851325699526496@5d6d53449fb2> # Security update for xwayland Announcement ID: SUSE-SU-2026:1328-1 Release Date: 2026-04-14T17:04:47Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1328=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * xwayland-debuginfo-24.1.5-150700.3.14.1 * xwayland-debugsource-24.1.5-150700.3.14.1 * xwayland-24.1.5-150700.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 12:30:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 12:30:10 -0000 Subject: SUSE-SU-2026:1338-1: moderate: Security update for giflib Message-ID: <177625621007.1445.14445526949080271303@2ec35c3f4c39> # Security update for giflib Announcement ID: SUSE-SU-2026:1338-1 Release Date: 2026-04-15T07:34:01Z Rating: moderate References: * bsc#1259502 Cross-References: * CVE-2026-23868 CVSS scores: * CVE-2026-23868 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23868 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-23868 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for giflib fixes the following issue: * CVE-2026-23868: double-free result of a shallow copy can lead to memory corruption (bsc#1259502). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1338=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1338=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * giflib-progs-debuginfo-5.2.2-150000.4.19.1 * libgif7-5.2.2-150000.4.19.1 * giflib-debugsource-5.2.2-150000.4.19.1 * libgif7-debuginfo-5.2.2-150000.4.19.1 * giflib-progs-5.2.2-150000.4.19.1 * giflib-devel-5.2.2-150000.4.19.1 * openSUSE Leap 15.6 (x86_64) * libgif7-32bit-5.2.2-150000.4.19.1 * libgif7-32bit-debuginfo-5.2.2-150000.4.19.1 * giflib-devel-32bit-5.2.2-150000.4.19.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libgif7-5.2.2-150000.4.19.1 * giflib-debugsource-5.2.2-150000.4.19.1 * libgif7-debuginfo-5.2.2-150000.4.19.1 * giflib-devel-5.2.2-150000.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23868.html * https://bugzilla.suse.com/show_bug.cgi?id=1259502 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 12:30:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 12:30:13 -0000 Subject: SUSE-SU-2026:1337-1: moderate: Security update for rust1.92 Message-ID: <177625621339.1445.12206441215704424851@2ec35c3f4c39> # Security update for rust1.92 Announcement ID: SUSE-SU-2026:1337-1 Release Date: 2026-04-15T07:33:35Z Rating: moderate References: * bsc#1259623 Cross-References: * CVE-2026-31812 CVSS scores: * CVE-2026-31812 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31812 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31812 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for rust1.92 fixes the following issues: * CVE-2026-31812: Denial of service via crafted QUIC initial packet (bsc#1259623). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1337=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1337=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1337=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cargo1.92-1.92.0-150300.7.6.1 * rust1.92-debuginfo-1.92.0-150300.7.6.1 * cargo1.92-debuginfo-1.92.0-150300.7.6.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.92-1.92.0-150300.7.6.1 * Development Tools Module 15-SP7 (noarch) * rust1.92-src-1.92.0-150300.7.6.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * cargo1.92-1.92.0-150300.7.6.1 * rust1.92-debuginfo-1.92.0-150300.7.6.1 * cargo1.92-debuginfo-1.92.0-150300.7.6.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.92-1.92.0-150300.7.6.1 * openSUSE Leap 15.3 (noarch) * rust1.92-src-1.92.0-150300.7.6.1 * openSUSE Leap 15.3 (nosrc) * rust1.92-test-1.92.0-150300.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cargo1.92-1.92.0-150300.7.6.1 * rust1.92-debuginfo-1.92.0-150300.7.6.1 * cargo1.92-debuginfo-1.92.0-150300.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.92-1.92.0-150300.7.6.1 * openSUSE Leap 15.6 (noarch) * rust1.92-src-1.92.0-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31812.html * https://bugzilla.suse.com/show_bug.cgi?id=1259623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 16:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 16:30:18 -0000 Subject: SUSE-SU-2026:1344-1: moderate: Security update for libssh Message-ID: <177627061804.2041.17386678333673502440@6fd1d05cebf0> # Security update for libssh Announcement ID: SUSE-SU-2026:1344-1 Release Date: 2026-04-15T10:21:31Z Rating: moderate References: * bsc#1258045 * bsc#1258049 * bsc#1258054 * bsc#1258080 * bsc#1258081 * bsc#1259377 Cross-References: * CVE-2026-0964 * CVE-2026-0965 * CVE-2026-0966 * CVE-2026-0967 * CVE-2026-0968 * CVE-2026-3731 CVSS scores: * CVE-2026-0964 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-0964 ( NVD ): 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-0965 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0965 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0966 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-0966 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-0967 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0967 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0967 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0967 ( NVD ): 2.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3731 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3731 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3731 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3731 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3731 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for libssh fixes the following issues: * CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). * CVE-2026-0964: SCP protocol path traversal in `ssh_scp_pull_request()` (bsc#1258049). * CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). * CVE-2026-0966: buffer underflow in `ssh_get_hexa()` on invalid input (bsc#1258054). * CVE-2026-0967: specially crafted patterns could cause a denial of service (bsc#1258081). * CVE-2026-0968: out-of-bounds read in `sftp_parse_longname()` (bsc#1258080). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1344=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libssh-devel-doc-0.6.3-12.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0964.html * https://www.suse.com/security/cve/CVE-2026-0965.html * https://www.suse.com/security/cve/CVE-2026-0966.html * https://www.suse.com/security/cve/CVE-2026-0967.html * https://www.suse.com/security/cve/CVE-2026-0968.html * https://www.suse.com/security/cve/CVE-2026-3731.html * https://bugzilla.suse.com/show_bug.cgi?id=1258045 * https://bugzilla.suse.com/show_bug.cgi?id=1258049 * https://bugzilla.suse.com/show_bug.cgi?id=1258054 * https://bugzilla.suse.com/show_bug.cgi?id=1258080 * https://bugzilla.suse.com/show_bug.cgi?id=1258081 * https://bugzilla.suse.com/show_bug.cgi?id=1259377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 16:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 16:30:21 -0000 Subject: SUSE-SU-2026:1343-1: moderate: Security update for Mesa Message-ID: <177627062159.2041.2327796285471490087@6fd1d05cebf0> # Security update for Mesa Announcement ID: SUSE-SU-2026:1343-1 Release Date: 2026-04-15T10:18:56Z Rating: moderate References: * bsc#1261998 Cross-References: * CVE-2026-40393 CVSS scores: * CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for Mesa fixes the following issue: * CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1343=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1343=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1343=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * Mesa-libGL1-20.2.4-150300.59.12.1 * Mesa-libEGL1-debuginfo-20.2.4-150300.59.12.1 * Mesa-libEGL-devel-20.2.4-150300.59.12.1 * Mesa-libGL-devel-20.2.4-150300.59.12.1 * libOSMesa-devel-20.2.4-150300.59.12.1 * Mesa-libGLESv1_CM-devel-20.2.4-150300.59.12.1 * libgbm1-20.2.4-150300.59.12.1 * Mesa-drivers-debugsource-20.2.4-150300.59.12.1 * Mesa-libGLESv2-devel-20.2.4-150300.59.12.1 * libgbm-devel-20.2.4-150300.59.12.1 * Mesa-dri-20.2.4-150300.59.12.1 * libOSMesa8-debuginfo-20.2.4-150300.59.12.1 * Mesa-KHR-devel-20.2.4-150300.59.12.1 * Mesa-libglapi-devel-20.2.4-150300.59.12.1 * Mesa-devel-20.2.4-150300.59.12.1 * Mesa-dri-devel-20.2.4-150300.59.12.1 * libOSMesa8-20.2.4-150300.59.12.1 * Mesa-libGLESv3-devel-20.2.4-150300.59.12.1 * Mesa-20.2.4-150300.59.12.1 * Mesa-debugsource-20.2.4-150300.59.12.1 * Mesa-dri-debuginfo-20.2.4-150300.59.12.1 * Mesa-libglapi0-20.2.4-150300.59.12.1 * Mesa-libEGL1-20.2.4-150300.59.12.1 * Mesa-libglapi0-debuginfo-20.2.4-150300.59.12.1 * Mesa-libGL1-debuginfo-20.2.4-150300.59.12.1 * libgbm1-debuginfo-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (x86_64) * libXvMC_nouveau-32bit-20.2.4-150300.59.12.1 * Mesa-libd3d-32bit-debuginfo-20.2.4-150300.59.12.1 * libvulkan_radeon-32bit-20.2.4-150300.59.12.1 * libgbm1-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libEGL1-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-gallium-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libd3d-32bit-20.2.4-150300.59.12.1 * Mesa-gallium-32bit-20.2.4-150300.59.12.1 * Mesa-32bit-20.2.4-150300.59.12.1 * Mesa-libglapi-devel-32bit-20.2.4-150300.59.12.1 * Mesa-vulkan-device-select-32bit-20.2.4-150300.59.12.1 * libgbm1-32bit-20.2.4-150300.59.12.1 * Mesa-dri-32bit-20.2.4-150300.59.12.1 * Mesa-libGLESv2-devel-32bit-20.2.4-150300.59.12.1 * libOSMesa8-32bit-20.2.4-150300.59.12.1 * libOSMesa8-32bit-debuginfo-20.2.4-150300.59.12.1 * libgbm-devel-32bit-20.2.4-150300.59.12.1 * libXvMC_nouveau-32bit-debuginfo-20.2.4-150300.59.12.1 * libvulkan_intel-32bit-20.2.4-150300.59.12.1 * Mesa-libglapi0-32bit-20.2.4-150300.59.12.1 * libvdpau_nouveau-32bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r600-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libGL1-32bit-20.2.4-150300.59.12.1 * libvdpau_radeonsi-32bit-20.2.4-150300.59.12.1 * libXvMC_r600-32bit-20.2.4-150300.59.12.1 * Mesa-libGL1-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-overlay-32bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r300-32bit-20.2.4-150300.59.12.1 * libvdpau_radeonsi-32bit-debuginfo-20.2.4-150300.59.12.1 * libXvMC_r600-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libd3d-devel-32bit-20.2.4-150300.59.12.1 * Mesa-libEGL1-32bit-20.2.4-150300.59.12.1 * libvdpau_r600-32bit-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-32bit-20.2.4-150300.59.12.1 * Mesa-libGL-devel-32bit-20.2.4-150300.59.12.1 * libOSMesa-devel-32bit-20.2.4-150300.59.12.1 * Mesa-libGLESv1_CM-devel-32bit-20.2.4-150300.59.12.1 * libvdpau_r300-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libglapi0-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-overlay-32bit-20.2.4-150300.59.12.1 * libvulkan_radeon-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-32bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_nouveau-32bit-20.2.4-150300.59.12.1 * Mesa-libEGL-devel-32bit-20.2.4-150300.59.12.1 * libvulkan_intel-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-device-select-32bit-debuginfo-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (aarch64 ppc64le x86_64 i586) * Mesa-gallium-20.2.4-150300.59.12.1 * libvdpau_r600-20.2.4-150300.59.12.1 * libXvMC_nouveau-20.2.4-150300.59.12.1 * libXvMC_r600-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-20.2.4-150300.59.12.1 * libvdpau_radeonsi-20.2.4-150300.59.12.1 * libxatracker2-1.0.0-150300.59.12.1 * libvdpau_radeonsi-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r300-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r300-20.2.4-150300.59.12.1 * Mesa-gallium-debuginfo-20.2.4-150300.59.12.1 * libxatracker2-debuginfo-1.0.0-150300.59.12.1 * Mesa-libva-20.2.4-150300.59.12.1 * libvdpau_nouveau-20.2.4-150300.59.12.1 * libXvMC_r600-20.2.4-150300.59.12.1 * Mesa-libva-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-debuginfo-20.2.4-150300.59.12.1 * Mesa-libOpenCL-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r600-debuginfo-20.2.4-150300.59.12.1 * libxatracker-devel-1.0.0-150300.59.12.1 * libvdpau_nouveau-debuginfo-20.2.4-150300.59.12.1 * libXvMC_nouveau-debuginfo-20.2.4-150300.59.12.1 * Mesa-libOpenCL-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (x86_64 i586) * Mesa-vulkan-device-select-debuginfo-20.2.4-150300.59.12.1 * libvulkan_radeon-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-device-select-20.2.4-150300.59.12.1 * libvulkan_intel-debuginfo-20.2.4-150300.59.12.1 * libvulkan_radeon-20.2.4-150300.59.12.1 * Mesa-vulkan-overlay-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-overlay-20.2.4-150300.59.12.1 * Mesa-libVulkan-devel-20.2.4-150300.59.12.1 * libvulkan_intel-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (aarch64 x86_64 i586) * Mesa-libd3d-devel-20.2.4-150300.59.12.1 * Mesa-libd3d-debuginfo-20.2.4-150300.59.12.1 * Mesa-libd3d-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (aarch64_ilp32) * Mesa-libEGL1-64bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r300-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-vc4-64bit-20.2.4-150300.59.12.1 * Mesa-libglapi0-64bit-20.2.4-150300.59.12.1 * libvdpau_radeonsi-64bit-20.2.4-150300.59.12.1 * Mesa-libGLESv2-devel-64bit-20.2.4-150300.59.12.1 * Mesa-gallium-64bit-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libEGL-devel-64bit-20.2.4-150300.59.12.1 * libvdpau_r600-64bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_nouveau-64bit-20.2.4-150300.59.12.1 * Mesa-libd3d-64bit-20.2.4-150300.59.12.1 * Mesa-libglapi-devel-64bit-20.2.4-150300.59.12.1 * libvdpau_r300-64bit-20.2.4-150300.59.12.1 * Mesa-dri-vc4-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libGLESv1_CM-devel-64bit-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-64bit-20.2.4-150300.59.12.1 * Mesa-libGL1-64bit-20.2.4-150300.59.12.1 * Mesa-libGL1-64bit-debuginfo-20.2.4-150300.59.12.1 * libgbm1-64bit-20.2.4-150300.59.12.1 * Mesa-libEGL1-64bit-20.2.4-150300.59.12.1 * libvdpau_nouveau-64bit-debuginfo-20.2.4-150300.59.12.1 * libXvMC_nouveau-64bit-debuginfo-20.2.4-150300.59.12.1 * libgbm-devel-64bit-20.2.4-150300.59.12.1 * libgbm1-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-64bit-20.2.4-150300.59.12.1 * libXvMC_nouveau-64bit-20.2.4-150300.59.12.1 * libOSMesa-devel-64bit-20.2.4-150300.59.12.1 * Mesa-dri-64bit-20.2.4-150300.59.12.1 * libOSMesa8-64bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_radeonsi-64bit-debuginfo-20.2.4-150300.59.12.1 * libOSMesa8-64bit-20.2.4-150300.59.12.1 * Mesa-libGL-devel-64bit-20.2.4-150300.59.12.1 * libXvMC_r600-64bit-20.2.4-150300.59.12.1 * Mesa-libd3d-64bit-debuginfo-20.2.4-150300.59.12.1 * libXvMC_r600-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libglapi0-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-64bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r600-64bit-20.2.4-150300.59.12.1 * Mesa-libd3d-devel-64bit-20.2.4-150300.59.12.1 * Mesa-gallium-64bit-debuginfo-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (aarch64) * Mesa-dri-vc4-20.2.4-150300.59.12.1 * Mesa-dri-vc4-debuginfo-20.2.4-150300.59.12.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * Mesa-debugsource-20.2.4-150300.59.12.1 * libgbm1-20.2.4-150300.59.12.1 * libgbm1-debuginfo-20.2.4-150300.59.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * Mesa-debugsource-20.2.4-150300.59.12.1 * libgbm1-20.2.4-150300.59.12.1 * libgbm1-debuginfo-20.2.4-150300.59.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40393.html * https://bugzilla.suse.com/show_bug.cgi?id=1261998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 16:30:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 16:30:33 -0000 Subject: SUSE-SU-2026:1342-1: important: Security update for the Linux Kernel Message-ID: <177627063380.2041.12982369595681346029@6fd1d05cebf0> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1342-1 Release Date: 2026-04-15T10:15:56Z Rating: important References: * bsc#1246057 * bsc#1257773 * bsc#1259797 * bsc#1260005 * bsc#1260009 * bsc#1260486 * bsc#1260730 Cross-References: * CVE-2025-38234 * CVE-2026-23103 * CVE-2026-23243 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23293 * CVE-2026-23398 CVSS scores: * CVE-2025-38234 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves seven vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues. The following security issues were fixed: * CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1342=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1342=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1342=1 ## Package List: * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (noarch) * kernel-devel-5.3.18-150300.59.241.1 * kernel-source-5.3.18-150300.59.241.1 * kernel-source-vanilla-5.3.18-150300.59.241.1 * kernel-docs-html-5.3.18-150300.59.241.1 * kernel-macros-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.241.1 * kernel-obs-build-debugsource-5.3.18-150300.59.241.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-optional-5.3.18-150300.59.241.1 * cluster-md-kmp-default-5.3.18-150300.59.241.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kselftests-kmp-default-5.3.18-150300.59.241.1 * reiserfs-kmp-default-5.3.18-150300.59.241.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-devel-5.3.18-150300.59.241.1 * ocfs2-kmp-default-5.3.18-150300.59.241.1 * kernel-default-extra-5.3.18-150300.59.241.1 * kernel-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-livepatch-5.3.18-150300.59.241.1 * dlm-kmp-default-5.3.18-150300.59.241.1 * kernel-default-base-rebuild-5.3.18-150300.59.241.1.150300.18.144.1 * kernel-obs-build-5.3.18-150300.59.241.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.241.1 * kernel-syms-5.3.18-150300.59.241.1 * gfs2-kmp-default-5.3.18-150300.59.241.1 * kernel-default-extra-debuginfo-5.3.18-150300.59.241.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-base-5.3.18-150300.59.241.1.150300.18.144.1 * kernel-default-optional-debuginfo-5.3.18-150300.59.241.1 * kernel-obs-qa-5.3.18-150300.59.241.1 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-kvmsmall-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.241.1 * kernel-kvmsmall-debugsource-5.3.18-150300.59.241.1 * kernel-kvmsmall-debuginfo-5.3.18-150300.59.241.1 * kernel-kvmsmall-devel-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 x86_64) * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * kselftests-kmp-preempt-5.3.18-150300.59.241.1 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.241.1 * reiserfs-kmp-preempt-5.3.18-150300.59.241.1 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.241.1 * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.241.1 * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * dlm-kmp-preempt-5.3.18-150300.59.241.1 * kernel-preempt-optional-5.3.18-150300.59.241.1 * kernel-preempt-debuginfo-5.3.18-150300.59.241.1 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * gfs2-kmp-preempt-5.3.18-150300.59.241.1 * ocfs2-kmp-preempt-5.3.18-150300.59.241.1 * kernel-preempt-devel-5.3.18-150300.59.241.1 * kernel-preempt-extra-5.3.18-150300.59.241.1 * kernel-preempt-debugsource-5.3.18-150300.59.241.1 * cluster-md-kmp-preempt-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.241.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64) * dtb-altera-5.3.18-150300.59.241.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.241.1 * reiserfs-kmp-64kb-5.3.18-150300.59.241.1 * dtb-arm-5.3.18-150300.59.241.1 * dtb-renesas-5.3.18-150300.59.241.1 * dtb-sprd-5.3.18-150300.59.241.1 * dtb-rockchip-5.3.18-150300.59.241.1 * dtb-exynos-5.3.18-150300.59.241.1 * dtb-zte-5.3.18-150300.59.241.1 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * kernel-64kb-extra-5.3.18-150300.59.241.1 * dtb-hisilicon-5.3.18-150300.59.241.1 * dtb-nvidia-5.3.18-150300.59.241.1 * kernel-64kb-debugsource-5.3.18-150300.59.241.1 * dtb-amlogic-5.3.18-150300.59.241.1 * dtb-mediatek-5.3.18-150300.59.241.1 * dtb-amd-5.3.18-150300.59.241.1 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.241.1 * dtb-qcom-5.3.18-150300.59.241.1 * dtb-socionext-5.3.18-150300.59.241.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * dlm-kmp-64kb-5.3.18-150300.59.241.1 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.241.1 * dtb-freescale-5.3.18-150300.59.241.1 * kernel-64kb-devel-5.3.18-150300.59.241.1 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * kernel-64kb-debuginfo-5.3.18-150300.59.241.1 * dtb-cavium-5.3.18-150300.59.241.1 * dtb-lg-5.3.18-150300.59.241.1 * cluster-md-kmp-64kb-5.3.18-150300.59.241.1 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * dtb-al-5.3.18-150300.59.241.1 * dtb-marvell-5.3.18-150300.59.241.1 * ocfs2-kmp-64kb-5.3.18-150300.59.241.1 * gfs2-kmp-64kb-5.3.18-150300.59.241.1 * dtb-broadcom-5.3.18-150300.59.241.1 * kselftests-kmp-64kb-5.3.18-150300.59.241.1 * dtb-allwinner-5.3.18-150300.59.241.1 * dtb-xilinx-5.3.18-150300.59.241.1 * kernel-64kb-optional-5.3.18-150300.59.241.1 * dtb-apm-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.241.1.150300.18.144.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.241.1 * kernel-default-debuginfo-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-macros-5.3.18-150300.59.241.1 * kernel-source-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.241.1.150300.18.144.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.241.1 * kernel-default-debuginfo-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-macros-5.3.18-150300.59.241.1 * kernel-source-5.3.18-150300.59.241.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38234.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://bugzilla.suse.com/show_bug.cgi?id=1246057 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:30:21 -0000 Subject: SUSE-SU-2026:1371-1: important: Security update for nodejs20 Message-ID: <177628502128.2815.5531492039570322363@6fd1d05cebf0> # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1371-1 Release Date: 2026-04-15T14:46:55Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1371=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * corepack20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * openSUSE Leap 15.5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:30:37 -0000 Subject: SUSE-SU-2026:1370-1: moderate: Security update for util-linux Message-ID: <177628503721.2815.10660434719021929002@6fd1d05cebf0> # Security update for util-linux Announcement ID: SUSE-SU-2026:1370-1 Release Date: 2026-04-15T14:44:53Z Rating: moderate References: * bsc#1258859 Cross-References: * CVE-2026-3184 CVSS scores: * CVE-2026-3184 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-3184 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for util-linux fixes the following issues: * CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" (bsc#1258859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1370=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libuuid1-32bit-2.33.2-4.51.1 * libmount-devel-2.33.2-4.51.1 * libblkid1-debuginfo-2.33.2-4.51.1 * libuuid1-2.33.2-4.51.1 * libuuid-devel-2.33.2-4.51.1 * uuidd-2.33.2-4.51.1 * util-linux-2.33.2-4.51.1 * libblkid1-2.33.2-4.51.1 * python-libmount-debuginfo-2.33.2-4.51.2 * libmount1-debuginfo-32bit-2.33.2-4.51.1 * util-linux-debugsource-2.33.2-4.51.1 * uuidd-debuginfo-2.33.2-4.51.1 * libblkid1-32bit-2.33.2-4.51.1 * libblkid1-debuginfo-32bit-2.33.2-4.51.1 * libfdisk1-debuginfo-2.33.2-4.51.1 * libmount1-32bit-2.33.2-4.51.1 * util-linux-debuginfo-2.33.2-4.51.1 * libuuid1-debuginfo-2.33.2-4.51.1 * libblkid-devel-2.33.2-4.51.1 * python-libmount-2.33.2-4.51.2 * python-libmount-debugsource-2.33.2-4.51.2 * libuuid1-debuginfo-32bit-2.33.2-4.51.1 * libmount1-2.33.2-4.51.1 * libmount1-debuginfo-2.33.2-4.51.1 * util-linux-systemd-2.33.2-4.51.1 * libsmartcols-devel-2.33.2-4.51.1 * libsmartcols1-2.33.2-4.51.1 * libfdisk1-2.33.2-4.51.1 * util-linux-systemd-debugsource-2.33.2-4.51.1 * util-linux-systemd-debuginfo-2.33.2-4.51.1 * libsmartcols1-debuginfo-2.33.2-4.51.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * util-linux-lang-2.33.2-4.51.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3184.html * https://bugzilla.suse.com/show_bug.cgi?id=1258859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:30:41 -0000 Subject: SUSE-SU-2026:1369-1: moderate: Security update for glibc Message-ID: <177628504195.2815.2325316458363274612@6fd1d05cebf0> # Security update for glibc Announcement ID: SUSE-SU-2026:1369-1 Release Date: 2026-04-15T14:43:10Z Rating: moderate References: * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1369=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1369=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1369=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1369=1 openSUSE-SLE-15.6-2026-1369=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1369=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * glibc-utils-2.38-150600.14.46.1 * glibc-devel-static-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-utils-src-debugsource-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-utils-debuginfo-2.38-150600.14.46.1 * Development Tools Module 15-SP7 (x86_64) * glibc-32bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-32bit-2.38-150600.14.46.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libnsl1-debuginfo-2.38-150600.14.46.1 * glibc-utils-2.38-150600.14.46.1 * glibc-2.38-150600.14.46.1 * glibc-extra-2.38-150600.14.46.1 * glibc-devel-static-2.38-150600.14.46.1 * nscd-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-extra-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-2.38-150600.14.46.1 * glibc-utils-src-debugsource-2.38-150600.14.46.1 * glibc-devel-2.38-150600.14.46.1 * glibc-profile-2.38-150600.14.46.1 * libnsl1-2.38-150600.14.46.1 * nscd-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-debuginfo-2.38-150600.14.46.1 * glibc-locale-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-devel-debuginfo-2.38-150600.14.46.1 * glibc-utils-debuginfo-2.38-150600.14.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * glibc-info-2.38-150600.14.46.1 * glibc-i18ndata-2.38-150600.14.46.1 * glibc-lang-2.38-150600.14.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libnsl1-32bit-debuginfo-2.38-150600.14.46.1 * libnsl1-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-2.38-150600.14.46.1 * glibc-devel-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.46.1 * glibc-32bit-2.38-150600.14.46.1 * glibc-32bit-debuginfo-2.38-150600.14.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libnsl1-debuginfo-2.38-150600.14.46.1 * glibc-utils-2.38-150600.14.46.1 * glibc-2.38-150600.14.46.1 * glibc-extra-2.38-150600.14.46.1 * glibc-devel-static-2.38-150600.14.46.1 * nscd-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-extra-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-2.38-150600.14.46.1 * glibc-utils-src-debugsource-2.38-150600.14.46.1 * glibc-devel-2.38-150600.14.46.1 * glibc-profile-2.38-150600.14.46.1 * libnsl1-2.38-150600.14.46.1 * nscd-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-debuginfo-2.38-150600.14.46.1 * glibc-locale-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-devel-debuginfo-2.38-150600.14.46.1 * glibc-utils-debuginfo-2.38-150600.14.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * glibc-info-2.38-150600.14.46.1 * glibc-i18ndata-2.38-150600.14.46.1 * glibc-lang-2.38-150600.14.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libnsl1-32bit-debuginfo-2.38-150600.14.46.1 * libnsl1-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-2.38-150600.14.46.1 * glibc-devel-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.46.1 * glibc-32bit-2.38-150600.14.46.1 * glibc-32bit-debuginfo-2.38-150600.14.46.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586 i686) * libnsl1-debuginfo-2.38-150600.14.46.1 * glibc-2.38-150600.14.46.1 * glibc-devel-static-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-2.38-150600.14.46.1 * libnsl1-2.38-150600.14.46.1 * glibc-devel-2.38-150600.14.46.1 * glibc-profile-2.38-150600.14.46.1 * glibc-locale-base-debuginfo-2.38-150600.14.46.1 * glibc-locale-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-devel-debuginfo-2.38-150600.14.46.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * glibc-utils-2.38-150600.14.46.1 * glibc-extra-2.38-150600.14.46.1 * nscd-2.38-150600.14.46.1 * glibc-extra-debuginfo-2.38-150600.14.46.1 * nscd-debuginfo-2.38-150600.14.46.1 * glibc-utils-src-debugsource-2.38-150600.14.46.1 * glibc-utils-debuginfo-2.38-150600.14.46.1 * openSUSE Leap 15.6 (noarch) * glibc-lang-2.38-150600.14.46.1 * glibc-info-2.38-150600.14.46.1 * glibc-i18ndata-2.38-150600.14.46.1 * glibc-html-2.38-150600.14.46.1 * openSUSE Leap 15.6 (x86_64) * libnsl1-32bit-debuginfo-2.38-150600.14.46.1 * libnsl1-32bit-2.38-150600.14.46.1 * glibc-utils-32bit-2.38-150600.14.46.1 * glibc-profile-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-2.38-150600.14.46.1 * glibc-utils-32bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-32bit-2.38-150600.14.46.1 * glibc-devel-static-32bit-2.38-150600.14.46.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1 * glibc-32bit-2.38-150600.14.46.1 * glibc-32bit-debuginfo-2.38-150600.14.46.1 * openSUSE Leap 15.6 (aarch64_ilp32) * glibc-profile-64bit-2.38-150600.14.46.1 * glibc-64bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-64bit-2.38-150600.14.46.1 * libnsl1-64bit-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-64bit-debuginfo-2.38-150600.14.46.1 * glibc-utils-64bit-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-64bit-2.38-150600.14.46.1 * glibc-devel-static-64bit-2.38-150600.14.46.1 * glibc-devel-64bit-debuginfo-2.38-150600.14.46.1 * glibc-64bit-2.38-150600.14.46.1 * libnsl1-64bit-2.38-150600.14.46.1 * glibc-utils-64bit-2.38-150600.14.46.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libnsl1-debuginfo-2.38-150600.14.46.1 * glibc-2.38-150600.14.46.1 * glibc-extra-2.38-150600.14.46.1 * nscd-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-extra-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-2.38-150600.14.46.1 * libnsl1-2.38-150600.14.46.1 * glibc-devel-2.38-150600.14.46.1 * glibc-profile-2.38-150600.14.46.1 * nscd-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-debuginfo-2.38-150600.14.46.1 * glibc-locale-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-devel-debuginfo-2.38-150600.14.46.1 * Basesystem Module 15-SP7 (noarch) * glibc-info-2.38-150600.14.46.1 * glibc-i18ndata-2.38-150600.14.46.1 * glibc-lang-2.38-150600.14.46.1 * Basesystem Module 15-SP7 (x86_64) * libnsl1-32bit-debuginfo-2.38-150600.14.46.1 * libnsl1-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1 * glibc-32bit-2.38-150600.14.46.1 * glibc-32bit-debuginfo-2.38-150600.14.46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:30:46 -0000 Subject: SUSE-SU-2026:1368-1: important: Security update for libpng16 Message-ID: <177628504643.2815.2003728341904138759@6fd1d05cebf0> # Security update for libpng16 Announcement ID: SUSE-SU-2026:1368-1 Release Date: 2026-04-15T14:35:40Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1368=1 openSUSE-SLE-15.6-2026-1368=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1368=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1368=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1368=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libpng16-compat-devel-1.6.40-150600.3.17.1 * libpng16-devel-1.6.40-150600.3.17.1 * libpng16-debugsource-1.6.40-150600.3.17.1 * libpng16-16-debuginfo-1.6.40-150600.3.17.1 * libpng16-tools-1.6.40-150600.3.17.1 * libpng16-tools-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-1.6.40-150600.3.17.1 * openSUSE Leap 15.6 (x86_64) * libpng16-16-32bit-1.6.40-150600.3.17.1 * libpng16-compat-devel-32bit-1.6.40-150600.3.17.1 * libpng16-devel-32bit-1.6.40-150600.3.17.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpng16-16-64bit-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-64bit-1.6.40-150600.3.17.1 * libpng16-compat-devel-64bit-1.6.40-150600.3.17.1 * libpng16-devel-64bit-1.6.40-150600.3.17.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.40-150600.3.17.1 * libpng16-devel-1.6.40-150600.3.17.1 * libpng16-debugsource-1.6.40-150600.3.17.1 * libpng16-16-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-1.6.40-150600.3.17.1 * Basesystem Module 15-SP7 (x86_64) * libpng16-16-32bit-1.6.40-150600.3.17.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.40-150600.3.17.1 * libpng16-devel-1.6.40-150600.3.17.1 * libpng16-debugsource-1.6.40-150600.3.17.1 * libpng16-16-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-1.6.40-150600.3.17.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libpng16-16-32bit-1.6.40-150600.3.17.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libpng16-compat-devel-1.6.40-150600.3.17.1 * libpng16-devel-1.6.40-150600.3.17.1 * libpng16-debugsource-1.6.40-150600.3.17.1 * libpng16-16-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-1.6.40-150600.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libpng16-16-32bit-1.6.40-150600.3.17.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:30:52 -0000 Subject: SUSE-SU-2026:1367-1: important: Security update for mariadb Message-ID: <177628505205.2815.16822383315098271449@6fd1d05cebf0> # Security update for mariadb Announcement ID: SUSE-SU-2026:1367-1 Release Date: 2026-04-15T14:34:12Z Rating: important References: * bsc#1260081 Cross-References: * CVE-2026-32710 CVSS scores: * CVE-2026-32710 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32710 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-32710 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-32710 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Galera for Ericsson 15 SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: Update to version 11.8.6. * https://mariadb.com/docs/release-notes/community-server/11.8/11.8.6 * https://mariadb.com/docs/release-notes/community- server/changelogs/11.8/11.8.6 Security issues fixed: * CVE-2026-32710: heap-based buffer overflow via `JSON_SCHEMA_VALID()` can lead to crash or remote code execution (bsc#1260081). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1367=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1367=1 * Galera for Ericsson 15 SP7 zypper in -t patch SUSE-SLE-Product-SLES-15-SP7-ERICSSON-2026-1367=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * mariadb-debugsource-11.8.6-150700.3.12.1 * mariadb-debuginfo-11.8.6-150700.3.12.1 * mariadb-galera-11.8.6-150700.3.12.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libmariadbd-devel-11.8.6-150700.3.12.1 * mariadb-client-11.8.6-150700.3.12.1 * mariadb-debugsource-11.8.6-150700.3.12.1 * mariadb-debuginfo-11.8.6-150700.3.12.1 * mariadb-11.8.6-150700.3.12.1 * libmariadbd19-11.8.6-150700.3.12.1 * mariadb-client-debuginfo-11.8.6-150700.3.12.1 * mariadb-tools-11.8.6-150700.3.12.1 * mariadb-tools-debuginfo-11.8.6-150700.3.12.1 * libmariadbd19-debuginfo-11.8.6-150700.3.12.1 * Server Applications Module 15-SP7 (noarch) * mariadb-errormessages-11.8.6-150700.3.12.1 * Galera for Ericsson 15 SP7 (x86_64) * mariadb-debugsource-11.8.6-150700.3.12.1 * mariadb-debuginfo-11.8.6-150700.3.12.1 * mariadb-galera-11.8.6-150700.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32710.html * https://bugzilla.suse.com/show_bug.cgi?id=1260081 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:55 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:30:55 -0000 Subject: SUSE-SU-2026:1366-1: important: Security update for bind Message-ID: <177628505514.2815.7369740717587960550@6fd1d05cebf0> # Security update for bind Announcement ID: SUSE-SU-2026:1366-1 Release Date: 2026-04-15T14:33:07Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1366=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1366=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1366=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1366=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libirs-devel-9.16.6-150300.22.56.1 * libns1604-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-debuginfo-9.16.6-150300.22.56.1 * libns1604-9.16.6-150300.22.56.1 * libirs1601-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-9.16.6-150300.22.56.1 * libisc1606-9.16.6-150300.22.56.1 * bind-9.16.6-150300.22.56.1 * bind-devel-9.16.6-150300.22.56.1 * libisccc1600-9.16.6-150300.22.56.1 * libisccc1600-debuginfo-9.16.6-150300.22.56.1 * libirs1601-9.16.6-150300.22.56.1 * libisc1606-debuginfo-9.16.6-150300.22.56.1 * libdns1605-debuginfo-9.16.6-150300.22.56.1 * libdns1605-9.16.6-150300.22.56.1 * libbind9-1600-debuginfo-9.16.6-150300.22.56.1 * bind-chrootenv-9.16.6-150300.22.56.1 * bind-utils-9.16.6-150300.22.56.1 * bind-debuginfo-9.16.6-150300.22.56.1 * bind-debugsource-9.16.6-150300.22.56.1 * bind-utils-debuginfo-9.16.6-150300.22.56.1 * libbind9-1600-9.16.6-150300.22.56.1 * openSUSE Leap 15.3 (noarch) * python3-bind-9.16.6-150300.22.56.1 * bind-doc-9.16.6-150300.22.56.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libdns1605-debuginfo-9.16.6-150300.22.56.1 * libirs-devel-9.16.6-150300.22.56.1 * bind-debugsource-9.16.6-150300.22.56.1 * libisccfg1600-debuginfo-9.16.6-150300.22.56.1 * libdns1605-9.16.6-150300.22.56.1 * libirs1601-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-9.16.6-150300.22.56.1 * libirs1601-9.16.6-150300.22.56.1 * libisc1606-debuginfo-9.16.6-150300.22.56.1 * libisc1606-9.16.6-150300.22.56.1 * bind-debuginfo-9.16.6-150300.22.56.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libdns1605-debuginfo-9.16.6-150300.22.56.1 * libirs-devel-9.16.6-150300.22.56.1 * bind-debugsource-9.16.6-150300.22.56.1 * libisccfg1600-debuginfo-9.16.6-150300.22.56.1 * libdns1605-9.16.6-150300.22.56.1 * libirs1601-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-9.16.6-150300.22.56.1 * libirs1601-9.16.6-150300.22.56.1 * libisc1606-debuginfo-9.16.6-150300.22.56.1 * libisc1606-9.16.6-150300.22.56.1 * bind-debuginfo-9.16.6-150300.22.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libdns1605-debuginfo-9.16.6-150300.22.56.1 * libirs-devel-9.16.6-150300.22.56.1 * bind-debugsource-9.16.6-150300.22.56.1 * libisccfg1600-debuginfo-9.16.6-150300.22.56.1 * libdns1605-9.16.6-150300.22.56.1 * libirs1601-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-9.16.6-150300.22.56.1 * libirs1601-9.16.6-150300.22.56.1 * libisc1606-debuginfo-9.16.6-150300.22.56.1 * libisc1606-9.16.6-150300.22.56.1 * bind-debuginfo-9.16.6-150300.22.56.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:30:58 -0000 Subject: SUSE-SU-2026:1365-1: low: Security update for python Message-ID: <177628505843.2815.16052217198460270567@6fd1d05cebf0> # Security update for python Announcement ID: SUSE-SU-2026:1365-1 Release Date: 2026-04-15T14:30:36Z Rating: low References: * bsc#1259989 Cross-References: * CVE-2026-3479 CVSS scores: * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python fixes the following issues: * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data` can allow path traversal (bsc#1259989). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1365=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python-2.7.18-150000.114.1 * python-base-debuginfo-2.7.18-150000.114.1 * python-debugsource-2.7.18-150000.114.1 * python-base-2.7.18-150000.114.1 * python-xml-debuginfo-2.7.18-150000.114.1 * python-curses-debuginfo-2.7.18-150000.114.1 * libpython2_7-1_0-2.7.18-150000.114.1 * python-gdbm-debuginfo-2.7.18-150000.114.1 * python-xml-2.7.18-150000.114.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.114.1 * python-debuginfo-2.7.18-150000.114.1 * python-gdbm-2.7.18-150000.114.1 * python-base-debugsource-2.7.18-150000.114.1 * python-curses-2.7.18-150000.114.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3479.html * https://bugzilla.suse.com/show_bug.cgi?id=1259989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:31:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:31:35 -0000 Subject: SUSE-SU-2026:1364-1: important: Security update for webkit2gtk3 Message-ID: <177628509567.2815.15740108990174417332@6fd1d05cebf0> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:1364-1 Release Date: 2026-04-15T14:28:23Z Rating: important References: * bsc#1259934 * bsc#1259935 * bsc#1259936 * bsc#1259937 * bsc#1259938 * bsc#1259939 * bsc#1259940 * bsc#1259941 * bsc#1259942 * bsc#1259943 * bsc#1259944 * bsc#1259945 * bsc#1259946 * bsc#1259947 * bsc#1259948 * bsc#1259949 * bsc#1259950 * bsc#1261172 * bsc#1261173 * bsc#1261174 * bsc#1261175 * bsc#1261176 * bsc#1261177 * bsc#1261178 * bsc#1261179 Cross-References: * CVE-2023-43010 * CVE-2025-31223 * CVE-2025-31277 * CVE-2025-43213 * CVE-2025-43214 * CVE-2025-43433 * CVE-2025-43438 * CVE-2025-43441 * CVE-2025-43457 * CVE-2025-43511 * CVE-2025-46299 * CVE-2026-20608 * CVE-2026-20635 * CVE-2026-20636 * CVE-2026-20643 * CVE-2026-20644 * CVE-2026-20652 * CVE-2026-20664 * CVE-2026-20665 * CVE-2026-20676 * CVE-2026-20691 * CVE-2026-28857 * CVE-2026-28859 * CVE-2026-28861 * CVE-2026-28871 CVSS scores: * CVE-2023-43010 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-43010 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43010 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31223 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31277 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43213 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43213 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43214 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43214 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43214 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43433 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43433 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43433 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43438 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43441 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43441 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43441 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43457 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43457 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43457 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43511 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43511 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43511 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46299 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-46299 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-46299 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20608 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20608 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20635 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20636 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20636 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20636 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20644 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20644 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20652 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20652 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-20676 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-20676 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: * CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption (bsc#1259950). * CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption (bsc#1259949). * CVE-2025-31277: processing maliciously crafted web content may lead to memory corruption (bsc#1259948). * CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259947). * CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259946). * CVE-2025-43433: processing maliciously crafted web content may lead to memory corruption (bsc#1259945). * CVE-2025-43438: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259944). * CVE-2025-43441: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259943). * CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259942). * CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259941). * CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app (bsc#1259940). * CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259939). * CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259938). * CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259937). * CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy (bsc#1261172). * CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259936). * CVE-2026-20652: a remote attacker may be able to cause a denial-of-service (bsc#1259935). * CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261173). * CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced (bsc#1261174). * CVE-2026-20676: a website may be able to track users through web extensions (bsc#1259934). * CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint the user (bsc#1261175). * CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261176). * CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox (bsc#1261177). * CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins (bsc#1261178). * CVE-2026-28871: visiting a maliciously crafted website may lead to a cross- site scripting attack (bsc#1261179). Other updates and bugfixes: * Make scrolling with touch input smoother for small movements. * Fix estimated load progress of downloads when Content-Length value is wrong. * Ensure that "scrollend" events are correctly emitted after scroll animations. * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1364=1 openSUSE-SLE-15.6-2026-1364=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1364=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1364=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1364=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1364=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1364=1 ## Package List: * openSUSE Leap 15.6 (noarch) * WebKitGTK-4.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-6.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-4.1-lang-2.52.1-150600.12.63.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * webkit2gtk4-minibrowser-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1 * webkit-jsc-6.0-debuginfo-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-minibrowser-2.52.1-150600.12.63.1 * webkit2gtk4-devel-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * webkit-jsc-4-2.52.1-150600.12.63.1 * webkit-jsc-6.0-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-devel-2.52.1-150600.12.63.1 * webkit2gtk4-minibrowser-2.52.1-150600.12.63.1 * webkit-jsc-4.1-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * webkit-jsc-4-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1 * webkit-jsc-4.1-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1 * webkit2gtk3-minibrowser-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1 * webkit2gtk3-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-minibrowser-debuginfo-2.52.1-150600.12.63.1 * openSUSE Leap 15.6 (x86_64) * libwebkit2gtk-4_1-0-32bit-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-32bit-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-32bit-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-32bit-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.52.1-150600.12.63.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-64bit-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-64bit-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-64bit-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.52.1-150600.12.63.1 * Basesystem Module 15-SP7 (noarch) * WebKitGTK-4.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-6.0-lang-2.52.1-150600.12.63.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1 * Desktop Applications Module 15-SP7 (noarch) * WebKitGTK-4.1-lang-2.52.1-150600.12.63.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1 * webkit2gtk3-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-devel-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1 * webkit2gtk4-devel-2.52.1-150600.12.63.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * WebKitGTK-4.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-6.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-4.1-lang-2.52.1-150600.12.63.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-2.52.1-150600.12.63.1 * webkit2gtk4-devel-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-devel-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1 * webkit2gtk3-debugsource-2.52.1-150600.12.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * WebKitGTK-4.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-6.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-4.1-lang-2.52.1-150600.12.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-2.52.1-150600.12.63.1 * webkit2gtk4-devel-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-devel-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1 * webkit2gtk3-debugsource-2.52.1-150600.12.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43010.html * https://www.suse.com/security/cve/CVE-2025-31223.html * https://www.suse.com/security/cve/CVE-2025-31277.html * https://www.suse.com/security/cve/CVE-2025-43213.html * https://www.suse.com/security/cve/CVE-2025-43214.html * https://www.suse.com/security/cve/CVE-2025-43433.html * https://www.suse.com/security/cve/CVE-2025-43438.html * https://www.suse.com/security/cve/CVE-2025-43441.html * https://www.suse.com/security/cve/CVE-2025-43457.html * https://www.suse.com/security/cve/CVE-2025-43511.html * https://www.suse.com/security/cve/CVE-2025-46299.html * https://www.suse.com/security/cve/CVE-2026-20608.html * https://www.suse.com/security/cve/CVE-2026-20635.html * https://www.suse.com/security/cve/CVE-2026-20636.html * https://www.suse.com/security/cve/CVE-2026-20643.html * https://www.suse.com/security/cve/CVE-2026-20644.html * https://www.suse.com/security/cve/CVE-2026-20652.html * https://www.suse.com/security/cve/CVE-2026-20664.html * https://www.suse.com/security/cve/CVE-2026-20665.html * https://www.suse.com/security/cve/CVE-2026-20676.html * https://www.suse.com/security/cve/CVE-2026-20691.html * https://www.suse.com/security/cve/CVE-2026-28857.html * https://www.suse.com/security/cve/CVE-2026-28859.html * https://www.suse.com/security/cve/CVE-2026-28861.html * https://www.suse.com/security/cve/CVE-2026-28871.html * https://bugzilla.suse.com/show_bug.cgi?id=1259934 * https://bugzilla.suse.com/show_bug.cgi?id=1259935 * https://bugzilla.suse.com/show_bug.cgi?id=1259936 * https://bugzilla.suse.com/show_bug.cgi?id=1259937 * https://bugzilla.suse.com/show_bug.cgi?id=1259938 * https://bugzilla.suse.com/show_bug.cgi?id=1259939 * https://bugzilla.suse.com/show_bug.cgi?id=1259940 * https://bugzilla.suse.com/show_bug.cgi?id=1259941 * https://bugzilla.suse.com/show_bug.cgi?id=1259942 * https://bugzilla.suse.com/show_bug.cgi?id=1259943 * https://bugzilla.suse.com/show_bug.cgi?id=1259944 * https://bugzilla.suse.com/show_bug.cgi?id=1259945 * https://bugzilla.suse.com/show_bug.cgi?id=1259946 * https://bugzilla.suse.com/show_bug.cgi?id=1259947 * https://bugzilla.suse.com/show_bug.cgi?id=1259948 * https://bugzilla.suse.com/show_bug.cgi?id=1259949 * https://bugzilla.suse.com/show_bug.cgi?id=1259950 * https://bugzilla.suse.com/show_bug.cgi?id=1261172 * https://bugzilla.suse.com/show_bug.cgi?id=1261173 * https://bugzilla.suse.com/show_bug.cgi?id=1261174 * https://bugzilla.suse.com/show_bug.cgi?id=1261175 * https://bugzilla.suse.com/show_bug.cgi?id=1261176 * https://bugzilla.suse.com/show_bug.cgi?id=1261177 * https://bugzilla.suse.com/show_bug.cgi?id=1261178 * https://bugzilla.suse.com/show_bug.cgi?id=1261179 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:32:05 -0000 Subject: SUSE-SU-2026:1363-1: important: Security update for nodejs20 Message-ID: <177628512525.2815.10804506968315554640@6fd1d05cebf0> # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1363-1 Release Date: 2026-04-15T14:16:21Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1363=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1363=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1363=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * corepack20-20.20.2-150600.3.18.1 * openSUSE Leap 15.6 (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:32:18 -0000 Subject: SUSE-SU-2026:1361-1: important: Security update for himmelblau Message-ID: <177628513860.2815.16637561201568650014@6fd1d05cebf0> # Security update for himmelblau Announcement ID: SUSE-SU-2026:1361-1 Release Date: 2026-04-15T14:14:01Z Rating: important References: * bsc#1233949 * bsc#1245437 * bsc#1247735 * bsc#1249013 * bsc#1257904 * bsc#1258236 * bsc#1259548 * bsc#1261324 * jsc#PED-14511 Cross-References: * CVE-2024-11738 * CVE-2025-53013 * CVE-2025-54882 * CVE-2025-58160 * CVE-2026-25727 * CVE-2026-31979 * CVE-2026-34397 CVSS scores: * CVE-2024-11738 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-11738 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-11738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-11738 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-53013 ( SUSE ): 4.3 CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-53013 ( SUSE ): 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-53013 ( NVD ): 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-54882 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-54882 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-54882 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-58160 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31979 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-31979 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34397 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34397 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves seven vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b; (jsc#PED-14511): * CVE-2026-34397: Fix LPE due to name collision during NSS fake-primary group lookup (bsc#1261324). * CVE-2026-31979: Fix race condition when accessiung /tmp/krb5cc_uid (bsc#1259548). * CVE-2026-25727: deps(rust): Bump the `all-cargo-updates` group with 8 updates (bsc#1257904). * CVE-2025-58160: deps(rust): Bump `tracing-subscriber` in the cargo group (bsc#1249013). * CVE-2025-54882: Fix Kerberos credential cache permissions (bsc#1247735). * CVE-2025-53013: Fix permitted authentication with invalid Hello PIN (bsc#1245437). * CVE-2024-11738: Fix `rustls` network-reachable panic in `Acceptor::accept` (bsc#1233949). Other bug fixes: * Fix SELinux module packaging to use standard policy macros (bsc#1258236). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1361=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 x86_64) * himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1 * himmelblau-debuginfo-2.3.9+git0.a9fd29b-150700.3.15.1 * libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1 * pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1 * Basesystem Module 15-SP7 (noarch) * himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11738.html * https://www.suse.com/security/cve/CVE-2025-53013.html * https://www.suse.com/security/cve/CVE-2025-54882.html * https://www.suse.com/security/cve/CVE-2025-58160.html * https://www.suse.com/security/cve/CVE-2026-25727.html * https://www.suse.com/security/cve/CVE-2026-31979.html * https://www.suse.com/security/cve/CVE-2026-34397.html * https://bugzilla.suse.com/show_bug.cgi?id=1233949 * https://bugzilla.suse.com/show_bug.cgi?id=1245437 * https://bugzilla.suse.com/show_bug.cgi?id=1247735 * https://bugzilla.suse.com/show_bug.cgi?id=1249013 * https://bugzilla.suse.com/show_bug.cgi?id=1257904 * https://bugzilla.suse.com/show_bug.cgi?id=1258236 * https://bugzilla.suse.com/show_bug.cgi?id=1259548 * https://bugzilla.suse.com/show_bug.cgi?id=1261324 * https://jira.suse.com/browse/PED-14511 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:32:21 -0000 Subject: SUSE-SU-2026:1360-1: important: Security update for tigervnc Message-ID: <177628514151.2815.12181575922750262773@6fd1d05cebf0> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1360-1 Release Date: 2026-04-15T14:10:53Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1360=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1360=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libXvnc1-1.14.1-150700.4.3.1 * xorg-x11-Xvnc-1.14.1-150700.4.3.1 * xorg-x11-Xvnc-debuginfo-1.14.1-150700.4.3.1 * tigervnc-1.14.1-150700.4.3.1 * tigervnc-debugsource-1.14.1-150700.4.3.1 * tigervnc-debuginfo-1.14.1-150700.4.3.1 * libXvnc1-debuginfo-1.14.1-150700.4.3.1 * Basesystem Module 15-SP7 (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.14.1-150700.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.14.1-150700.4.3.1 * Basesystem Module 15-SP7 (noarch) * xorg-x11-Xvnc-novnc-1.14.1-150700.4.3.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libXvnc-devel-1.14.1-150700.4.3.1 * tigervnc-debugsource-1.14.1-150700.4.3.1 * tigervnc-debuginfo-1.14.1-150700.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:32:24 -0000 Subject: SUSE-SU-2026:1359-1: important: Security update for sudo Message-ID: <177628514446.2815.6145754290035450269@6fd1d05cebf0> # Security update for sudo Announcement ID: SUSE-SU-2026:1359-1 Release Date: 2026-04-15T14:07:04Z Rating: important References: * bsc#1261420 Cross-References: * CVE-2026-35535 CVSS scores: * CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for sudo fixes the following issue: * CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1359=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1359=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1359=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1359=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * sudo-debugsource-1.9.15p5-150600.3.15.1 * sudo-devel-1.9.15p5-150600.3.15.1 * system-group-sudo-1.9.15p5-150600.3.15.1 * sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1 * sudo-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-1.9.15p5-150600.3.15.1 * sudo-1.9.15p5-150600.3.15.1 * sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * sudo-debugsource-1.9.15p5-150600.3.15.1 * sudo-devel-1.9.15p5-150600.3.15.1 * system-group-sudo-1.9.15p5-150600.3.15.1 * sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1 * sudo-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-1.9.15p5-150600.3.15.1 * sudo-1.9.15p5-150600.3.15.1 * sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * sudo-debugsource-1.9.15p5-150600.3.15.1 * sudo-devel-1.9.15p5-150600.3.15.1 * system-group-sudo-1.9.15p5-150600.3.15.1 * sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1 * sudo-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-1.9.15p5-150600.3.15.1 * sudo-1.9.15p5-150600.3.15.1 * sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * sudo-test-1.9.15p5-150600.3.15.1 * sudo-debugsource-1.9.15p5-150600.3.15.1 * sudo-devel-1.9.15p5-150600.3.15.1 * system-group-sudo-1.9.15p5-150600.3.15.1 * sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1 * sudo-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-1.9.15p5-150600.3.15.1 * sudo-1.9.15p5-150600.3.15.1 * sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35535.html * https://bugzilla.suse.com/show_bug.cgi?id=1261420 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:32:41 -0000 Subject: SUSE-SU-2026:1356-1: moderate: Security update for nfs-utils Message-ID: <177628516167.2815.17901786220452777743@6fd1d05cebf0> # Security update for nfs-utils Announcement ID: SUSE-SU-2026:1356-1 Release Date: 2026-04-15T13:43:53Z Rating: moderate References: * bsc#1246505 * bsc#1259204 Cross-References: * CVE-2025-12801 CVSS scores: * CVE-2025-12801 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-12801 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-12801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for nfs-utils fixes the following issue: Security fixes: * CVE-2025-12801: rpc.mountd allows a NFSv3 client to escalate their privileges and access subdirectories and subtrees of an exported directory (bsc#1259204). Other fixes: * Split from nfs-utils into its own spec and changelog file (bsc#1246505). * Split legacy libnfsidmap0 into a separate spec file (bsc#1246505). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1356=1 openSUSE-SLE-15.6-2026-1356=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1356=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1356=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1356=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap0-0.26-150600.28.19.1 * nfs-doc-2.6.4-150600.28.19.1 * nfs-client-2.6.4-150600.28.19.1 * nfs-kernel-server-2.6.4-150600.28.19.1 * nfs-utils-debugsource-2.6.4-150600.28.19.1 * libnfsidmap0-debugsource-0.26-150600.28.19.1 * libnfsidmap1-1.0-150600.28.19.1 * nfs-utils-debuginfo-2.6.4-150600.28.19.1 * nfsidmap-devel-1.0-150600.28.19.1 * nfsidmap0-devel-0.26-150600.28.19.1 * libnfsidmap0-debuginfo-0.26-150600.28.19.1 * nfs-client-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap1-debuginfo-1.0-150600.28.19.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap0-0.26-150600.28.19.1 * nfs-doc-2.6.4-150600.28.19.1 * nfs-client-2.6.4-150600.28.19.1 * nfs-kernel-server-2.6.4-150600.28.19.1 * nfs-utils-debugsource-2.6.4-150600.28.19.1 * libnfsidmap1-1.0-150600.28.19.1 * nfs-utils-debuginfo-2.6.4-150600.28.19.1 * nfsidmap-devel-1.0-150600.28.19.1 * nfsidmap0-devel-0.26-150600.28.19.1 * libnfsidmap0-debuginfo-0.26-150600.28.19.1 * nfs-client-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap1-debuginfo-1.0-150600.28.19.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap0-0.26-150600.28.19.1 * nfs-doc-2.6.4-150600.28.19.1 * nfs-client-2.6.4-150600.28.19.1 * nfs-kernel-server-2.6.4-150600.28.19.1 * nfs-utils-debugsource-2.6.4-150600.28.19.1 * libnfsidmap1-1.0-150600.28.19.1 * nfs-utils-debuginfo-2.6.4-150600.28.19.1 * nfsidmap-devel-1.0-150600.28.19.1 * nfsidmap0-devel-0.26-150600.28.19.1 * nfs-client-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap1-debuginfo-1.0-150600.28.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap0-0.26-150600.28.19.1 * nfs-doc-2.6.4-150600.28.19.1 * nfs-client-2.6.4-150600.28.19.1 * nfs-kernel-server-2.6.4-150600.28.19.1 * nfs-utils-debugsource-2.6.4-150600.28.19.1 * libnfsidmap1-1.0-150600.28.19.1 * nfs-utils-debuginfo-2.6.4-150600.28.19.1 * nfsidmap-devel-1.0-150600.28.19.1 * nfsidmap0-devel-0.26-150600.28.19.1 * nfs-client-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap1-debuginfo-1.0-150600.28.19.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12801.html * https://bugzilla.suse.com/show_bug.cgi?id=1246505 * https://bugzilla.suse.com/show_bug.cgi?id=1259204 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:32:47 -0000 Subject: SUSE-SU-2026:1355-1: important: Security update for rubygem-bundler Message-ID: <177628516715.2815.15687240548374175379@6fd1d05cebf0> # Security update for rubygem-bundler Announcement ID: SUSE-SU-2026:1355-1 Release Date: 2026-04-15T13:37:50Z Rating: important References: * bsc#1185842 * bsc#1193578 Cross-References: * CVE-2020-36327 * CVE-2021-43809 CVSS scores: * CVE-2020-36327 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-36327 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43809 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43809 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43809 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for rubygem-bundler fixes the following issues: Updated to version 2.2.34. * CVE-2020-36327: Bundler chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) * CVE-2021-43809: rubygem-bundler: remote execution via Gemfile argument injection (bsc#1193578) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1355=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-bundler-2.2.34-150700.21.3.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36327.html * https://www.suse.com/security/cve/CVE-2021-43809.html * https://bugzilla.suse.com/show_bug.cgi?id=1185842 * https://bugzilla.suse.com/show_bug.cgi?id=1193578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:32:58 -0000 Subject: SUSE-SU-2026:1354-1: important: Security update for python313 Message-ID: <177628517804.2815.2503805463320863112@6fd1d05cebf0> # Security update for python313 Announcement ID: SUSE-SU-2026:1354-1 Release Date: 2026-04-15T13:37:43Z Rating: important References: * bsc#1257181 * bsc#1259240 * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 * jsc#PED-15850 Cross-References: * CVE-2025-13462 * CVE-2026-1299 * CVE-2026-2297 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for python313 fixes the following issues: * Update to v3.13.13 * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1354=1 ## Package List: * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python313-3.13.13-150700.4.45.1 * python313-base-3.13.13-150700.4.45.1 * python313-dbm-debuginfo-3.13.13-150700.4.45.1 * python313-curses-debuginfo-3.13.13-150700.4.45.1 * python313-debugsource-3.13.13-150700.4.45.1 * python313-idle-3.13.13-150700.4.45.1 * python313-tk-debuginfo-3.13.13-150700.4.45.1 * libpython3_13-1_0-debuginfo-3.13.13-150700.4.45.1 * python313-dbm-3.13.13-150700.4.45.1 * libpython3_13-1_0-3.13.13-150700.4.45.1 * python313-core-debugsource-3.13.13-150700.4.45.1 * python313-curses-3.13.13-150700.4.45.1 * python313-devel-3.13.13-150700.4.45.1 * python313-tools-3.13.13-150700.4.45.1 * python313-tk-3.13.13-150700.4.45.1 * python313-base-debuginfo-3.13.13-150700.4.45.1 * python313-debuginfo-3.13.13-150700.4.45.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 * https://jira.suse.com/browse/PED-15850 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:33:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:33:03 -0000 Subject: SUSE-SU-2026:1353-1: important: Security update for netty, netty-tcnative Message-ID: <177628518356.2815.7101050058313086837@6fd1d05cebf0> # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2026:1353-1 Release Date: 2026-04-15T13:37:31Z Rating: important References: * bsc#1261031 * bsc#1261043 Cross-References: * CVE-2026-33870 * CVE-2026-33871 CVSS scores: * CVE-2026-33870 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33870 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33870 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33871 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33871 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33871 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33871 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: Upidate to 4.1.132: * CVE-2026-33870: incorrectly parses quoted strings in HTTP/1.1 can lead to request smuggling (bsc#1261031). * CVE-2026-33871: sending a flood of CONTINUATION frames can lead to a denial of service (bsc#1261043). Changelog: * Upgrade to upstream version 4.1.132 * Fixes: * Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop * Make RefCntOpenSslContext.deallocate more robust * HTTP2: Correctly account for padding when decompress * Fix high-order bit aliasing in HttpUtil.validateToken * fix: the precedence of + is higher than >> * AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() * AdaptivePoolingAllocator: call unreserveMatchingBuddy(...) if byteBuf initialization failed * Don't assume CertificateFactory is thread-safe * Fix HttpObjectAggregator leaving connection stuck after 413 with AUTO_READ=false * HTTP2: Ensure preface is flushed in all cases * Fix UnsupportedOperationException in readTrailingHeaders * Fix client_max_window_bits parameter handling in permessage-deflate extension * Native transports: Fix possible fd leak when fcntl fails. * Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported * Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) * Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD * Epoll: Add null checks for safety reasons * Epoll: Use correct value to initialize mmsghdr.msg_namelen * Epoll: Fix support for IP_RECVORIGDSTADDR * AdaptivePoolingAllocator: remove ensureAccessible() call in capacity(int) method * Epoll: setTcpMg5Sig(...) might overflow * JdkZlibDecoder: accumulate decompressed output before firing channelRead * Limit the number of Continuation frames per HTTP2 Headers (bsc#1261043, CVE-2026-33871) * Stricter HTTP/1.1 chunk extension parsing (bsc#1261031, CVE-2026-33870) * rediff * Upgrade to upstream version 4.1.131 * NioDatagramChannel.block(...) does not early return on failure * Support for AWS Libcrypto (AWS-LC) netty-tcnative build * codec-dns: Decompress MX RDATA exchange domain names during DNS record decoding * Buddy allocation for large buffers in adaptive allocator * SslHandler: Only resume on EventLoop if EventLoop is not shutting down already * Wrap ECONNREFUSED in PortUnreachableException for UDP * Bump com.ning:compress-lzf (4.1) * Fix adaptive allocator bug from not noticing failed allocation * Avoid loosing original read exception * Backport multiple adaptive allocator changes * Upgrade to version 4.1.130 * Upgrade to version 2.0.75 Final * No formal changelog present * Needed by netty >= 4.2.11 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1353=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1353=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1353=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.75-150200.3.36.1 * netty-4.1.132-150200.4.43.1 * openSUSE Leap 15.6 (noarch) * netty-tcnative-javadoc-2.0.75-150200.3.36.1 * netty-javadoc-4.1.132-150200.4.43.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.75-150200.3.36.1 * netty-tcnative-debugsource-2.0.75-150200.3.36.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.132-150200.4.43.1 * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.132-150200.4.43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33870.html * https://www.suse.com/security/cve/CVE-2026-33871.html * https://bugzilla.suse.com/show_bug.cgi?id=1261031 * https://bugzilla.suse.com/show_bug.cgi?id=1261043 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:33:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:33:33 -0000 Subject: SUSE-SU-2026:1352-1: important: Security update for expat Message-ID: <177628521396.2815.15211401454018830614@6fd1d05cebf0> # Security update for expat Announcement ID: SUSE-SU-2026:1352-1 Release Date: 2026-04-15T13:36:54Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1352=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150700.3.12.1 * expat-debuginfo-2.7.1-150700.3.12.1 * libexpat1-debuginfo-2.7.1-150700.3.12.1 * expat-2.7.1-150700.3.12.1 * libexpat-devel-2.7.1-150700.3.12.1 * libexpat1-2.7.1-150700.3.12.1 * Basesystem Module 15-SP7 (x86_64) * expat-32bit-debuginfo-2.7.1-150700.3.12.1 * libexpat1-32bit-debuginfo-2.7.1-150700.3.12.1 * libexpat1-32bit-2.7.1-150700.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:33:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:33:43 -0000 Subject: SUSE-SU-2026:1351-1: important: Security update for bind Message-ID: <177628522382.2815.8922317327328959637@6fd1d05cebf0> # Security update for bind Announcement ID: SUSE-SU-2026:1351-1 Release Date: 2026-04-15T13:36:44Z Rating: important References: * bsc#1259202 * bsc#1260567 * bsc#1260568 * bsc#1260569 * bsc#1260805 Cross-References: * CVE-2026-1519 * CVE-2026-3104 * CVE-2026-3119 * CVE-2026-3591 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3104 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3104 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3104 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3119 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3591 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3591 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3591 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for bind fixes the following issues: Security issues: * CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805). * CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567). * CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly (bsc#1260568). * CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569). * use-after-free error in `dns_client_resolve()` triggered by a DNAME response (bsc#1259202). Upgrade to release 9.20.21 Security Fixes: * Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519) [bsc#1260805] * Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104) [bsc#1260567] * Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119) [bsc#1260568] * Fix a stack use-after- return flaw in SIG(0) handling code. (CVE-2026-3591) [bsc#1260569] * Fix a use- after-free error in dns_client_resolve() triggered by a DNAME response. This issue only affected the delv tool and it has now been fixed. [bsc#1259202] Feature Changes: * Record query time for all dnstap responses. * Optimize TCP source port selection on Linux. Bug Fixes: * Fix the handling of key statements defined inside views. * Fix an assertion failure triggered by non-minimal IXFRs. * Fix a crash when retrying a NOTIFY over TCP. * Fetch loop detection improvements. * Randomize nameserver selection. * Fix dnstap logging of forwarded queries. * A stale answer could have been served in case of multiple upstream failures when following CNAME chains. This has been fixed. * Fail DNSKEY validation when supported but invalid DS is found. * Importing an invalid SKR file might corrupt stack memory. * Return FORMERR for queries with the EDNS Client Subnet FAMILY field set to 0. * Fix inbound IXFR performance regression. * Make catalog zone names and member zones' entry names case-insensitive. * Fix implementation of BRID and HHIT record types. * Fix implementation of DSYNC record type. * Fix response policy and catalog zones to work with $INCLUDE directive. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1351=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1351=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * bind-debuginfo-9.20.21-150700.3.18.1 * bind-utils-9.20.21-150700.3.18.1 * bind-utils-debuginfo-9.20.21-150700.3.18.1 * bind-debugsource-9.20.21-150700.3.18.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * bind-9.20.21-150700.3.18.1 * bind-debugsource-9.20.21-150700.3.18.1 * bind-debuginfo-9.20.21-150700.3.18.1 * Server Applications Module 15-SP7 (noarch) * bind-doc-9.20.21-150700.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://www.suse.com/security/cve/CVE-2026-3104.html * https://www.suse.com/security/cve/CVE-2026-3119.html * https://www.suse.com/security/cve/CVE-2026-3591.html * https://bugzilla.suse.com/show_bug.cgi?id=1259202 * https://bugzilla.suse.com/show_bug.cgi?id=1260567 * https://bugzilla.suse.com/show_bug.cgi?id=1260568 * https://bugzilla.suse.com/show_bug.cgi?id=1260569 * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:33:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:33:46 -0000 Subject: SUSE-SU-2026:1350-1: important: Security update for nghttp2 Message-ID: <177628522674.2815.12327867049292156594@6fd1d05cebf0> # Security update for nghttp2 Announcement ID: SUSE-SU-2026:1350-1 Release Date: 2026-04-15T13:36:32Z Rating: important References: * bsc#1259845 Cross-References: * CVE-2026-27135 CVSS scores: * CVE-2026-27135 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27135 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issue: * CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1350=1 openSUSE-SLE-15.6-2026-1350=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1350=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1350=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1350=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libnghttp2-devel-1.40.0-150600.25.5.1 * libnghttp2_asio-devel-1.40.0-150600.25.5.1 * libnghttp2_asio1-1.40.0-150600.25.5.1 * nghttp2-debuginfo-1.40.0-150600.25.5.1 * python3-nghttp2-1.40.0-150600.25.5.1 * nghttp2-python-debugsource-1.40.0-150600.25.5.1 * libnghttp2-14-debuginfo-1.40.0-150600.25.5.1 * nghttp2-debugsource-1.40.0-150600.25.5.1 * python3-nghttp2-debuginfo-1.40.0-150600.25.5.1 * libnghttp2-14-1.40.0-150600.25.5.1 * libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1 * nghttp2-1.40.0-150600.25.5.1 * openSUSE Leap 15.6 (x86_64) * libnghttp2-14-32bit-1.40.0-150600.25.5.1 * libnghttp2_asio1-32bit-1.40.0-150600.25.5.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150600.25.5.1 * libnghttp2_asio1-32bit-debuginfo-1.40.0-150600.25.5.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libnghttp2-14-64bit-1.40.0-150600.25.5.1 * libnghttp2-14-64bit-debuginfo-1.40.0-150600.25.5.1 * libnghttp2_asio1-64bit-debuginfo-1.40.0-150600.25.5.1 * libnghttp2_asio1-64bit-1.40.0-150600.25.5.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libnghttp2_asio-devel-1.40.0-150600.25.5.1 * nghttp2-debuginfo-1.40.0-150600.25.5.1 * libnghttp2_asio1-1.40.0-150600.25.5.1 * nghttp2-debugsource-1.40.0-150600.25.5.1 * libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libnghttp2-devel-1.40.0-150600.25.5.1 * libnghttp2_asio-devel-1.40.0-150600.25.5.1 * libnghttp2_asio1-1.40.0-150600.25.5.1 * nghttp2-debuginfo-1.40.0-150600.25.5.1 * libnghttp2-14-debuginfo-1.40.0-150600.25.5.1 * nghttp2-debugsource-1.40.0-150600.25.5.1 * libnghttp2-14-1.40.0-150600.25.5.1 * libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libnghttp2-14-32bit-1.40.0-150600.25.5.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150600.25.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libnghttp2-devel-1.40.0-150600.25.5.1 * libnghttp2_asio-devel-1.40.0-150600.25.5.1 * libnghttp2_asio1-1.40.0-150600.25.5.1 * nghttp2-debuginfo-1.40.0-150600.25.5.1 * libnghttp2-14-debuginfo-1.40.0-150600.25.5.1 * nghttp2-debugsource-1.40.0-150600.25.5.1 * libnghttp2-14-1.40.0-150600.25.5.1 * libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libnghttp2-14-32bit-1.40.0-150600.25.5.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150600.25.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27135.html * https://bugzilla.suse.com/show_bug.cgi?id=1259845 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:34:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:34:10 -0000 Subject: SUSE-SU-2026:1349-1: important: Security update for python311 Message-ID: <177628525078.2815.10401872310602179713@6fd1d05cebf0> # Security update for python311 Announcement ID: SUSE-SU-2026:1349-1 Release Date: 2026-04-15T13:36:10Z Rating: important References: * bsc#1252974 * bsc#1254400 * bsc#1254401 * bsc#1254997 * bsc#1257029 * bsc#1257031 * bsc#1257042 * bsc#1257046 * bsc#1257181 * bsc#1259240 * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-11468 * CVE-2025-12084 * CVE-2025-13462 * CVE-2025-13836 * CVE-2025-13837 * CVE-2025-15282 * CVE-2025-6075 * CVE-2026-0672 * CVE-2026-0865 * CVE-2026-1299 * CVE-2026-2297 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-11468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-11468 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-15282 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2025-15282 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-6075 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0672 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-0672 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-0865 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-0865 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * Updated to Python 3.11.15 * CVE-2025-6075: If the value passed to os.path.expandvars() is user- controlled a performance degradation is possible when expanding environment variables (bsc#1252974). * CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). * CVE-2025-12084: cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service (bsc#1254997). * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2025-13836: When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length (bsc#1254400). * CVE-2025-13837: When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues (bsc#1254401). * CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). * CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). * CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). * CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in `BytesGenerator` (bsc#1257181). * CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1349=1 openSUSE-SLE-15.6-2026-1349=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1349=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1349=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1349=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1349=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python311-tk-debuginfo-3.11.15-150600.3.53.1 * python311-testsuite-3.11.15-150600.3.53.1 * python311-debugsource-3.11.15-150600.3.53.1 * python311-base-3.11.15-150600.3.53.1 * python311-curses-3.11.15-150600.3.53.1 * python311-tk-3.11.15-150600.3.53.1 * libpython3_11-1_0-3.11.15-150600.3.53.1 * python311-base-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * python311-testsuite-debuginfo-3.11.15-150600.3.53.1 * python311-doc-devhelp-3.11.15-150600.3.53.1 * python311-doc-3.11.15-150600.3.53.1 * python311-tools-3.11.15-150600.3.53.1 * python311-curses-debuginfo-3.11.15-150600.3.53.1 * python311-3.11.15-150600.3.53.1 * python311-debuginfo-3.11.15-150600.3.53.1 * python311-idle-3.11.15-150600.3.53.1 * python311-devel-3.11.15-150600.3.53.1 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1 * python311-dbm-debuginfo-3.11.15-150600.3.53.1 * python311-dbm-3.11.15-150600.3.53.1 * openSUSE Leap 15.6 (x86_64) * libpython3_11-1_0-32bit-debuginfo-3.11.15-150600.3.53.1 * python311-32bit-debuginfo-3.11.15-150600.3.53.1 * python311-32bit-3.11.15-150600.3.53.1 * python311-base-32bit-3.11.15-150600.3.53.1 * python311-base-32bit-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-32bit-3.11.15-150600.3.53.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python311-base-64bit-3.11.15-150600.3.53.1 * python311-64bit-3.11.15-150600.3.53.1 * python311-64bit-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-64bit-3.11.15-150600.3.53.1 * libpython3_11-1_0-64bit-debuginfo-3.11.15-150600.3.53.1 * python311-base-64bit-debuginfo-3.11.15-150600.3.53.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-3.11.15-150600.3.53.1 * python311-base-3.11.15-150600.3.53.1 * python311-base-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python311-tk-debuginfo-3.11.15-150600.3.53.1 * python311-3.11.15-150600.3.53.1 * python311-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * python311-idle-3.11.15-150600.3.53.1 * python311-tk-3.11.15-150600.3.53.1 * python311-tools-3.11.15-150600.3.53.1 * python311-devel-3.11.15-150600.3.53.1 * python311-debugsource-3.11.15-150600.3.53.1 * python311-curses-3.11.15-150600.3.53.1 * python311-dbm-debuginfo-3.11.15-150600.3.53.1 * python311-dbm-3.11.15-150600.3.53.1 * python311-curses-debuginfo-3.11.15-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python311-tk-debuginfo-3.11.15-150600.3.53.1 * python311-3.11.15-150600.3.53.1 * python311-dbm-debuginfo-3.11.15-150600.3.53.1 * python311-debuginfo-3.11.15-150600.3.53.1 * python311-idle-3.11.15-150600.3.53.1 * python311-tk-3.11.15-150600.3.53.1 * python311-tools-3.11.15-150600.3.53.1 * python311-devel-3.11.15-150600.3.53.1 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-3.11.15-150600.3.53.1 * python311-dbm-3.11.15-150600.3.53.1 * python311-debugsource-3.11.15-150600.3.53.1 * python311-base-3.11.15-150600.3.53.1 * python311-curses-3.11.15-150600.3.53.1 * python311-base-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * python311-curses-debuginfo-3.11.15-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python311-tk-debuginfo-3.11.15-150600.3.53.1 * python311-3.11.15-150600.3.53.1 * python311-dbm-debuginfo-3.11.15-150600.3.53.1 * python311-debuginfo-3.11.15-150600.3.53.1 * python311-idle-3.11.15-150600.3.53.1 * python311-tk-3.11.15-150600.3.53.1 * python311-tools-3.11.15-150600.3.53.1 * python311-devel-3.11.15-150600.3.53.1 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-3.11.15-150600.3.53.1 * python311-dbm-3.11.15-150600.3.53.1 * python311-debugsource-3.11.15-150600.3.53.1 * python311-base-3.11.15-150600.3.53.1 * python311-curses-3.11.15-150600.3.53.1 * python311-base-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * python311-curses-debuginfo-3.11.15-150600.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11468.html * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://www.suse.com/security/cve/CVE-2025-15282.html * https://www.suse.com/security/cve/CVE-2025-6075.html * https://www.suse.com/security/cve/CVE-2026-0672.html * https://www.suse.com/security/cve/CVE-2026-0865.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1252974 * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 * https://bugzilla.suse.com/show_bug.cgi?id=1257029 * https://bugzilla.suse.com/show_bug.cgi?id=1257031 * https://bugzilla.suse.com/show_bug.cgi?id=1257042 * https://bugzilla.suse.com/show_bug.cgi?id=1257046 * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:34:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:34:20 -0000 Subject: SUSE-SU-2026:1347-1: important: Security update for vim Message-ID: <177628526015.2815.2903773784188986961@6fd1d05cebf0> # Security update for vim Announcement ID: SUSE-SU-2026:1347-1 Release Date: 2026-04-15T12:26:47Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Update to version 9.2.0280. * CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). * CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). * CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1347=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1347=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gvim-debuginfo-9.2.0280-17.62.1 * vim-9.2.0280-17.62.1 * vim-debugsource-9.2.0280-17.62.1 * gvim-9.2.0280-17.62.1 * vim-debuginfo-9.2.0280-17.62.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * vim-data-9.2.0280-17.62.1 * vim-data-common-9.2.0280-17.62.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * gvim-debuginfo-9.2.0280-17.62.1 * vim-9.2.0280-17.62.1 * vim-debugsource-9.2.0280-17.62.1 * gvim-9.2.0280-17.62.1 * vim-debuginfo-9.2.0280-17.62.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * vim-data-9.2.0280-17.62.1 * vim-data-common-9.2.0280-17.62.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:34:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 15 Apr 2026 20:34:32 -0000 Subject: SUSE-SU-2026:1345-1: important: Security update for python36 Message-ID: <177628527250.2815.9562459745886733217@6fd1d05cebf0> # Security update for python36 Announcement ID: SUSE-SU-2026:1345-1 Release Date: 2026-04-15T12:04:29Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1345=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1345=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpython3_6m1_0-32bit-3.6.15-108.1 * python36-devel-3.6.15-108.1 * python36-debugsource-3.6.15-108.1 * python36-base-3.6.15-108.1 * libpython3_6m1_0-debuginfo-3.6.15-108.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-108.1 * python36-3.6.15-108.1 * python36-debuginfo-3.6.15-108.1 * python36-base-debuginfo-3.6.15-108.1 * libpython3_6m1_0-3.6.15-108.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python36-devel-3.6.15-108.1 * python36-debugsource-3.6.15-108.1 * python36-base-3.6.15-108.1 * libpython3_6m1_0-debuginfo-3.6.15-108.1 * python36-3.6.15-108.1 * python36-debuginfo-3.6.15-108.1 * python36-base-debuginfo-3.6.15-108.1 * libpython3_6m1_0-3.6.15-108.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpython3_6m1_0-32bit-3.6.15-108.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-108.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:30:07 -0000 Subject: SUSE-SU-2026:21112-1: moderate: Security update for pam Message-ID: <177632820736.5138.2849732670031171150@6fd1d05cebf0> # Security update for pam Announcement ID: SUSE-SU-2026:21112-1 Release Date: 2026-04-14T14:46:36Z Rating: moderate References: * bsc#1232234 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for pam fixes the following issue: * CVE-2024-10041: libpam: vulnerable to read hashed password (bsc#1232234). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-556=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * pam-extra-debuginfo-1.7.1-160000.3.1 * pam-extra-1.7.1-160000.3.1 * pam-debuginfo-1.7.1-160000.3.1 * pam-1.7.1-160000.3.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x) * pam-debugsource-1.7.1-160000.3.1 * pam-full-src-debugsource-1.7.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1232234 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:30:13 -0000 Subject: SUSE-SU-2026:21111-1: important: Security update for cockpit-subscriptions Message-ID: <177632821330.5138.7346434226076797101@6fd1d05cebf0> # Security update for cockpit-subscriptions Announcement ID: SUSE-SU-2026:21111-1 Release Date: 2026-04-14T12:13:04Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-subscriptions fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-555=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-subscriptions-12.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:30:37 -0000 Subject: SUSE-SU-2026:21107-1: important: Security update for openssl-3 Message-ID: <177632823715.5138.1375389834411720047@6fd1d05cebf0> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:21107-1 Release Date: 2026-04-13T16:22:41Z Rating: important References: * bsc#1259652 * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 * bsc#1261678 * jsc#PED-15724 Cross-References: * CVE-2026-2673 * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-28390 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-2673 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-2673 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2673 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for openssl-3 fixes the following issues: Security issues fixed: * CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group (bsc#1259652). * CVE-2026-28387: potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL pointer dereference when processing a delta (bsc#1260442). * CVE-2026-28389: possible NULL pointer dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-31789: heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Other updates and bugfixes: * Enable MD2 in legacy provider (jsc#PED-15724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-547=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libopenssl3-3.5.0-160000.7.1 * libopenssl-3-fips-provider-debuginfo-3.5.0-160000.7.1 * openssl-3-debugsource-3.5.0-160000.7.1 * libopenssl-3-fips-provider-3.5.0-160000.7.1 * openssl-3-debuginfo-3.5.0-160000.7.1 * openssl-3-3.5.0-160000.7.1 * libopenssl3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-devel-3.5.0-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2673.html * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1259652 * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 * https://jira.suse.com/browse/PED-15724 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:30:45 -0000 Subject: SUSE-SU-2026:21106-1: critical: Security update for cockpit Message-ID: <177632824539.5138.9562101108114817840@6fd1d05cebf0> # Security update for cockpit Announcement ID: SUSE-SU-2026:21106-1 Release Date: 2026-04-13T13:58:37Z Rating: critical References: * bsc#1261829 Cross-References: * CVE-2026-4631 CVSS scores: * CVE-2026-4631 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4631 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit fixes the following issues: Changes in cockpit: * CVE-2026-4631: Avoid ssh command injection that could be used to cause remote code execution (bsc#1261829) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-545=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * cockpit-ws-354-160000.3.1 * cockpit-354-160000.3.1 * cockpit-ws-debuginfo-354-160000.3.1 * cockpit-ws-selinux-354-160000.3.1 * cockpit-debugsource-354-160000.3.1 * SUSE Linux Micro 6.2 (noarch) * cockpit-selinux-354-160000.3.1 * cockpit-storaged-354-160000.3.1 * cockpit-networkmanager-354-160000.3.1 * cockpit-bridge-354-160000.3.1 * cockpit-system-354-160000.3.1 * cockpit-kdump-354-160000.3.1 * cockpit-firewalld-354-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4631.html * https://bugzilla.suse.com/show_bug.cgi?id=1261829 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:31:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:31:04 -0000 Subject: SUSE-SU-2026:21104-1: important: Security update for python313 Message-ID: <177632826485.5138.12308998354550109331@6fd1d05cebf0> # Security update for python313 Announcement ID: SUSE-SU-2026:21104-1 Release Date: 2026-04-13T09:55:48Z Rating: important References: * bsc#1257181 * bsc#1259240 * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 * jsc#PED-15850 Cross-References: * CVE-2025-13462 * CVE-2026-1299 * CVE-2026-2297 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for python313 fixes the following issues: Update to version 3.13.13. * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-539=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * python313-base-debuginfo-3.13.13-160000.1.1 * python313-base-3.13.13-160000.1.1 * python313-curses-3.13.13-160000.1.1 * python313-core-debugsource-3.13.13-160000.1.1 * libpython3_13-1_0-3.13.13-160000.1.1 * libpython3_13-1_0-debuginfo-3.13.13-160000.1.1 * python313-3.13.13-160000.1.1 * python313-debugsource-3.13.13-160000.1.1 * python313-curses-debuginfo-3.13.13-160000.1.1 * python313-debuginfo-3.13.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 * https://jira.suse.com/browse/PED-15850 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:31:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:31:32 -0000 Subject: SUSE-SU-2026:21102-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177632829290.5138.2509147520435571614@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21102-1 Release Date: 2026-04-13T09:00:08Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-538=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:31:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:31:44 -0000 Subject: SUSE-SU-2026:21100-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177632830434.5138.14662570057290878149@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21100-1 Release Date: 2026-04-13T03:16:46Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-534=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_3-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:32:00 -0000 Subject: SUSE-SU-2026:21099-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177632832011.5138.3439871853932115905@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21099-1 Release Date: 2026-04-13T02:44:51Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-533=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-7-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:32:06 -0000 Subject: SUSE-SU-2026:21098-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177632832628.5138.17615246868241987221@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21098-1 Release Date: 2026-04-13T02:13:48Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-532=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_26-default-debuginfo-2-160000.1.1 * kernel-livepatch-SLE16_Update_5-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:32:26 -0000 Subject: SUSE-SU-2026:21096-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177632834669.5138.13551827823561946018@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21096-1 Release Date: 2026-04-11T07:40:52Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-530=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-9-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-9-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-9-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:32:35 -0000 Subject: SUSE-SU-2026:21095-1: moderate: Security update for sqlite3 Message-ID: <177632835562.5138.5272474541245101520@6fd1d05cebf0> # Security update for sqlite3 Announcement ID: SUSE-SU-2026:21095-1 Release Date: 2026-04-10T19:09:48Z Rating: moderate References: * bsc#1248586 * bsc#1252217 * bsc#1254670 * bsc#1259619 Cross-References: * CVE-2025-70873 * CVE-2025-7709 CVSS scores: * CVE-2025-70873 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-70873 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-70873 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-7709 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-7709 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2025-7709 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for sqlite3 fixes the following issues: Update sqlite3 to version 3.51.3: Security issues: * CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). * CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Non security issue: * sqlite3 won't build when using --with icu (bsc#1248586). Changelog: Update to version 3.51.3: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug * Other minor bug fixes. Update to version 3.51.2: * Fix an obscure deadlock in the new broken-posix-lock detection logic. * Fix multiple problems in the EXISTS-to-JOIN optimization. Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release Update to version 3.51.0: * New macros in sqlite3.h: \- SQLITE_SCM_BRANCH -> the name of the branch from which the source code is taken. \- SQLITE_SCM_TAGS -> space-separated list of tags on the source code check-in. \- SQLITE_SCM_DATETIME -> ISO-8601 date and time of the source * Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the existing json_each() and json_tree() functions except that they return JSONB for the "value" column when the "type" is 'array' or 'object'. * The carray and percentile extensions are now built into the amalgamation, though they are disabled by default and must be activated at compile-time using the -DSQLITE_ENABLE_CARRAY and/or -DSQLITE_ENABLE_PERCENTILE options, respectively. * Enhancements to TCL Interface: \- Add the -asdict flag to the eval command to have it set the row data as a dict instead of an array. \- User-defined functions may now break to return an SQL NULL. * CLI enhancements: \- Increase the precision of ".timer" to microseconds. \- Enhance the "box" and "column" formatting modes to deal with double-wide characters. \- The ".imposter" command provides read-only imposter tables that work with VACUUM and do not require the --unsafe-testing option. \- Add the --ifexists option to the CLI command-line option and to the .open command. \- Limit columns widths set by the ".width" command to 30,000 or less, as there is not good reason to have wider columns, but supporting wider columns provides opportunity to malefactors. * Performance enhancements: \- Use fewer CPU cycles to commit a read transaction. \- Early detection of joins that return no rows due to one or more of the tables containing no rows. \- Avoid evaluation of scalar subqueries if the result of the subquery does not change the result of the overall expression. \- Faster window function queries when using "BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y. * Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2(). * Add the sqlite3_set_errmsg() API for use by extensions. * Add the sqlite3_db_status64() API, which works just like the existing sqlite3_db_status() API except that it returns 64-bit results. * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and sqlite3_db_status64() interfaces. * In the session extension add the sqlite3changeset_apply_v3() interface. * For the built-in printf() and the format() SQL function, omit the leading '-' from negative floating point numbers if the '+' flag is omitted and the "#" flag is present and all displayed digits are '0'. Use '%#f' or similar to avoid outputs like '-0.00' and instead show just '0.00'. * Improved error messages generated by FTS5. * Enforce STRICT typing on computed columns. * Improved support for VxWorks * JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be 32-bit but creating one's own 64-bit build is now as simple as running "make". * Improved resistance to database corruption caused by an application breaking Posix advisory locks using close(). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-529=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * sqlite3-debugsource-3.51.3-160000.1.1 * sqlite3-debuginfo-3.51.3-160000.1.1 * libsqlite3-0-debuginfo-3.51.3-160000.1.1 * libsqlite3-0-3.51.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-70873.html * https://www.suse.com/security/cve/CVE-2025-7709.html * https://bugzilla.suse.com/show_bug.cgi?id=1248586 * https://bugzilla.suse.com/show_bug.cgi?id=1252217 * https://bugzilla.suse.com/show_bug.cgi?id=1254670 * https://bugzilla.suse.com/show_bug.cgi?id=1259619 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:32:38 -0000 Subject: SUSE-SU-2026:21094-1: moderate: Security update for pcre2 Message-ID: <177632835845.5138.11676523126791236370@6fd1d05cebf0> # Security update for pcre2 Announcement ID: SUSE-SU-2026:21094-1 Release Date: 2026-04-10T18:24:31Z Rating: moderate References: * bsc#1248842 Cross-References: * CVE-2025-58050 CVSS scores: * CVE-2025-58050 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-58050 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2025-58050 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58050 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for pcre2 fixes the following issue: * CVE-2025-58050: integer overflow leads to heap buffer overread in match_ref due to missing boundary restoration in SCS (bsc#1248842). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-528=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libpcre2-8-0-10.45-160000.3.1 * libpcre2-8-0-debuginfo-10.45-160000.3.1 * pcre2-debugsource-10.45-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58050.html * https://bugzilla.suse.com/show_bug.cgi?id=1248842 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:32:48 -0000 Subject: SUSE-SU-2026:1376-1: important: Security update for python310 Message-ID: <177632836853.5138.2230989173541899895@6fd1d05cebf0> # Security update for python310 Announcement ID: SUSE-SU-2026:1376-1 Release Date: 2026-04-15T19:07:00Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for python310 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1376=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1376=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1376=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1376=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1376=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1376=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python310-tk-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-testsuite-3.10.20-150400.4.107.1 * python310-doc-3.10.20-150400.4.107.1 * python310-base-3.10.20-150400.4.107.1 * python310-doc-devhelp-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-testsuite-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * openSUSE Leap 15.4 (x86_64) * python310-base-32bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-32bit-3.10.20-150400.4.107.1 * python310-base-32bit-debuginfo-3.10.20-150400.4.107.1 * python310-32bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-32bit-debuginfo-3.10.20-150400.4.107.1 * python310-32bit-debuginfo-3.10.20-150400.4.107.1 * openSUSE Leap 15.4 (aarch64_ilp32) * python310-64bit-debuginfo-3.10.20-150400.4.107.1 * python310-base-64bit-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-64bit-debuginfo-3.10.20-150400.4.107.1 * python310-base-64bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-64bit-3.10.20-150400.4.107.1 * python310-64bit-3.10.20-150400.4.107.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python310-tk-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-testsuite-3.10.20-150400.4.107.1 * python310-doc-3.10.20-150400.4.107.1 * python310-base-3.10.20-150400.4.107.1 * python310-doc-devhelp-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-testsuite-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * openSUSE Leap 15.6 (x86_64) * python310-base-32bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-32bit-3.10.20-150400.4.107.1 * python310-base-32bit-debuginfo-3.10.20-150400.4.107.1 * python310-32bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-32bit-debuginfo-3.10.20-150400.4.107.1 * python310-32bit-debuginfo-3.10.20-150400.4.107.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python310-base-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * python310-tk-debuginfo-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * python310-base-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * python310-tk-debuginfo-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * python310-base-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * python310-tk-debuginfo-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python310-base-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * python310-tk-debuginfo-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:33:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 08:33:00 -0000 Subject: SUSE-SU-2026:1375-1: important: Security update for openssl-3 Message-ID: <177632838074.5138.2636094087864364733@6fd1d05cebf0> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1375-1 Release Date: 2026-04-15T17:25:51Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 * bsc#1261678 * jsc#PED-15724 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-28390 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities and contains one feature can now be installed. ## Description: This update for openssl-3 fixes the following issues: Security issues fixed: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL pointer dereference when processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Other updates and bugfixes: * Enable MD2 in legacy provider (jsc#PED-15724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1375=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenssl-3-fips-provider-debuginfo-3.2.3-150700.5.31.1 * libopenssl3-3.2.3-150700.5.31.1 * libopenssl-3-devel-3.2.3-150700.5.31.1 * openssl-3-3.2.3-150700.5.31.1 * libopenssl-3-fips-provider-3.2.3-150700.5.31.1 * libopenssl3-debuginfo-3.2.3-150700.5.31.1 * openssl-3-debuginfo-3.2.3-150700.5.31.1 * openssl-3-debugsource-3.2.3-150700.5.31.1 * Basesystem Module 15-SP7 (x86_64) * libopenssl-3-fips-provider-32bit-3.2.3-150700.5.31.1 * libopenssl3-32bit-debuginfo-3.2.3-150700.5.31.1 * libopenssl3-32bit-3.2.3-150700.5.31.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.2.3-150700.5.31.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 * https://jira.suse.com/browse/PED-15724 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 12:30:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 12:30:06 -0000 Subject: SUSE-SU-2026:1378-1: important: Security update for kea Message-ID: <177634260611.5413.11433101499685390731@2ec35c3f4c39> # Security update for kea Announcement ID: SUSE-SU-2026:1378-1 Release Date: 2026-04-16T07:19:46Z Rating: important References: * bsc#1260380 Cross-References: * CVE-2026-3608 CVSS scores: * CVE-2026-3608 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3608 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3608 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for kea fixes the following issues: Update to release 2.6.5: * A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. (CVE-2026-3608) [bsc#1260380] * A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry. * UNIX sockets are now created as group-writable. * Corrected an issue in logging configuration when parsing "syslog:" * Earlier Kea versions could crash when handling misconfigured global reservations. This has been fixed. * Support for recent versions of Sphinx has been added. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1378=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1378=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-kea-2.6.5-150700.3.6.1 * kea-debugsource-2.6.5-150700.3.6.1 * kea-debuginfo-2.6.5-150700.3.6.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libkea-log61-2.6.5-150700.3.6.1 * libkea-dhcp_ddns57-2.6.5-150700.3.6.1 * libkea-asiolink72-debuginfo-2.6.5-150700.3.6.1 * libkea-hooks102-2.6.5-150700.3.6.1 * libkea-dhcp++92-debuginfo-2.6.5-150700.3.6.1 * libkea-log61-debuginfo-2.6.5-150700.3.6.1 * libkea-pgsql71-2.6.5-150700.3.6.1 * libkea-cfgclient67-2.6.5-150700.3.6.1 * libkea-util-io0-debuginfo-2.6.5-150700.3.6.1 * libkea-cfgclient67-debuginfo-2.6.5-150700.3.6.1 * libkea-dhcpsrv112-2.6.5-150700.3.6.1 * libkea-dhcp_ddns57-debuginfo-2.6.5-150700.3.6.1 * libkea-eval69-2.6.5-150700.3.6.1 * kea-debuginfo-2.6.5-150700.3.6.1 * libkea-cc69-2.6.5-150700.3.6.1 * libkea-cc69-debuginfo-2.6.5-150700.3.6.1 * libkea-cryptolink50-debuginfo-2.6.5-150700.3.6.1 * libkea-dns++57-2.6.5-150700.3.6.1 * libkea-dns++57-debuginfo-2.6.5-150700.3.6.1 * libkea-tcp19-debuginfo-2.6.5-150700.3.6.1 * libkea-hooks102-debuginfo-2.6.5-150700.3.6.1 * libkea-exceptions33-debuginfo-2.6.5-150700.3.6.1 * kea-2.6.5-150700.3.6.1 * libkea-util87-2.6.5-150700.3.6.1 * libkea-cryptolink50-2.6.5-150700.3.6.1 * libkea-eval69-debuginfo-2.6.5-150700.3.6.1 * libkea-pgsql71-debuginfo-2.6.5-150700.3.6.1 * libkea-d2srv47-debuginfo-2.6.5-150700.3.6.1 * libkea-http72-2.6.5-150700.3.6.1 * kea-debugsource-2.6.5-150700.3.6.1 * libkea-asiodns49-debuginfo-2.6.5-150700.3.6.1 * libkea-stats41-debuginfo-2.6.5-150700.3.6.1 * libkea-util87-debuginfo-2.6.5-150700.3.6.1 * libkea-asiolink72-2.6.5-150700.3.6.1 * libkea-exceptions33-2.6.5-150700.3.6.1 * libkea-mysql71-2.6.5-150700.3.6.1 * kea-devel-2.6.5-150700.3.6.1 * libkea-d2srv47-2.6.5-150700.3.6.1 * libkea-process76-2.6.5-150700.3.6.1 * libkea-dhcp++92-2.6.5-150700.3.6.1 * libkea-http72-debuginfo-2.6.5-150700.3.6.1 * libkea-mysql71-debuginfo-2.6.5-150700.3.6.1 * libkea-database62-debuginfo-2.6.5-150700.3.6.1 * kea-hooks-debuginfo-2.6.5-150700.3.6.1 * libkea-process76-debuginfo-2.6.5-150700.3.6.1 * libkea-dhcpsrv112-debuginfo-2.6.5-150700.3.6.1 * libkea-util-io0-2.6.5-150700.3.6.1 * libkea-stats41-2.6.5-150700.3.6.1 * libkea-tcp19-2.6.5-150700.3.6.1 * libkea-asiodns49-2.6.5-150700.3.6.1 * libkea-database62-2.6.5-150700.3.6.1 * kea-hooks-2.6.5-150700.3.6.1 * Server Applications Module 15-SP7 (noarch) * kea-doc-2.6.5-150700.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3608.html * https://bugzilla.suse.com/show_bug.cgi?id=1260380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:30:17 -0000 Subject: SUSE-SU-2026:1400-1: important: Security update for python-PyJWT Message-ID: <177635701716.5532.13197987404776574637@6fd1d05cebf0> # Security update for python-PyJWT Announcement ID: SUSE-SU-2026:1400-1 Release Date: 2026-04-16T10:47:59Z Rating: important References: * bsc#1259616 Cross-References: * CVE-2026-32597 CVSS scores: * CVE-2026-32597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyJWT fixes the following issues: * CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1400=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1400=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1400=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1400=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1400=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1400=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1400=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1400=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1400=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1400=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1400=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1400=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * Basesystem Module 15-SP7 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32597.html * https://bugzilla.suse.com/show_bug.cgi?id=1259616 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:30:20 -0000 Subject: SUSE-SU-2026:1399-1: important: Security update for cups Message-ID: <177635702058.5532.4579356558501337440@6fd1d05cebf0> # Security update for cups Announcement ID: SUSE-SU-2026:1399-1 Release Date: 2026-04-16T10:45:12Z Rating: important References: * bsc#1261568 Cross-References: * CVE-2026-34990 CVSS scores: * CVE-2026-34990 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34990 ( NVD ): 5.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34990 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for cups fixes the following issue: * CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1399=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1399=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1399=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1399=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1399=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1399=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1399=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1399=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1399=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1399=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1399=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1399=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1399=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1399=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1399=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1399=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1399=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1399=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1399=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1399=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * Desktop Applications Module 15-SP7 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cups-ddk-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34990.html * https://bugzilla.suse.com/show_bug.cgi?id=1261568 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:30:33 -0000 Subject: SUSE-SU-2026:1398-1: important: Security update for freerdp Message-ID: <177635703346.5532.18215990672172041788@6fd1d05cebf0> # Security update for freerdp Announcement ID: SUSE-SU-2026:1398-1 Release Date: 2026-04-16T10:40:51Z Rating: important References: * bsc#1257981 * bsc#1258979 * bsc#1258982 * bsc#1258985 * bsc#1259653 * bsc#1259679 * bsc#1259686 * bsc#1261848 Cross-References: * CVE-2026-24491 * CVE-2026-26271 * CVE-2026-26955 * CVE-2026-26965 * CVE-2026-31806 * CVE-2026-31883 * CVE-2026-31885 CVSS scores: * CVE-2026-24491 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24491 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24491 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-24491 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26271 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves seven vulnerabilities and has one security fix can now be installed. ## Description: This update for freerdp fixes the following issues: Security fixes: * CVE-2026-26271: Buffer overread in FreeRDP icon processing (bsc#1258979). * CVE-2026-26955: Out-of-Bounds write in ClearCodec surface command handler (bsc#1258982). * CVE-2026-26965: Out-of-bounds write in planar bitmap RLE decompression (bsc#1258985). * CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution (bsc#1259653). * CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overwrite (bsc#1259679). * CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686). Other changes for freerdp: * Update CVE-2026-24491 patch and check the channel pointer before reset, avoiding subtle crash (bsc#1261848). * Make the calling of `nsc_process_message` compatible with the fix for CVE-2026-31806 (bsc#1261848). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1398=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1398=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp-wayland-3.10.3-150700.3.9.1 * freerdp-server-debuginfo-3.10.3-150700.3.9.1 * freerdp-debuginfo-3.10.3-150700.3.9.1 * freerdp-devel-3.10.3-150700.3.9.1 * freerdp-wayland-debuginfo-3.10.3-150700.3.9.1 * freerdp-proxy-3.10.3-150700.3.9.1 * freerdp-server-3.10.3-150700.3.9.1 * libuwac0-0-3.10.3-150700.3.9.1 * freerdp-proxy-debuginfo-3.10.3-150700.3.9.1 * libuwac0-0-debuginfo-3.10.3-150700.3.9.1 * freerdp-3.10.3-150700.3.9.1 * freerdp-debugsource-3.10.3-150700.3.9.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * freerdp-sdl-3.10.3-150700.3.9.1 * freerdp-proxy-3.10.3-150700.3.9.1 * libfreerdp3-3-3.10.3-150700.3.9.1 * libfreerdp-server-proxy3-3-debuginfo-3.10.3-150700.3.9.1 * libwinpr3-3-3.10.3-150700.3.9.1 * winpr-devel-3.10.3-150700.3.9.1 * librdtk0-0-debuginfo-3.10.3-150700.3.9.1 * libfreerdp3-3-debuginfo-3.10.3-150700.3.9.1 * freerdp-3.10.3-150700.3.9.1 * freerdp-server-debuginfo-3.10.3-150700.3.9.1 * freerdp-debuginfo-3.10.3-150700.3.9.1 * freerdp-devel-3.10.3-150700.3.9.1 * freerdp-sdl-debuginfo-3.10.3-150700.3.9.1 * librdtk0-0-3.10.3-150700.3.9.1 * freerdp-proxy-debuginfo-3.10.3-150700.3.9.1 * freerdp-proxy-plugins-3.10.3-150700.3.9.1 * freerdp-server-3.10.3-150700.3.9.1 * freerdp-proxy-plugins-debuginfo-3.10.3-150700.3.9.1 * libfreerdp-server-proxy3-3-3.10.3-150700.3.9.1 * libwinpr3-3-debuginfo-3.10.3-150700.3.9.1 * freerdp-debugsource-3.10.3-150700.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24491.html * https://www.suse.com/security/cve/CVE-2026-26271.html * https://www.suse.com/security/cve/CVE-2026-26955.html * https://www.suse.com/security/cve/CVE-2026-26965.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31883.html * https://www.suse.com/security/cve/CVE-2026-31885.html * https://bugzilla.suse.com/show_bug.cgi?id=1257981 * https://bugzilla.suse.com/show_bug.cgi?id=1258979 * https://bugzilla.suse.com/show_bug.cgi?id=1258982 * https://bugzilla.suse.com/show_bug.cgi?id=1258985 * https://bugzilla.suse.com/show_bug.cgi?id=1259653 * https://bugzilla.suse.com/show_bug.cgi?id=1259679 * https://bugzilla.suse.com/show_bug.cgi?id=1259686 * https://bugzilla.suse.com/show_bug.cgi?id=1261848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:30:39 -0000 Subject: SUSE-SU-2026:1396-1: important: Security update for plexus-utils Message-ID: <177635703921.5532.14236649066644777337@6fd1d05cebf0> # Security update for plexus-utils Announcement ID: SUSE-SU-2026:1396-1 Release Date: 2026-04-16T10:35:20Z Rating: important References: * bsc#1260588 Cross-References: * CVE-2025-67030 CVSS scores: * CVE-2025-67030 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-67030 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for plexus-utils fixes the following issue: Security fixes: * CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588). Update to version 4.0.2: * Bug Fixes * Specify /D for cmd.exe to bypass the Command Processor Autorun folder * Dependency updates * Bump org.codehaus.plexus:plexus from 17 to 18 * Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1396=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1396=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1396=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1396=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1396=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1396=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1396=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1396=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1396=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1396=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1396=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1396=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * openSUSE Leap 15.6 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * plexus-utils-javadoc-4.0.2-150200.3.14.1 * Development Tools Module 15-SP7 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * plexus-utils-4.0.2-150200.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67030.html * https://bugzilla.suse.com/show_bug.cgi?id=1260588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:30:42 -0000 Subject: SUSE-SU-2026:1395-1: important: Security update for azure-storage-azcopy Message-ID: <177635704235.5532.9081921159969967581@6fd1d05cebf0> # Security update for azure-storage-azcopy Announcement ID: SUSE-SU-2026:1395-1 Release Date: 2026-04-16T10:27:27Z Rating: important References: * bsc#1260307 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for azure-storage-azcopy fixes the following issues: * CVE-2026-33186: Authorization bypass in grpc-go due to improper validation of the HTTP/2 `:path` pseudo-header (bsc#1260307). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1395=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1395=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1395=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-1395=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1395=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 * Public Cloud Module 15-SP6 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 * Public Cloud Module 15-SP7 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260307 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:30:47 -0000 Subject: SUSE-SU-2026:1394-1: important: Security update for corosync Message-ID: <177635704721.5532.12790431565446743979@6fd1d05cebf0> # Security update for corosync Announcement ID: SUSE-SU-2026:1394-1 Release Date: 2026-04-16T10:22:10Z Rating: important References: * bsc#1261299 * bsc#1261300 Cross-References: * CVE-2026-35091 * CVE-2026-35092 CVSS scores: * CVE-2026-35091 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35091 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35091 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35092 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35092 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for corosync fixes the following issues: * CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet (bsc#1261299). * CVE-2026-35092: Denial of Service via integer overflow in join message validation (bsc#1261300). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1394=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1394=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-1394=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-1394=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1394=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-1394=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * openSUSE Leap 15.3 (x86_64) * libquorum5-32bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-32bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-32bit-2.4.6-150300.12.16.1 * libtotem_pg5-32bit-2.4.6-150300.12.16.1 * libcorosync_common4-32bit-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-32bit-2.4.6-150300.12.16.1 * libcfg6-32bit-2.4.6-150300.12.16.1 * libcpg4-32bit-debuginfo-2.4.6-150300.12.16.1 * libquorum5-32bit-2.4.6-150300.12.16.1 * libcmap4-32bit-2.4.6-150300.12.16.1 * libcmap4-32bit-debuginfo-2.4.6-150300.12.16.1 * libtotem_pg5-32bit-debuginfo-2.4.6-150300.12.16.1 * libvotequorum8-32bit-2.4.6-150300.12.16.1 * libvotequorum8-32bit-debuginfo-2.4.6-150300.12.16.1 * libcfg6-32bit-debuginfo-2.4.6-150300.12.16.1 * libcpg4-32bit-2.4.6-150300.12.16.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libcorosync_common4-64bit-2.4.6-150300.12.16.1 * libcpg4-64bit-2.4.6-150300.12.16.1 * libtotem_pg5-64bit-2.4.6-150300.12.16.1 * libtotem_pg5-64bit-debuginfo-2.4.6-150300.12.16.1 * libquorum5-64bit-debuginfo-2.4.6-150300.12.16.1 * libcfg6-64bit-debuginfo-2.4.6-150300.12.16.1 * libvotequorum8-64bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-64bit-2.4.6-150300.12.16.1 * libcorosync_common4-64bit-debuginfo-2.4.6-150300.12.16.1 * libcpg4-64bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-64bit-debuginfo-2.4.6-150300.12.16.1 * libvotequorum8-64bit-2.4.6-150300.12.16.1 * libquorum5-64bit-2.4.6-150300.12.16.1 * libcmap4-64bit-2.4.6-150300.12.16.1 * libcmap4-64bit-debuginfo-2.4.6-150300.12.16.1 * libcfg6-64bit-2.4.6-150300.12.16.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * openSUSE Leap 15.6 (x86_64) * libquorum5-32bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-32bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-32bit-2.4.6-150300.12.16.1 * libtotem_pg5-32bit-2.4.6-150300.12.16.1 * libcorosync_common4-32bit-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-32bit-2.4.6-150300.12.16.1 * libcfg6-32bit-2.4.6-150300.12.16.1 * libcpg4-32bit-debuginfo-2.4.6-150300.12.16.1 * libquorum5-32bit-2.4.6-150300.12.16.1 * libcmap4-32bit-2.4.6-150300.12.16.1 * libcmap4-32bit-debuginfo-2.4.6-150300.12.16.1 * libtotem_pg5-32bit-debuginfo-2.4.6-150300.12.16.1 * libvotequorum8-32bit-2.4.6-150300.12.16.1 * libvotequorum8-32bit-debuginfo-2.4.6-150300.12.16.1 * libcfg6-32bit-debuginfo-2.4.6-150300.12.16.1 * libcpg4-32bit-2.4.6-150300.12.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35091.html * https://www.suse.com/security/cve/CVE-2026-35092.html * https://bugzilla.suse.com/show_bug.cgi?id=1261299 * https://bugzilla.suse.com/show_bug.cgi?id=1261300 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:31:20 -0000 Subject: SUSE-SU-2026:1389-1: important: Security update for python-PyJWT Message-ID: <177635708051.5532.487611760084931502@6fd1d05cebf0> # Security update for python-PyJWT Announcement ID: SUSE-SU-2026:1389-1 Release Date: 2026-04-16T09:20:00Z Rating: important References: * bsc#1259616 Cross-References: * CVE-2026-32597 CVSS scores: * CVE-2026-32597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyJWT fixes the following issues: * CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1389=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1389=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1389=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1389=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1389=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1389=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1389=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1389=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1389=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1389=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1389=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1389=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1389=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1389=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * openSUSE Leap 15.6 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * Public Cloud Module 15-SP4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * Python 3 Module 15-SP7 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32597.html * https://bugzilla.suse.com/show_bug.cgi?id=1259616 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:31:23 -0000 Subject: SUSE-SU-2026:1388-1: moderate: Security update for libtpms Message-ID: <177635708355.5532.11632026648556494203@6fd1d05cebf0> # Security update for libtpms Announcement ID: SUSE-SU-2026:1388-1 Release Date: 2026-04-16T09:18:28Z Rating: moderate References: * bsc#1244528 Cross-References: * CVE-2025-49133 CVSS scores: * CVE-2025-49133 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libtpms fixes the following issues: * CVE-2025-49133: Fixed potential out of bounds (OOB) read vulnerability (bsc#1244528) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1388=1 SUSE-2026-1388=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1388=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libtpms-debugsource-0.9.6-150600.3.3.1 * libtpms-devel-0.9.6-150600.3.3.1 * libtpms0-debuginfo-0.9.6-150600.3.3.1 * libtpms0-0.9.6-150600.3.3.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libtpms-debugsource-0.9.6-150600.3.3.1 * libtpms-devel-0.9.6-150600.3.3.1 * libtpms0-debuginfo-0.9.6-150600.3.3.1 * libtpms0-0.9.6-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49133.html * https://bugzilla.suse.com/show_bug.cgi?id=1244528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:31:29 -0000 Subject: SUSE-SU-2026:1387-1: important: Security update for vim Message-ID: <177635708939.5532.8870480952254658509@6fd1d05cebf0> # Security update for vim Announcement ID: SUSE-SU-2026:1387-1 Release Date: 2026-04-16T09:18:18Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Update to version 9.2.0280. * CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). * CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). * CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1387=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1387=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1387=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1387=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1387=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1387=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1387=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1387=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1387=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1387=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * vim-debugsource-9.2.0280-150000.5.89.1 * gvim-debuginfo-9.2.0280-150000.5.89.1 * gvim-9.2.0280-150000.5.89.1 * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * vim-data-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * vim-debugsource-9.2.0280-150000.5.89.1 * gvim-debuginfo-9.2.0280-150000.5.89.1 * gvim-9.2.0280-150000.5.89.1 * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * vim-data-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0280-150000.5.89.1 * gvim-debuginfo-9.2.0280-150000.5.89.1 * gvim-9.2.0280-150000.5.89.1 * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * vim-data-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * vim-debugsource-9.2.0280-150000.5.89.1 * gvim-debuginfo-9.2.0280-150000.5.89.1 * gvim-9.2.0280-150000.5.89.1 * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * vim-data-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:31:38 -0000 Subject: SUSE-SU-2026:1386-1: important: Security update for openssl-1_1 Message-ID: <177635709815.5532.5711552658227461963@6fd1d05cebf0> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1386-1 Release Date: 2026-04-16T09:17:21Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1261678 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-28390 * CVE-2026-31789 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * Legacy Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1386=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1386=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1386=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1w-150700.11.16.1 * libopenssl1_1-debuginfo-1.1.1w-150700.11.16.1 * libopenssl1_1-1.1.1w-150700.11.16.1 * openssl-1_1-debuginfo-1.1.1w-150700.11.16.1 * Basesystem Module 15-SP7 (x86_64) * libopenssl1_1-32bit-1.1.1w-150700.11.16.1 * libopenssl1_1-32bit-debuginfo-1.1.1w-150700.11.16.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1w-150700.11.16.1 * openssl-1_1-debugsource-1.1.1w-150700.11.16.1 * openssl-1_1-debuginfo-1.1.1w-150700.11.16.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1w-150700.11.16.1 * openssl-1_1-debuginfo-1.1.1w-150700.11.16.1 * openssl-1_1-1.1.1w-150700.11.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:31:46 -0000 Subject: SUSE-SU-2026:1385-1: important: Security update for python3 Message-ID: <177635710638.5532.3470532427138332748@6fd1d05cebf0> # Security update for python3 Announcement ID: SUSE-SU-2026:1385-1 Release Date: 2026-04-16T09:16:55Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1385=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1385=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python3-tk-debuginfo-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-3.4.10-25.180.1 * python3-debugsource-3.4.10-25.180.1 * python3-base-debuginfo-3.4.10-25.180.1 * python3-tk-3.4.10-25.180.1 * python3-devel-3.4.10-25.180.1 * python3-debuginfo-3.4.10-25.180.1 * python3-base-debugsource-3.4.10-25.180.1 * python3-3.4.10-25.180.1 * libpython3_4m1_0-3.4.10-25.180.1 * python3-curses-debuginfo-3.4.10-25.180.1 * python3-curses-3.4.10-25.180.1 * python3-base-3.4.10-25.180.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.180.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * python3-base-debuginfo-32bit-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.180.1 * libpython3_4m1_0-32bit-3.4.10-25.180.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python3-tk-debuginfo-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-3.4.10-25.180.1 * python3-debugsource-3.4.10-25.180.1 * python3-base-debuginfo-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.180.1 * python3-base-debuginfo-32bit-3.4.10-25.180.1 * python3-devel-3.4.10-25.180.1 * python3-tk-3.4.10-25.180.1 * python3-debuginfo-3.4.10-25.180.1 * python3-base-debugsource-3.4.10-25.180.1 * python3-3.4.10-25.180.1 * libpython3_4m1_0-3.4.10-25.180.1 * python3-curses-debuginfo-3.4.10-25.180.1 * python3-curses-3.4.10-25.180.1 * libpython3_4m1_0-32bit-3.4.10-25.180.1 * python3-devel-debuginfo-3.4.10-25.180.1 * python3-base-3.4.10-25.180.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:32:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 16:32:46 -0000 Subject: SUSE-SU-2026:1379-1: important: Security update for MozillaThunderbird Message-ID: <177635716667.5532.4007282859775851677@6fd1d05cebf0> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2026:1379-1 Release Date: 2026-04-16T08:42:00Z Rating: important References: * bsc#1261663 Cross-References: * CVE-2026-5731 * CVE-2026-5732 * CVE-2026-5734 CVSS scores: * CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5731 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5732 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: * Update to 149.0.2 and 140.9.1esr (bsc#1261663). * CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1379=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1379=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * MozillaThunderbird-translations-common-140.9.1-150200.8.266.1 * MozillaThunderbird-translations-other-140.9.1-150200.8.266.1 * MozillaThunderbird-debuginfo-140.9.1-150200.8.266.1 * MozillaThunderbird-140.9.1-150200.8.266.1 * MozillaThunderbird-debugsource-140.9.1-150200.8.266.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * MozillaThunderbird-translations-common-140.9.1-150200.8.266.1 * MozillaThunderbird-translations-other-140.9.1-150200.8.266.1 * MozillaThunderbird-debuginfo-140.9.1-150200.8.266.1 * MozillaThunderbird-140.9.1-150200.8.266.1 * MozillaThunderbird-debugsource-140.9.1-150200.8.266.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5731.html * https://www.suse.com/security/cve/CVE-2026-5732.html * https://www.suse.com/security/cve/CVE-2026-5734.html * https://bugzilla.suse.com/show_bug.cgi?id=1261663 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 20:30:05 -0000 Subject: SUSE-SU-2026:1416-1: low: Security update for python-pyOpenSSL Message-ID: <177637140558.6478.18142805936096343414@5d6d53449fb2> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:1416-1 Release Date: 2026-04-16T15:36:01Z Rating: low References: * bsc#1259804 Cross-References: * CVE-2026-27448 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issue: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1416=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1416=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1416=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-pyOpenSSL-19.0.0-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-pyOpenSSL-19.0.0-150300.3.3.1 * openSUSE Leap 15.3 (noarch) * python3-pyOpenSSL-19.0.0-150300.3.3.1 * python2-pyOpenSSL-19.0.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 20:30:12 -0000 Subject: SUSE-SU-2026:1415-1: moderate: Security update for rust1.93 Message-ID: <177637141204.6478.1325507939133878780@5d6d53449fb2> # Security update for rust1.93 Announcement ID: SUSE-SU-2026:1415-1 Release Date: 2026-04-16T15:05:20Z Rating: moderate References: * bsc#1253321 * bsc#1259623 Cross-References: * CVE-2026-31812 CVSS scores: * CVE-2026-31812 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31812 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31812 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for rust1.93 fixes the following issues: Security issue: * CVE-2026-31812: denial of service via crafted QUIC initial packet (bsc#1259623). Non security issue: * Resolve missing gcc requirement that may affect some crate buildin (bsc#1253321). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1415=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1415=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1415=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * cargo1.93-1.93.0-150300.7.6.1 * rust1.93-debuginfo-1.93.0-150300.7.6.1 * cargo1.93-debuginfo-1.93.0-150300.7.6.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.93-1.93.0-150300.7.6.1 * openSUSE Leap 15.3 (noarch) * rust1.93-src-1.93.0-150300.7.6.1 * openSUSE Leap 15.3 (nosrc) * rust1.93-test-1.93.0-150300.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cargo1.93-1.93.0-150300.7.6.1 * rust1.93-debuginfo-1.93.0-150300.7.6.1 * cargo1.93-debuginfo-1.93.0-150300.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.93-1.93.0-150300.7.6.1 * openSUSE Leap 15.6 (noarch) * rust1.93-src-1.93.0-150300.7.6.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cargo1.93-1.93.0-150300.7.6.1 * rust1.93-debuginfo-1.93.0-150300.7.6.1 * cargo1.93-debuginfo-1.93.0-150300.7.6.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.93-1.93.0-150300.7.6.1 * Development Tools Module 15-SP7 (noarch) * rust1.93-src-1.93.0-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31812.html * https://bugzilla.suse.com/show_bug.cgi?id=1253321 * https://bugzilla.suse.com/show_bug.cgi?id=1259623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 20:30:16 -0000 Subject: SUSE-SU-2026:1414-1: moderate: Security update for shim Message-ID: <177637141655.6478.12637787791466050718@5d6d53449fb2> # Security update for shim Announcement ID: SUSE-SU-2026:1414-1 Release Date: 2026-04-16T14:25:29Z Rating: moderate References: * bsc#1240871 * bsc#1247432 Cross-References: * CVE-2024-2312 CVSS scores: * CVE-2024-2312 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-2312 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for shim fixes the following issues: shim is updated to version 16.1: * shim_start_image(): fix guid/handle pairing when uninstalling protocols * Fix uncompressed ipv6 netboot * fix test segfaults caused by uninitialized memory * SbatLevel_Variable.txt: minor typo fix. * Realloc() needs to allocate one more byte for sprintf() * IPv6: Add more check to avoid multiple double colon and illegal char * Loader proto v2 * loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages * Generate Authenticode for the entire PE file * README: mention new loader protocol and interaction with UKIs * shim: change automatically enable MOK_POLICY_REQUIRE_NX * Save var info * add SbatLevel entry 2025051000 for PSA-2025-00012-1 * Coverity fixes 20250804 * fix http boot * Fix double free and leak in the loader protocol shim is updated to version 16.0: * Validate that a supplied vendor cert is not in PEM format * sbat: Add grub.peimage,2 to latest (CVE-2024-2312) * sbat: Also bump latest for grub,4 (and to todays date) * undo change that limits certificate files to a single file * shim: don't set second_stage to the empty string * Fix SBAT.md for today's consensus about numbers * Update Code of Conduct contact address * make-certs: Handle missing OpenSSL installation * Update MokVars.txt * export DEFINES for sub makefile * Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition * Null-terminate 'arguments' in fallback * Fix "Verifiying" typo in error message * Update Fedora CI targets * Force gcc to produce DWARF4 so that gdb can use it * Minor housekeeping 2024121700 * Discard load-options that start with WINDOWS * Fix the issue that the gBS->LoadImage pointer was empty. * shim: Allow data after the end of device path node in load options * Handle network file not found like disks * Update gnu-efi submodule for EFI_HTTP_ERROR * Increase EFI file alignment * avoid EFIv2 runtime services on Apple x86 machines * Improve shortcut performance when comparing two boolean expressions * Provide better error message when MokManager is not found * tpm: Boot with a warning if the event log is full * MokManager: remove redundant logical constraints * Test import_mok_state() when MokListRT would be bigger than available size * test-mok-mirror: minor bug fix * Fix file system browser hang when enrolling MOK from disk * Ignore a minor clang-tidy nit * Allow fallback to default loader when encountering errors on network boot * test.mk: don't use a temporary random.bin * pe: Enhance debug report for update_mem_attrs * Multiple certificate handling improvements * Generate SbatLevel Metadata from SbatLevel_Variable.txt * Apply EKU check with compile option * Add configuration option to boot an alternative 2nd stage * Loader protocol (with Device Path resolution support) * netboot cleanup for additional files * Document how revocations can be delivered * post-process-pe: add tests to validate NX compliance * regression: CopyMem() in ad8692e copies out of bounds * Save the debug and error logs in mok-variables * Add features for the Host Security ID program * Mirror some more efi variables to mok-variables * This adds DXE Services measurements to HSI and uses them for NX * Add shim's current NX_COMPAT status to HSIStatus * README.tpm: reflect that vendor_db is in fact logged as "vendor_db" * Reject HTTP message with duplicate Content-Length header fields * Disable log saving * fallback: don't add new boot order entries backwards * README.tpm: Update MokList entry to MokListRT * SBAT Level update for February 2025 GRUB CVEs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1414=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1414=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * shim-16.1-25.34.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (x86_64) * shim-16.1-25.34.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2312.html * https://bugzilla.suse.com/show_bug.cgi?id=1240871 * https://bugzilla.suse.com/show_bug.cgi?id=1247432 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 20:30:19 -0000 Subject: SUSE-SU-2026:1413-1: moderate: Security update for ovmf Message-ID: <177637141933.6478.16492688001212683855@5d6d53449fb2> # Security update for ovmf Announcement ID: SUSE-SU-2026:1413-1 Release Date: 2026-04-16T13:34:01Z Rating: moderate References: * bsc#1252441 Cross-References: * CVE-2025-59438 CVSS scores: * CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59438 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ovmf fixes the following issue: * CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1413=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1413=1 ## Package List: * SUSE Package Hub 15 15-SP7 (noarch) * qemu-uefi-aarch64-202408-150700.3.15.1 * qemu-ovmf-x86_64-202408-150700.3.15.1 * qemu-uefi-aarch32-202408-150700.3.15.1 * SUSE Package Hub 15 15-SP7 (x86_64) * qemu-ovmf-x86_64-debug-202408-150700.3.15.1 * Server Applications Module 15-SP7 (aarch64 x86_64) * ovmf-tools-202408-150700.3.15.1 * ovmf-202408-150700.3.15.1 * Server Applications Module 15-SP7 (noarch) * qemu-uefi-aarch64-202408-150700.3.15.1 * qemu-ovmf-x86_64-202408-150700.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59438.html * https://bugzilla.suse.com/show_bug.cgi?id=1252441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 20:30:26 -0000 Subject: SUSE-SU-2026:1412-1: moderate: Security update for python-urllib3 Message-ID: <177637142663.6478.4941054282798862116@5d6d53449fb2> # Security update for python-urllib3 Announcement ID: SUSE-SU-2026:1412-1 Release Date: 2026-04-16T13:06:27Z Rating: moderate References: * bsc#1254866 * bsc#1254867 * bsc#1256331 * bsc#1259829 * jsc#PED-15380 Cross-References: * CVE-2025-66418 * CVE-2025-66471 * CVE-2026-21441 CVSS scores: * CVE-2025-66418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-66418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-66418 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-66418 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-66471 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-66471 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-66471 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21441 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21441 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-21441 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-21441 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for python-urllib3 fixes the following issues: Security issues: * CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). * CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). * CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). Non-security issues: * Disabled response decompression with brotli due to missing brotli feature (jsc#PED-15380). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1412=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1412=1 ## Package List: * Public Cloud Module 12 (noarch) * python-urllib3-1.25.10-3.48.4 * python3-urllib3-1.25.10-3.48.4 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python-urllib3-1.25.10-3.48.4 * python3-urllib3-1.25.10-3.48.4 ## References: * https://www.suse.com/security/cve/CVE-2025-66418.html * https://www.suse.com/security/cve/CVE-2025-66471.html * https://www.suse.com/security/cve/CVE-2026-21441.html * https://bugzilla.suse.com/show_bug.cgi?id=1254866 * https://bugzilla.suse.com/show_bug.cgi?id=1254867 * https://bugzilla.suse.com/show_bug.cgi?id=1256331 * https://bugzilla.suse.com/show_bug.cgi?id=1259829 * https://jira.suse.com/browse/PED-15380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 20:30:30 -0000 Subject: SUSE-SU-2026:1411-1: important: Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls Message-ID: <177637143095.6478.2257612010881894614@5d6d53449fb2> # Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls Announcement ID: SUSE-SU-2026:1411-1 Release Date: 2026-04-16T12:57:18Z Rating: important References: * bsc#1258097 * bsc#1260218 Cross-References: * CVE-2026-25934 * CVE-2026-33186 CVSS scores: * CVE-2026-25934 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25934 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for terraform-provider-local, terraform-provider-random, terraform- provider-tls fixes the following issue: * CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for `.pack` and `.idx` files can lead to the consumption of corrupted files (bsc#1258097). * CVE-2026-33186: google.golang.org/grpc: improper validation of the HTTP/2 `:path` pseudo-header can lead to authorization bypass (bsc#1260218). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1411=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1411=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1411=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * terraform-provider-local-2.0.0-150200.6.8.1 * terraform-provider-null-3.0.0-150200.6.12.1 * terraform-provider-random-3.0.0-150200.6.6.2 * terraform-provider-tls-3.0.0-150200.5.6.2 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-local-2.0.0-150200.6.8.1 * terraform-provider-null-3.0.0-150200.6.12.1 * terraform-provider-random-3.0.0-150200.6.6.2 * terraform-provider-tls-3.0.0-150200.5.6.2 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-local-2.0.0-150200.6.8.1 * terraform-provider-null-3.0.0-150200.6.12.1 * terraform-provider-random-3.0.0-150200.6.6.2 * terraform-provider-tls-3.0.0-150200.5.6.2 ## References: * https://www.suse.com/security/cve/CVE-2026-25934.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1258097 * https://bugzilla.suse.com/show_bug.cgi?id=1260218 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 20:30:48 -0000 Subject: SUSE-SU-2026:1408-1: moderate: Security update for tiff Message-ID: <177637144844.6478.16959274946112752770@5d6d53449fb2> # Security update for tiff Announcement ID: SUSE-SU-2026:1408-1 Release Date: 2026-04-16T12:36:23Z Rating: moderate References: * bsc#1258798 * bsc#1258801 Cross-References: * CVE-2025-61143 * CVE-2025-61144 CVSS scores: * CVE-2025-61143 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-61143 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61143 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61144 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-61144 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-61144 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798). * CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1408=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1408=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1408=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1408=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1408=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1408=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1408=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1408=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * Basesystem Module 15-SP7 (x86_64) * libtiff5-32bit-4.0.9-150000.45.63.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61143.html * https://www.suse.com/security/cve/CVE-2025-61144.html * https://bugzilla.suse.com/show_bug.cgi?id=1258798 * https://bugzilla.suse.com/show_bug.cgi?id=1258801 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 20:30:52 -0000 Subject: SUSE-SU-2026:1407-1: moderate: Security update for tiff Message-ID: <177637145290.6478.3048698088290024527@5d6d53449fb2> # Security update for tiff Announcement ID: SUSE-SU-2026:1407-1 Release Date: 2026-04-16T12:35:42Z Rating: moderate References: * bsc#1258798 * bsc#1258801 Cross-References: * CVE-2025-61143 * CVE-2025-61144 CVSS scores: * CVE-2025-61143 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-61143 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61143 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61144 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-61144 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-61144 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798). * CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1407=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libtiff5-32bit-4.0.9-44.109.1 * tiff-4.0.9-44.109.1 * libtiff5-4.0.9-44.109.1 * tiff-debugsource-4.0.9-44.109.1 * libtiff5-debuginfo-32bit-4.0.9-44.109.1 * libtiff5-debuginfo-4.0.9-44.109.1 * tiff-debuginfo-4.0.9-44.109.1 * libtiff-devel-4.0.9-44.109.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61143.html * https://www.suse.com/security/cve/CVE-2025-61144.html * https://bugzilla.suse.com/show_bug.cgi?id=1258798 * https://bugzilla.suse.com/show_bug.cgi?id=1258801 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 16 Apr 2026 20:30:58 -0000 Subject: SUSE-SU-2026:1406-1: moderate: Security update for util-linux Message-ID: <177637145821.6478.14128433012071276208@5d6d53449fb2> # Security update for util-linux Announcement ID: SUSE-SU-2026:1406-1 Release Date: 2026-04-16T12:35:30Z Rating: moderate References: * bsc#1222465 * bsc#1234736 * bsc#1258859 Cross-References: * CVE-2026-3184 CVSS scores: * CVE-2026-3184 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-3184 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for util-linux fixes the following issues: Security issue: * CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: * recognize fuse "portal" as a virtual file system (bsc#1234736). * fdisk: fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1406=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1406=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libblkid1-debuginfo-2.40.4-150700.4.10.1 * libmount-devel-2.40.4-150700.4.10.1 * libblkid1-2.40.4-150700.4.10.1 * libmount1-2.40.4-150700.4.10.1 * libuuid-devel-static-2.40.4-150700.4.10.1 * libsmartcols1-debuginfo-2.40.4-150700.4.10.1 * util-linux-debuginfo-2.40.4-150700.4.10.1 * libuuid1-debuginfo-2.40.4-150700.4.10.1 * util-linux-systemd-2.40.4-150700.4.10.1 * libfdisk1-2.40.4-150700.4.10.1 * libuuid1-2.40.4-150700.4.10.1 * util-linux-systemd-debugsource-2.40.4-150700.4.10.1 * util-linux-systemd-debuginfo-2.40.4-150700.4.10.1 * util-linux-2.40.4-150700.4.10.1 * libuuid-devel-2.40.4-150700.4.10.1 * util-linux-debugsource-2.40.4-150700.4.10.1 * libmount1-debuginfo-2.40.4-150700.4.10.1 * util-linux-tty-tools-debuginfo-2.40.4-150700.4.10.1 * libsmartcols1-2.40.4-150700.4.10.1 * libblkid-devel-static-2.40.4-150700.4.10.1 * util-linux-tty-tools-2.40.4-150700.4.10.1 * libsmartcols-devel-2.40.4-150700.4.10.1 * libblkid-devel-2.40.4-150700.4.10.1 * libfdisk1-debuginfo-2.40.4-150700.4.10.1 * libfdisk-devel-2.40.4-150700.4.10.1 * Basesystem Module 15-SP7 (noarch) * util-linux-lang-2.40.4-150700.4.10.1 * Basesystem Module 15-SP7 (s390x) * util-linux-extra-2.40.4-150700.4.10.1 * util-linux-extra-debuginfo-2.40.4-150700.4.10.1 * Basesystem Module 15-SP7 (x86_64) * libblkid1-32bit-2.40.4-150700.4.10.1 * libmount1-32bit-debuginfo-2.40.4-150700.4.10.1 * libuuid1-32bit-debuginfo-2.40.4-150700.4.10.1 * libuuid1-32bit-2.40.4-150700.4.10.1 * libmount1-32bit-2.40.4-150700.4.10.1 * libblkid1-32bit-debuginfo-2.40.4-150700.4.10.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * util-linux-systemd-debuginfo-2.40.4-150700.4.10.1 * uuidd-2.40.4-150700.4.10.1 * uuidd-debuginfo-2.40.4-150700.4.10.1 * util-linux-systemd-debugsource-2.40.4-150700.4.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3184.html * https://bugzilla.suse.com/show_bug.cgi?id=1222465 * https://bugzilla.suse.com/show_bug.cgi?id=1234736 * https://bugzilla.suse.com/show_bug.cgi?id=1258859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 08:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 08:30:18 -0000 Subject: SUSE-SU-2026:1420-1: moderate: Security update for NetworkManager Message-ID: <177641461882.6800.11130552892655083080@5d6d53449fb2> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:1420-1 Release Date: 2026-04-16T16:44:58Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issues: * CVE-2025-9615: non-admin users are allowed to use certificates from other users (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1420=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1420=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * NetworkManager-wwan-debuginfo-1.38.2-150400.3.6.1 * libnm0-1.38.2-150400.3.6.1 * libnm0-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-cloud-setup-1.38.2-150400.3.6.1 * NetworkManager-bluetooth-1.38.2-150400.3.6.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-tui-1.38.2-150400.3.6.1 * NetworkManager-debugsource-1.38.2-150400.3.6.1 * NetworkManager-1.38.2-150400.3.6.1 * NetworkManager-pppoe-1.38.2-150400.3.6.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.6.1 * NetworkManager-wwan-1.38.2-150400.3.6.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * NetworkManager-wwan-debuginfo-1.38.2-150400.3.6.1 * libnm0-1.38.2-150400.3.6.1 * libnm0-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-cloud-setup-1.38.2-150400.3.6.1 * NetworkManager-bluetooth-1.38.2-150400.3.6.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-tui-1.38.2-150400.3.6.1 * NetworkManager-debugsource-1.38.2-150400.3.6.1 * NetworkManager-1.38.2-150400.3.6.1 * NetworkManager-pppoe-1.38.2-150400.3.6.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.6.1 * NetworkManager-wwan-1.38.2-150400.3.6.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 08:30:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 08:30:31 -0000 Subject: SUSE-SU-2026:1419-1: moderate: Security update for NetworkManager Message-ID: <177641463192.6800.5245460053502622498@5d6d53449fb2> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:1419-1 Release Date: 2026-04-16T16:44:23Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issues: * CVE-2025-9615: non-admin users are allowed to use certificates from other users (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1419=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1419=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * NetworkManager-1.38.2-150400.3.5.1 * NetworkManager-bluetooth-1.38.2-150400.3.5.1 * NetworkManager-tui-1.38.2-150400.3.5.1 * libnm0-1.38.2-150400.3.5.1 * NetworkManager-wwan-1.38.2-150400.3.5.1 * NetworkManager-pppoe-1.38.2-150400.3.5.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-debugsource-1.38.2-150400.3.5.1 * NetworkManager-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-cloud-setup-1.38.2-150400.3.5.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.5.1 * libnm0-debuginfo-1.38.2-150400.3.5.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.5.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-wwan-debuginfo-1.38.2-150400.3.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * NetworkManager-1.38.2-150400.3.5.1 * NetworkManager-bluetooth-1.38.2-150400.3.5.1 * NetworkManager-tui-1.38.2-150400.3.5.1 * libnm0-1.38.2-150400.3.5.1 * NetworkManager-wwan-1.38.2-150400.3.5.1 * NetworkManager-pppoe-1.38.2-150400.3.5.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-debugsource-1.38.2-150400.3.5.1 * NetworkManager-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-cloud-setup-1.38.2-150400.3.5.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.5.1 * libnm0-debuginfo-1.38.2-150400.3.5.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.5.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-wwan-debuginfo-1.38.2-150400.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 08:30:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 08:30:35 -0000 Subject: SUSE-SU-2026:1418-1: low: Security update for iproute2 Message-ID: <177641463555.6800.12379035118529980826@5d6d53449fb2> # Security update for iproute2 Announcement ID: SUSE-SU-2026:1418-1 Release Date: 2026-04-16T16:43:07Z Rating: low References: * bsc#1254324 Cross-References: * CVE-2024-58251 CVSS scores: * CVE-2024-58251 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-58251 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2024-58251 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for iproute2 fixes the following issue: * CVE-2024-58251: denial of service via terminal escape sequences (bsc#1254324). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1418=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1418=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * iproute2-arpd-debuginfo-6.4-150600.7.12.1 * libnetlink-devel-6.4-150600.7.12.1 * iproute2-6.4-150600.7.12.1 * iproute2-debugsource-6.4-150600.7.12.1 * iproute2-bash-completion-6.4-150600.7.12.1 * iproute2-debuginfo-6.4-150600.7.12.1 * iproute2-arpd-6.4-150600.7.12.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * iproute2-arpd-debuginfo-6.4-150600.7.12.1 * libnetlink-devel-6.4-150600.7.12.1 * iproute2-6.4-150600.7.12.1 * iproute2-debugsource-6.4-150600.7.12.1 * iproute2-bash-completion-6.4-150600.7.12.1 * iproute2-debuginfo-6.4-150600.7.12.1 * iproute2-arpd-6.4-150600.7.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-58251.html * https://bugzilla.suse.com/show_bug.cgi?id=1254324 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 08:31:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 08:31:01 -0000 Subject: SUSE-SU-2026:1417-1: important: Security update for python Message-ID: <177641466155.6800.4997230448286470332@5d6d53449fb2> # Security update for python Announcement ID: SUSE-SU-2026:1417-1 Release Date: 2026-04-16T16:41:23Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for python fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in `http.cookies` (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1417=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1417=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python-gdbm-debuginfo-2.7.18-33.74.1 * python-curses-debuginfo-2.7.18-33.74.1 * python-xml-2.7.18-33.74.1 * python-debuginfo-2.7.18-33.74.1 * python-curses-2.7.18-33.74.1 * python-gdbm-2.7.18-33.74.1 * python-debugsource-2.7.18-33.74.1 * python-tk-debuginfo-2.7.18-33.74.1 * python-base-2.7.18-33.74.1 * libpython2_7-1_0-2.7.18-33.74.1 * python-base-debugsource-2.7.18-33.74.1 * python-tk-2.7.18-33.74.1 * python-devel-2.7.18-33.74.1 * python-demo-2.7.18-33.74.1 * python-xml-debuginfo-2.7.18-33.74.1 * libpython2_7-1_0-debuginfo-2.7.18-33.74.1 * python-2.7.18-33.74.1 * python-idle-2.7.18-33.74.1 * python-base-debuginfo-2.7.18-33.74.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * python-doc-2.7.18-33.74.1 * python-doc-pdf-2.7.18-33.74.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * python-32bit-2.7.18-33.74.1 * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.74.1 * python-base-32bit-2.7.18-33.74.1 * python-debuginfo-32bit-2.7.18-33.74.1 * python-base-debuginfo-32bit-2.7.18-33.74.1 * libpython2_7-1_0-32bit-2.7.18-33.74.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python-gdbm-debuginfo-2.7.18-33.74.1 * python-debugsource-2.7.18-33.74.1 * python-base-debuginfo-32bit-2.7.18-33.74.1 * python-base-debugsource-2.7.18-33.74.1 * python-devel-2.7.18-33.74.1 * python-demo-2.7.18-33.74.1 * python-idle-2.7.18-33.74.1 * libpython2_7-1_0-32bit-2.7.18-33.74.1 * python-32bit-2.7.18-33.74.1 * python-curses-debuginfo-2.7.18-33.74.1 * python-tk-debuginfo-2.7.18-33.74.1 * python-debuginfo-32bit-2.7.18-33.74.1 * python-base-debuginfo-2.7.18-33.74.1 * libpython2_7-1_0-2.7.18-33.74.1 * python-tk-2.7.18-33.74.1 * libpython2_7-1_0-debuginfo-2.7.18-33.74.1 * python-2.7.18-33.74.1 * python-xml-2.7.18-33.74.1 * python-debuginfo-2.7.18-33.74.1 * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.74.1 * python-curses-2.7.18-33.74.1 * python-gdbm-2.7.18-33.74.1 * python-base-32bit-2.7.18-33.74.1 * python-base-2.7.18-33.74.1 * python-xml-debuginfo-2.7.18-33.74.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python-doc-2.7.18-33.74.1 * python-doc-pdf-2.7.18-33.74.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 12:30:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 12:30:13 -0000 Subject: SUSE-SU-2026:1422-1: moderate: Security update for smc-tools Message-ID: <177642901326.6061.1735928376120198952@6fd1d05cebf0> # Security update for smc-tools Announcement ID: SUSE-SU-2026:1422-1 Release Date: 2026-04-17T07:21:34Z Rating: moderate References: * bsc#1230052 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS An update that has one security fix can now be installed. ## Description: This update for smc-tools fixes the following issue: Update to smc-tools v1.8.7: * predictable /tmp file allows for local denial of service (bsc#1230052). Changelog: Update to v1.8.7: * smc_rnics: fix regression when PFT not available * smcd/smcr: prevent DoS on statistics workfile present in /tmp/ Update to v1.8.6: * man pages: Update man page for smc_pnet * smc-tools: Display sndbuf/RMB stats only if supported by the kernel Update to v1.8.5: * smc_rnics: Add support for Network Express RNIC in smc_rnics * smc_rnics: Add PFT and VF columns to smc_rnics output * libnetlink..: Fix function declaration to use a void prototype * smc_rnics: Update smc_chk to extract PNetID from column 9 * man pages: Update man page for --rawids option and PFT and VF columns * smc_rnics: Fix missing PPrt values in smc_rnics -r output ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1422=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1422=1 openSUSE-SLE-15.6-2026-1422=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x) * smc-tools-debuginfo-1.8.7-150600.3.6.1 * smc-tools-debugsource-1.8.7-150600.3.6.1 * smc-tools-completion-1.8.7-150600.3.6.1 * smc-tools-1.8.7-150600.3.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * smc-tools-debuginfo-1.8.7-150600.3.6.1 * smc-tools-debugsource-1.8.7-150600.3.6.1 * smc-tools-completion-1.8.7-150600.3.6.1 * smc-tools-1.8.7-150600.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1230052 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 12:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 12:30:16 -0000 Subject: SUSE-SU-2026:1421-1: moderate: Security update for python-CairoSVG Message-ID: <177642901692.6061.4527811006289393549@6fd1d05cebf0> # Security update for python-CairoSVG Announcement ID: SUSE-SU-2026:1421-1 Release Date: 2026-04-17T06:46:50Z Rating: moderate References: * bsc#1259690 Cross-References: * CVE-2026-31899 CVSS scores: * CVE-2026-31899 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31899 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31899 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-CairoSVG fixes the following issue: * CVE-2026-31899: denial of service via recursive element amplification (bsc#1259690). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1421=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1421=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1421=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-CairoSVG-2.7.1-150400.9.6.1 * openSUSE Leap 15.6 (noarch) * python311-CairoSVG-2.7.1-150400.9.6.1 * Python 3 Module 15-SP7 (noarch) * python311-CairoSVG-2.7.1-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31899.html * https://bugzilla.suse.com/show_bug.cgi?id=1259690 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:30:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:30:13 -0000 Subject: SUSE-SU-2026:21132-1: important: Security update for vim Message-ID: <177644341332.6118.5602907653716644932@2ec35c3f4c39> # Security update for vim Announcement ID: SUSE-SU-2026:21132-1 Release Date: 2026-04-14T08:35:51Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update to 9.2.0280 * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-486=1 ## Package List: * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.2.0280-slfo.1.1_1.1 * vim-debugsource-9.2.0280-slfo.1.1_1.1 * vim-9.2.0280-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:32:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:32:30 -0000 Subject: SUSE-SU-2026:21131-1: important: Security update for the Linux Kernel Message-ID: <177644355068.6118.18114606050080129418@2ec35c3f4c39> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21131-1 Release Date: 2026-04-13T18:28:29Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256645 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258524 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71066 * CVE-2025-71125 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves 61 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: Reinit dev->spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * rename Hyper-v patch files to simplify further SP6-SP7 merges * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-kernel-340=1 ## Package List: * SUSE Linux Micro Extras 6.1 (nosrc) * kernel-64kb-6.4.0-41.1 * SUSE Linux Micro Extras 6.1 (aarch64) * kernel-64kb-debugsource-6.4.0-41.1 * kernel-64kb-devel-6.4.0-41.1 * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * kernel-syms-6.4.0-41.1 * kernel-obs-build-debugsource-6.4.0-41.1 * kernel-obs-build-6.4.0-41.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256645 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:32:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:32:45 -0000 Subject: SUSE-SU-2026:21130-1: important: Security update for vim Message-ID: <177644356525.6118.9977685605137933630@2ec35c3f4c39> # Security update for vim Announcement ID: SUSE-SU-2026:21130-1 Release Date: 2026-04-14T07:55:35Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update to 9.2.0280 * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-665=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * vim-debugsource-9.2.0280-1.1 * vim-9.2.0280-1.1 * vim-debuginfo-9.2.0280-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:34:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:34:53 -0000 Subject: SUSE-SU-2026:21129-1: important: Security update for the Linux Kernel Message-ID: <177644369327.6118.11763335548276010339@2ec35c3f4c39> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21129-1 Release Date: 2026-04-13T18:28:29Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256645 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258524 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71066 * CVE-2025-71125 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves 61 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: Reinit dev->spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * rename Hyper-v patch files to simplify further SP6-SP7 merges * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-kernel-340=1 ## Package List: * SUSE Linux Micro Extras 6.0 (nosrc) * kernel-64kb-6.4.0-41.1 * kernel-default-6.4.0-41.1 * SUSE Linux Micro Extras 6.0 (aarch64) * kernel-64kb-debugsource-6.4.0-41.1 * kernel-64kb-devel-6.4.0-41.1 * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * kernel-obs-build-debugsource-6.4.0-41.1 * kernel-obs-build-6.4.0-41.1 * kernel-syms-6.4.0-41.1 * kernel-default-devel-6.4.0-41.1 * kernel-default-debugsource-6.4.0-41.1 * SUSE Linux Micro Extras 6.0 (x86_64) * kernel-default-devel-debuginfo-6.4.0-41.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256645 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:34:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:34:56 -0000 Subject: SUSE-SU-2026:21128-1: important: Security update for ignition Message-ID: <177644369616.6118.535141434722635243@2ec35c3f4c39> # Security update for ignition Announcement ID: SUSE-SU-2026:21128-1 Release Date: 2026-04-14T08:01:42Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header (bsc#1260251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-668=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * ignition-debuginfo-2.19.0-3.1 * ignition-2.19.0-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:34:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:34:59 -0000 Subject: SUSE-SU-2026:21127-1: moderate: Security update for avahi Message-ID: <177644369989.6118.16613928140142522896@2ec35c3f4c39> # Security update for avahi Announcement ID: SUSE-SU-2026:21127-1 Release Date: 2026-04-14T08:01:42Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2026-24401: Fix unsolicited mDNS response containing a recursive CNAME record. (bsc#1257235) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-667=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libavahi-common3-0.8-8.1 * libavahi-core7-0.8-8.1 * avahi-debugsource-0.8-8.1 * libavahi-common3-debuginfo-0.8-8.1 * avahi-debuginfo-0.8-8.1 * libavahi-client3-debuginfo-0.8-8.1 * libavahi-client3-0.8-8.1 * avahi-0.8-8.1 * libavahi-core7-debuginfo-0.8-8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:35:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:35:02 -0000 Subject: SUSE-SU-2026:21126-1: moderate: Security update for python-cryptography Message-ID: <177644370265.6118.10634948758506643523@2ec35c3f4c39> # Security update for python-cryptography Announcement ID: SUSE-SU-2026:21126-1 Release Date: 2026-04-14T07:57:49Z Rating: moderate References: * bsc#1260876 Cross-References: * CVE-2026-34073 CVSS scores: * CVE-2026-34073 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34073 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34073 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34073 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-666=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * python311-cryptography-42.0.4-4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34073.html * https://bugzilla.suse.com/show_bug.cgi?id=1260876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:35:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:35:10 -0000 Subject: SUSE-SU-2026:21124-1: important: Security update for vim Message-ID: <177644371053.6118.4230939277063380722@2ec35c3f4c39> # Security update for vim Announcement ID: SUSE-SU-2026:21124-1 Release Date: 2026-04-14T07:54:09Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update to 9.2.0280 * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-665=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * vim-data-common-9.2.0280-1.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * vim-debugsource-9.2.0280-1.1 * vim-small-9.2.0280-1.1 * vim-small-debuginfo-9.2.0280-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:37:13 -0000 Subject: SUSE-SU-2026:21123-1: important: Security update for the Linux Kernel Message-ID: <177644383371.6118.7207548041022832641@2ec35c3f4c39> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21123-1 Release Date: 2026-04-13T16:48:50Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256645 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258524 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71066 * CVE-2025-71125 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves 61 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: Reinit dev->spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * rename Hyper-v patch files to simplify further SP6-SP7 merges * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-340=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * kernel-source-6.4.0-41.1 * kernel-macros-6.4.0-41.1 * kernel-devel-6.4.0-41.1 * SUSE Linux Micro 6.0 (aarch64 nosrc s390x x86_64) * kernel-default-6.4.0-41.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * kernel-default-debuginfo-6.4.0-41.1 * kernel-default-debugsource-6.4.0-41.1 * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-default-livepatch-6.4.0-41.1 * SUSE Linux Micro 6.0 (nosrc x86_64) * kernel-kvmsmall-6.4.0-41.1 * SUSE Linux Micro 6.0 (x86_64) * kernel-kvmsmall-debuginfo-6.4.0-41.1 * kernel-kvmsmall-debugsource-6.4.0-41.1 * SUSE Linux Micro 6.0 (aarch64 x86_64) * kernel-default-base-6.4.0-41.1.21.18 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256645 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:37:19 -0000 Subject: SUSE-SU-2026:21122-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_18 Message-ID: <177644383914.6118.9249152153893868178@2ec35c3f4c39> # Security update for kernel-livepatch-MICRO-6-0_Update_18 Announcement ID: SUSE-SU-2026:21122-1 Release Date: 2026-04-13T16:45:36Z Rating: important References: Affected Products: * SUSE Linux Micro 6.0 An update that can now be installed. ## Description: New livepatch SLE Micro 6.0/6.1 kernel update 18. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-341=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-41-default-1-1.1 * kernel-livepatch-MICRO-6-0_Update_18-debugsource-1-1.1 * kernel-livepatch-6_4_0-41-default-debuginfo-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:37:30 -0000 Subject: SUSE-SU-2026:21121-1: moderate: Security update for NetworkManager Message-ID: <177644385021.6118.9914413809461798766@2ec35c3f4c39> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:21121-1 Release Date: 2026-04-10T12:43:49Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issues: * CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-662=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * NetworkManager-cloud-setup-debuginfo-1.42.6-8.1 * NetworkManager-1.42.6-8.1 * NetworkManager-bluetooth-1.42.6-8.1 * NetworkManager-cloud-setup-1.42.6-8.1 * libnm0-1.42.6-8.1 * typelib-1_0-NM-1_0-1.42.6-8.1 * NetworkManager-debuginfo-1.42.6-8.1 * NetworkManager-wwan-1.42.6-8.1 * NetworkManager-wwan-debuginfo-1.42.6-8.1 * NetworkManager-tui-debuginfo-1.42.6-8.1 * NetworkManager-pppoe-1.42.6-8.1 * NetworkManager-tui-1.42.6-8.1 * libnm0-debuginfo-1.42.6-8.1 * NetworkManager-bluetooth-debuginfo-1.42.6-8.1 * NetworkManager-debugsource-1.42.6-8.1 * NetworkManager-pppoe-debuginfo-1.42.6-8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:37:39 -0000 Subject: SUSE-SU-2026:21120-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_18 Message-ID: <177644385973.6118.8935865450406721450@2ec35c3f4c39> # Security update for kernel-livepatch-MICRO-6-0_Update_18 Announcement ID: SUSE-SU-2026:21120-1 Release Date: 2026-04-13T16:42:46Z Rating: important References: Affected Products: * SUSE Linux Micro 6.1 An update that can now be installed. ## Description: New livepatch SLE Micro 6.0/6.1 kernel update 18. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-341=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-41-default-1-1.1 * kernel-livepatch-MICRO-6-0_Update_18-debugsource-1-1.1 * kernel-livepatch-6_4_0-41-default-debuginfo-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:37:47 -0000 Subject: SUSE-SU-2026:21118-1: important: Security update for vim Message-ID: <177644386753.6118.13992116005776995924@2ec35c3f4c39> # Security update for vim Announcement ID: SUSE-SU-2026:21118-1 Release Date: 2026-04-14T08:35:51Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update to 9.2.0280 * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-486=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * vim-data-common-9.2.0280-slfo.1.1_1.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * vim-small-9.2.0280-slfo.1.1_1.1 * vim-debugsource-9.2.0280-slfo.1.1_1.1 * vim-small-debuginfo-9.2.0280-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:37:50 -0000 Subject: SUSE-SU-2026:21117-1: moderate: Security update for avahi Message-ID: <177644387082.6118.10652251995193041743@2ec35c3f4c39> # Security update for avahi Announcement ID: SUSE-SU-2026:21117-1 Release Date: 2026-04-14T08:31:54Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2026-24401: Fix unsolicited mDNS response containing a recursive CNAME record. (bsc#1257235) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-485=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * avahi-debuginfo-0.8-slfo.1.1_5.1 * libavahi-client3-0.8-slfo.1.1_5.1 * avahi-0.8-slfo.1.1_5.1 * libavahi-core7-0.8-slfo.1.1_5.1 * libavahi-common3-debuginfo-0.8-slfo.1.1_5.1 * avahi-debugsource-0.8-slfo.1.1_5.1 * libavahi-common3-0.8-slfo.1.1_5.1 * libavahi-core7-debuginfo-0.8-slfo.1.1_5.1 * libavahi-client3-debuginfo-0.8-slfo.1.1_5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:37:53 -0000 Subject: SUSE-SU-2026:21116-1: moderate: Security update for python-cryptography Message-ID: <177644387344.6118.2228842099808315338@2ec35c3f4c39> # Security update for python-cryptography Announcement ID: SUSE-SU-2026:21116-1 Release Date: 2026-04-14T08:31:54Z Rating: moderate References: * bsc#1260876 Cross-References: * CVE-2026-34073 CVSS scores: * CVE-2026-34073 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34073 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34073 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34073 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-484=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * python311-cryptography-42.0.4-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34073.html * https://bugzilla.suse.com/show_bug.cgi?id=1260876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:37:56 -0000 Subject: SUSE-SU-2026:21115-1: important: Security update for ignition Message-ID: <177644387619.6118.15252508746087445478@2ec35c3f4c39> # Security update for ignition Announcement ID: SUSE-SU-2026:21115-1 Release Date: 2026-04-14T08:30:32Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header (bsc#1260251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-487=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * ignition-2.19.0-slfo.1.1_3.1 * ignition-debuginfo-2.19.0-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:40:03 -0000 Subject: SUSE-SU-2026:21114-1: important: Security update for the Linux Kernel Message-ID: <177644400346.6118.5629246011258348749@2ec35c3f4c39> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21114-1 Release Date: 2026-04-13T18:28:29Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256645 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258524 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71066 * CVE-2025-71125 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves 61 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: Reinit dev->spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * rename Hyper-v patch files to simplify further SP6-SP7 merges * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-340=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * kernel-source-6.4.0-41.1 * kernel-macros-6.4.0-41.1 * kernel-devel-6.4.0-41.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-41.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-41.1 * kernel-default-debugsource-6.4.0-41.1 * kernel-default-devel-6.4.0-41.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-41.1.21.18 * SUSE Linux Micro 6.1 (ppc64le x86_64) * kernel-default-devel-debuginfo-6.4.0-41.1 * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-default-livepatch-6.4.0-41.1 * SUSE Linux Micro 6.1 (nosrc x86_64) * kernel-kvmsmall-6.4.0-41.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-kvmsmall-debuginfo-6.4.0-41.1 * kernel-kvmsmall-debugsource-6.4.0-41.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256645 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:40:18 -0000 Subject: SUSE-SU-2026:21113-1: moderate: Security update for NetworkManager Message-ID: <177644401832.6118.7541917510207943996@2ec35c3f4c39> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:21113-1 Release Date: 2026-04-10T12:32:35Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issues: * CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-480=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * NetworkManager-pppoe-debuginfo-1.42.6-slfo.1.1_4.1 * NetworkManager-cloud-setup-debuginfo-1.42.6-slfo.1.1_4.1 * NetworkManager-wwan-1.42.6-slfo.1.1_4.1 * NetworkManager-cloud-setup-1.42.6-slfo.1.1_4.1 * NetworkManager-debugsource-1.42.6-slfo.1.1_4.1 * NetworkManager-wwan-debuginfo-1.42.6-slfo.1.1_4.1 * NetworkManager-tui-1.42.6-slfo.1.1_4.1 * NetworkManager-pppoe-1.42.6-slfo.1.1_4.1 * NetworkManager-debuginfo-1.42.6-slfo.1.1_4.1 * libnm0-debuginfo-1.42.6-slfo.1.1_4.1 * libnm0-1.42.6-slfo.1.1_4.1 * NetworkManager-bluetooth-1.42.6-slfo.1.1_4.1 * NetworkManager-tui-debuginfo-1.42.6-slfo.1.1_4.1 * NetworkManager-bluetooth-debuginfo-1.42.6-slfo.1.1_4.1 * typelib-1_0-NM-1_0-1.42.6-slfo.1.1_4.1 * NetworkManager-1.42.6-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:40:40 -0000 Subject: SUSE-SU-2026:1433-1: important: Security update for libcap Message-ID: <177644404009.6118.17691395602835520495@2ec35c3f4c39> # Security update for libcap Announcement ID: SUSE-SU-2026:1433-1 Release Date: 2026-04-17T10:13:17Z Rating: important References: * bsc#1261809 Cross-References: * CVE-2026-4878 CVSS scores: * CVE-2026-4878 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4878 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4878 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issue: * CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1433=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1433=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.26-14.12.1 * libcap2-debuginfo-2.26-14.12.1 * libcap-progs-debuginfo-2.26-14.12.1 * libcap-devel-2.26-14.12.1 * libcap-progs-2.26-14.12.1 * libcap2-2.26-14.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64_ilp32) * libcap2-debuginfo-64bit-2.26-14.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libcap2-debuginfo-32bit-2.26-14.12.1 * libcap2-32bit-2.26-14.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libcap-debugsource-2.26-14.12.1 * libcap2-debuginfo-32bit-2.26-14.12.1 * libcap2-debuginfo-2.26-14.12.1 * libcap-progs-debuginfo-2.26-14.12.1 * libcap-devel-2.26-14.12.1 * libcap-progs-2.26-14.12.1 * libcap2-2.26-14.12.1 * libcap2-32bit-2.26-14.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4878.html * https://bugzilla.suse.com/show_bug.cgi?id=1261809 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:40:43 -0000 Subject: SUSE-SU-2026:1432-1: important: Security update for libcap Message-ID: <177644404353.6118.1278627453583121090@2ec35c3f4c39> # Security update for libcap Announcement ID: SUSE-SU-2026:1432-1 Release Date: 2026-04-17T10:13:04Z Rating: important References: * bsc#1261809 Cross-References: * CVE-2026-4878 CVSS scores: * CVE-2026-4878 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4878 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4878 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issue: * CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1432=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1432=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1432=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1432=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1432=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1432=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1432=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1432=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1432=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1432=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1432=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1432=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1432=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1432=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1432=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1432=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1432=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libpsx2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * libpsx2-32bit-debuginfo-2.63-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcap2-64bit-2.63-150400.3.6.1 * libcap2-64bit-debuginfo-2.63-150400.3.6.1 * libpsx2-64bit-debuginfo-2.63-150400.3.6.1 * libpsx2-64bit-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * Basesystem Module 15-SP7 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4878.html * https://bugzilla.suse.com/show_bug.cgi?id=1261809 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:40:46 -0000 Subject: SUSE-SU-2026:1431-1: important: Security update for gdk-pixbuf Message-ID: <177644404665.6118.14373531835347089385@2ec35c3f4c39> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:1431-1 Release Date: 2026-04-17T10:07:57Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1431=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1431=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.18.1 * libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.18.1 * gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.18.1 * gdk-pixbuf-query-loaders-2.40.0-150200.3.18.1 * gdk-pixbuf-debugsource-2.40.0-150200.3.18.1 * libgdk_pixbuf-2_0-0-2.40.0-150200.3.18.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.18.1 * libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.18.1 * gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.18.1 * gdk-pixbuf-query-loaders-2.40.0-150200.3.18.1 * gdk-pixbuf-debugsource-2.40.0-150200.3.18.1 * libgdk_pixbuf-2_0-0-2.40.0-150200.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:40:49 -0000 Subject: SUSE-SU-2026:1430-1: important: Security update for gdk-pixbuf Message-ID: <177644404932.6118.11039645989552984490@2ec35c3f4c39> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:1430-1 Release Date: 2026-04-17T10:06:50Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1430=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1430=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-query-loaders-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.26.1 * gdk-pixbuf-debugsource-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.26.1 * gdk-pixbuf-devel-debuginfo-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-2.34.0-19.26.1 * typelib-1_0-GdkPixbuf-2_0-2.34.0-19.26.1 * gdk-pixbuf-devel-2.34.0-19.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * gdk-pixbuf-lang-2.34.0-19.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-32bit-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-32bit-2.34.0-19.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * gdk-pixbuf-query-loaders-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-32bit-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.26.1 * gdk-pixbuf-debugsource-2.34.0-19.26.1 * gdk-pixbuf-devel-debuginfo-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-32bit-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.26.1 * typelib-1_0-GdkPixbuf-2_0-2.34.0-19.26.1 * gdk-pixbuf-devel-2.34.0-19.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * gdk-pixbuf-lang-2.34.0-19.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:40:52 -0000 Subject: SUSE-SU-2026:1429-1: moderate: Security update for openssl-3 Message-ID: <177644405223.6118.6686115224336338567@2ec35c3f4c39> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1429-1 Release Date: 2026-04-17T10:03:32Z Rating: moderate References: * bsc#1261678 Cross-References: * CVE-2026-28390 CVSS scores: * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issue: * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1429=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1429=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1429=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1429=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1429=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1429=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1429=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1429=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1429=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 * openSUSE Leap 15.4 (x86_64) * libopenssl3-32bit-debuginfo-3.0.8-150400.4.84.1 * libopenssl-3-devel-32bit-3.0.8-150400.4.84.1 * libopenssl3-32bit-3.0.8-150400.4.84.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.84.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150400.4.84.1 * libopenssl-3-devel-64bit-3.0.8-150400.4.84.1 * libopenssl3-64bit-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28390.html * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:55 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:40:55 -0000 Subject: SUSE-SU-2026:1428-1: important: Security update for bind Message-ID: <177644405512.6118.6786433667889324256@2ec35c3f4c39> # Security update for bind Announcement ID: SUSE-SU-2026:1428-1 Release Date: 2026-04-17T10:00:58Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1428=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1428=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1428=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1428=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1428=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * openSUSE Leap 15.4 (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:40:58 -0000 Subject: SUSE-SU-2026:1427-1: moderate: Security update for NetworkManager Message-ID: <177644405842.6118.6879470707542253976@2ec35c3f4c39> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:1427-1 Release Date: 2026-04-17T09:58:43Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issue: * CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1427=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1427=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * NetworkManager-debuginfo-1.38.6-150500.3.5.1 * libnm0-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-bluetooth-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-debugsource-1.38.6-150500.3.5.1 * NetworkManager-wwan-1.38.6-150500.3.5.1 * NetworkManager-bluetooth-1.38.6-150500.3.5.1 * NetworkManager-cloud-setup-1.38.6-150500.3.5.1 * NetworkManager-devel-1.38.6-150500.3.5.1 * NetworkManager-pppoe-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-pppoe-1.38.6-150500.3.5.1 * NetworkManager-tui-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-cloud-setup-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-1.38.6-150500.3.5.1 * NetworkManager-tui-1.38.6-150500.3.5.1 * NetworkManager-wwan-debuginfo-1.38.6-150500.3.5.1 * typelib-1_0-NM-1_0-1.38.6-150500.3.5.1 * NetworkManager-ovs-debuginfo-1.38.6-150500.3.5.1 * libnm0-1.38.6-150500.3.5.1 * NetworkManager-ovs-1.38.6-150500.3.5.1 * openSUSE Leap 15.5 (noarch) * NetworkManager-lang-1.38.6-150500.3.5.1 * NetworkManager-branding-upstream-1.38.6-150500.3.5.1 * openSUSE Leap 15.5 (x86_64) * NetworkManager-devel-32bit-1.38.6-150500.3.5.1 * libnm0-32bit-debuginfo-1.38.6-150500.3.5.1 * libnm0-32bit-1.38.6-150500.3.5.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libnm0-64bit-1.38.6-150500.3.5.1 * libnm0-64bit-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-devel-64bit-1.38.6-150500.3.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * NetworkManager-debuginfo-1.38.6-150500.3.5.1 * libnm0-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-bluetooth-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-debugsource-1.38.6-150500.3.5.1 * NetworkManager-wwan-1.38.6-150500.3.5.1 * NetworkManager-bluetooth-1.38.6-150500.3.5.1 * NetworkManager-cloud-setup-1.38.6-150500.3.5.1 * NetworkManager-pppoe-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-pppoe-1.38.6-150500.3.5.1 * NetworkManager-tui-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-cloud-setup-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-1.38.6-150500.3.5.1 * NetworkManager-tui-1.38.6-150500.3.5.1 * NetworkManager-wwan-debuginfo-1.38.6-150500.3.5.1 * typelib-1_0-NM-1_0-1.38.6-150500.3.5.1 * libnm0-1.38.6-150500.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:41:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:41:11 -0000 Subject: SUSE-SU-2026:1425-1: moderate: Security update for polkit Message-ID: <177644407182.6118.14748942946492166791@2ec35c3f4c39> # Security update for polkit Announcement ID: SUSE-SU-2026:1425-1 Release Date: 2026-04-17T08:03:20Z Rating: moderate References: * bsc#1260859 Cross-References: * CVE-2026-4897 CVSS scores: * CVE-2026-4897 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for polkit fixes the following issue: * CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1425=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * polkit-debugsource-0.113-5.35.1 * typelib-1_0-Polkit-1_0-0.113-5.35.1 * polkit-devel-debuginfo-0.113-5.35.1 * polkit-debuginfo-0.113-5.35.1 * libpolkit0-0.113-5.35.1 * libpolkit0-debuginfo-0.113-5.35.1 * polkit-0.113-5.35.1 * polkit-devel-0.113-5.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4897.html * https://bugzilla.suse.com/show_bug.cgi?id=1260859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:41:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:41:27 -0000 Subject: SUSE-SU-2026:1424-1: moderate: Security update for polkit Message-ID: <177644408719.6118.17953988528317570244@2ec35c3f4c39> # Security update for polkit Announcement ID: SUSE-SU-2026:1424-1 Release Date: 2026-04-17T08:03:11Z Rating: moderate References: * bsc#1260859 Cross-References: * CVE-2026-4897 CVSS scores: * CVE-2026-4897 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for polkit fixes the following issue: * CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1424=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1424=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1424=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1424=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libpolkit-agent-1-0-debuginfo-121-150500.3.11.1 * polkit-121-150500.3.11.1 * libpolkit-gobject-1-0-debuginfo-121-150500.3.11.1 * polkit-debuginfo-121-150500.3.11.1 * polkit-debugsource-121-150500.3.11.1 * libpolkit-agent-1-0-121-150500.3.11.1 * libpolkit-gobject-1-0-121-150500.3.11.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpolkit-agent-1-0-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-debuginfo-121-150500.3.11.1 * polkit-121-150500.3.11.1 * polkit-devel-121-150500.3.11.1 * polkit-debuginfo-121-150500.3.11.1 * typelib-1_0-Polkit-1_0-121-150500.3.11.1 * pkexec-121-150500.3.11.1 * pkexec-debuginfo-121-150500.3.11.1 * polkit-debugsource-121-150500.3.11.1 * polkit-devel-debuginfo-121-150500.3.11.1 * libpolkit-agent-1-0-121-150500.3.11.1 * libpolkit-gobject-1-0-121-150500.3.11.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libpolkit-agent-1-0-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-debuginfo-121-150500.3.11.1 * polkit-121-150500.3.11.1 * polkit-devel-121-150500.3.11.1 * polkit-debuginfo-121-150500.3.11.1 * typelib-1_0-Polkit-1_0-121-150500.3.11.1 * pkexec-121-150500.3.11.1 * pkexec-debuginfo-121-150500.3.11.1 * polkit-debugsource-121-150500.3.11.1 * polkit-devel-debuginfo-121-150500.3.11.1 * libpolkit-agent-1-0-121-150500.3.11.1 * libpolkit-gobject-1-0-121-150500.3.11.1 * openSUSE Leap 15.5 (x86_64) * libpolkit-agent-1-0-32bit-121-150500.3.11.1 * libpolkit-agent-1-0-32bit-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-32bit-121-150500.3.11.1 * libpolkit-gobject-1-0-32bit-debuginfo-121-150500.3.11.1 * openSUSE Leap 15.5 (noarch) * polkit-doc-121-150500.3.11.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libpolkit-gobject-1-0-64bit-121-150500.3.11.1 * libpolkit-agent-1-0-64bit-121-150500.3.11.1 * libpolkit-gobject-1-0-64bit-debuginfo-121-150500.3.11.1 * libpolkit-agent-1-0-64bit-debuginfo-121-150500.3.11.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libpolkit-agent-1-0-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-debuginfo-121-150500.3.11.1 * polkit-121-150500.3.11.1 * polkit-devel-121-150500.3.11.1 * polkit-debuginfo-121-150500.3.11.1 * typelib-1_0-Polkit-1_0-121-150500.3.11.1 * pkexec-121-150500.3.11.1 * pkexec-debuginfo-121-150500.3.11.1 * polkit-debugsource-121-150500.3.11.1 * polkit-devel-debuginfo-121-150500.3.11.1 * libpolkit-agent-1-0-121-150500.3.11.1 * libpolkit-gobject-1-0-121-150500.3.11.1 * openSUSE Leap 15.6 (x86_64) * libpolkit-agent-1-0-32bit-121-150500.3.11.1 * libpolkit-agent-1-0-32bit-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-32bit-121-150500.3.11.1 * libpolkit-gobject-1-0-32bit-debuginfo-121-150500.3.11.1 * openSUSE Leap 15.6 (noarch) * polkit-doc-121-150500.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4897.html * https://bugzilla.suse.com/show_bug.cgi?id=1260859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:41:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 16:41:40 -0000 Subject: SUSE-SU-2026:1423-1: important: Security update for podman Message-ID: <177644410092.6118.3399797194764166023@2ec35c3f4c39> # Security update for podman Announcement ID: SUSE-SU-2026:1423-1 Release Date: 2026-04-17T07:58:24Z Rating: important References: Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 An update that can now be installed. ## Description: This update for podman rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1423=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2026-1423=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1423=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1423=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-4.9.5-150300.9.71.1 * podman-remote-debuginfo-4.9.5-150300.9.71.1 * podman-4.9.5-150300.9.71.1 * podman-debuginfo-4.9.5-150300.9.71.1 * podmansh-4.9.5-150300.9.71.1 * openSUSE Leap 15.3 (noarch) * podman-docker-4.9.5-150300.9.71.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * podman-4.9.5-150300.9.71.1 * podman-debuginfo-4.9.5-150300.9.71.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.71.1 * podman-4.9.5-150300.9.71.1 * podman-debuginfo-4.9.5-150300.9.71.1 * podman-remote-debuginfo-4.9.5-150300.9.71.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.71.1 * podman-4.9.5-150300.9.71.1 * podman-debuginfo-4.9.5-150300.9.71.1 * podman-remote-debuginfo-4.9.5-150300.9.71.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:30:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 20:30:19 -0000 Subject: SUSE-SU-2026:1443-1: moderate: Security update for NetworkManager Message-ID: <177645781971.7345.18272902314345065184@5d6d53449fb2> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:1443-1 Release Date: 2026-04-17T14:40:59Z Rating: moderate References: * bsc#1225498 * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for NetworkManager fixes the following issue: Security fixes: * CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). Other fixes: * Don't renew DHCP lease when software devices' MAC is empty (bsc#1225498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1443=1 openSUSE-SLE-15.6-2026-1443=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1443=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1443=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1443=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * NetworkManager-wwan-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-debugsource-1.44.2-150600.3.7.1 * NetworkManager-ovs-1.44.2-150600.3.7.1 * NetworkManager-ovs-debuginfo-1.44.2-150600.3.7.1 * libnm0-1.44.2-150600.3.7.1 * libnm0-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-tui-debuginfo-1.44.2-150600.3.7.1 * typelib-1_0-NM-1_0-1.44.2-150600.3.7.1 * NetworkManager-cloud-setup-1.44.2-150600.3.7.1 * NetworkManager-wwan-1.44.2-150600.3.7.1 * NetworkManager-1.44.2-150600.3.7.1 * NetworkManager-bluetooth-1.44.2-150600.3.7.1 * NetworkManager-cloud-setup-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-pppoe-1.44.2-150600.3.7.1 * NetworkManager-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-tui-1.44.2-150600.3.7.1 * NetworkManager-bluetooth-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-devel-1.44.2-150600.3.7.1 * NetworkManager-pppoe-debuginfo-1.44.2-150600.3.7.1 * openSUSE Leap 15.6 (noarch) * NetworkManager-lang-1.44.2-150600.3.7.1 * NetworkManager-branding-upstream-1.44.2-150600.3.7.1 * openSUSE Leap 15.6 (x86_64) * NetworkManager-devel-32bit-1.44.2-150600.3.7.1 * libnm0-32bit-debuginfo-1.44.2-150600.3.7.1 * libnm0-32bit-1.44.2-150600.3.7.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libnm0-64bit-1.44.2-150600.3.7.1 * NetworkManager-devel-64bit-1.44.2-150600.3.7.1 * libnm0-64bit-debuginfo-1.44.2-150600.3.7.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * NetworkManager-debugsource-1.44.2-150600.3.7.1 * libnm0-1.44.2-150600.3.7.1 * libnm0-debuginfo-1.44.2-150600.3.7.1 * typelib-1_0-NM-1_0-1.44.2-150600.3.7.1 * NetworkManager-debuginfo-1.44.2-150600.3.7.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * NetworkManager-wwan-1.44.2-150600.3.7.1 * NetworkManager-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-debugsource-1.44.2-150600.3.7.1 * NetworkManager-1.44.2-150600.3.7.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * NetworkManager-wwan-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-debugsource-1.44.2-150600.3.7.1 * NetworkManager-tui-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-cloud-setup-1.44.2-150600.3.7.1 * NetworkManager-wwan-1.44.2-150600.3.7.1 * NetworkManager-pppoe-1.44.2-150600.3.7.1 * NetworkManager-bluetooth-1.44.2-150600.3.7.1 * NetworkManager-cloud-setup-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-tui-1.44.2-150600.3.7.1 * NetworkManager-bluetooth-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-devel-1.44.2-150600.3.7.1 * NetworkManager-pppoe-debuginfo-1.44.2-150600.3.7.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * NetworkManager-lang-1.44.2-150600.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1225498 * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 20:30:24 -0000 Subject: SUSE-SU-2026:1442-1: moderate: Security update for avahi Message-ID: <177645782464.7345.12669041349043579983@5d6d53449fb2> # Security update for avahi Announcement ID: SUSE-SU-2026:1442-1 Release Date: 2026-04-17T14:19:07Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issue: * CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1442=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libavahi-common3-32bit-0.6.32-32.39.1 * avahi-utils-0.6.32-32.39.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.39.1 * avahi-0.6.32-32.39.1 * avahi-debugsource-0.6.32-32.39.1 * avahi-compat-mDNSResponder-devel-0.6.32-32.39.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.39.1 * avahi-compat-howl-devel-0.6.32-32.39.1 * libavahi-client3-0.6.32-32.39.1 * libavahi-common3-0.6.32-32.39.1 * libdns_sd-debuginfo-0.6.32-32.39.1 * libavahi-common3-debuginfo-0.6.32-32.39.1 * libavahi-core7-0.6.32-32.39.1 * libdns_sd-debuginfo-32bit-0.6.32-32.39.1 * avahi-debuginfo-0.6.32-32.39.1 * avahi-debuginfo-32bit-0.6.32-32.39.1 * libavahi-devel-0.6.32-32.39.1 * libavahi-client3-debuginfo-0.6.32-32.39.1 * libavahi-core7-debuginfo-0.6.32-32.39.1 * libdns_sd-0.6.32-32.39.1 * libdns_sd-32bit-0.6.32-32.39.1 * avahi-utils-debuginfo-0.6.32-32.39.1 * libavahi-client3-32bit-0.6.32-32.39.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * avahi-lang-0.6.32-32.39.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:30:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 20:30:32 -0000 Subject: SUSE-SU-2026:1441-1: moderate: Security update for avahi Message-ID: <177645783267.7345.18335871831422788235@5d6d53449fb2> # Security update for avahi Announcement ID: SUSE-SU-2026:1441-1 Release Date: 2026-04-17T14:18:38Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issue: * CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1441=1 openSUSE-SLE-15.6-2026-1441=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1441=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1441=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1441=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libavahi-glib-devel-0.8-150600.15.15.1 * avahi-qt5-debugsource-0.8-150600.15.15.1 * libavahi-common3-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-debuginfo-0.8-150600.15.15.1 * python3-avahi-gtk-0.8-150600.15.15.1 * avahi-0.8-150600.15.15.1 * libdns_sd-0.8-150600.15.15.1 * avahi-utils-debuginfo-0.8-150600.15.15.1 * libavahi-qt5-1-0.8-150600.15.15.1 * libavahi-libevent1-debuginfo-0.8-150600.15.15.1 * avahi-utils-gtk-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * libavahi-gobject0-0.8-150600.15.15.1 * avahi-compat-howl-devel-0.8-150600.15.15.1 * libhowl0-0.8-150600.15.15.1 * avahi-autoipd-0.8-150600.15.15.1 * python3-avahi-0.8-150600.15.15.1 * libavahi-libevent1-0.8-150600.15.15.1 * libavahi-qt5-1-debuginfo-0.8-150600.15.15.1 * libavahi-qt5-devel-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-0.8-150600.15.15.1 * libavahi-common3-0.8-150600.15.15.1 * typelib-1_0-Avahi-0_6-0.8-150600.15.15.1 * libavahi-client3-0.8-150600.15.15.1 * avahi-utils-gtk-debuginfo-0.8-150600.15.15.1 * avahi-utils-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.15.1 * avahi-autoipd-debuginfo-0.8-150600.15.15.1 * libdns_sd-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-0.8-150600.15.15.1 * libavahi-gobject0-debuginfo-0.8-150600.15.15.1 * avahi-compat-mDNSResponder-devel-0.8-150600.15.15.1 * libavahi-core7-0.8-150600.15.15.1 * avahi-glib2-debugsource-0.8-150600.15.15.1 * libavahi-core7-debuginfo-0.8-150600.15.15.1 * libavahi-client3-debuginfo-0.8-150600.15.15.1 * libavahi-devel-0.8-150600.15.15.1 * libavahi-gobject-devel-0.8-150600.15.15.1 * libhowl0-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * openSUSE Leap 15.6 (x86_64) * libavahi-glib1-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-0.8-150600.15.15.1 * avahi-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-0.8-150600.15.15.1 * libdns_sd-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-32bit-0.8-150600.15.15.1 * libdns_sd-32bit-0.8-150600.15.15.1 * openSUSE Leap 15.6 (noarch) * avahi-lang-0.8-150600.15.15.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libavahi-glib1-64bit-0.8-150600.15.15.1 * avahi-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-64bit-0.8-150600.15.15.1 * libdns_sd-64bit-0.8-150600.15.15.1 * libdns_sd-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-64bit-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libavahi-glib-devel-0.8-150600.15.15.1 * libavahi-common3-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-debuginfo-0.8-150600.15.15.1 * avahi-0.8-150600.15.15.1 * libdns_sd-0.8-150600.15.15.1 * avahi-utils-debuginfo-0.8-150600.15.15.1 * libavahi-libevent1-debuginfo-0.8-150600.15.15.1 * libavahi-gobject0-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * avahi-compat-howl-devel-0.8-150600.15.15.1 * libhowl0-0.8-150600.15.15.1 * libavahi-libevent1-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-0.8-150600.15.15.1 * libavahi-common3-0.8-150600.15.15.1 * typelib-1_0-Avahi-0_6-0.8-150600.15.15.1 * libavahi-client3-0.8-150600.15.15.1 * avahi-utils-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.15.1 * libdns_sd-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-0.8-150600.15.15.1 * libavahi-gobject0-debuginfo-0.8-150600.15.15.1 * avahi-compat-mDNSResponder-devel-0.8-150600.15.15.1 * libavahi-core7-0.8-150600.15.15.1 * avahi-glib2-debugsource-0.8-150600.15.15.1 * libavahi-core7-debuginfo-0.8-150600.15.15.1 * libavahi-client3-debuginfo-0.8-150600.15.15.1 * libavahi-devel-0.8-150600.15.15.1 * libhowl0-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (noarch) * avahi-lang-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (x86_64) * libavahi-common3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-0.8-150600.15.15.1 * avahi-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-0.8-150600.15.15.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * avahi-glib2-debugsource-0.8-150600.15.15.1 * avahi-autoipd-0.8-150600.15.15.1 * libavahi-gobject-devel-0.8-150600.15.15.1 * avahi-utils-gtk-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * avahi-autoipd-debuginfo-0.8-150600.15.15.1 * avahi-utils-gtk-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150600.15.15.1 * python3-avahi-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:30:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 20:30:56 -0000 Subject: SUSE-SU-2026:1440-1: moderate: Security update for openvswitch3 Message-ID: <177645785695.7345.10312648426160013813@5d6d53449fb2> # Security update for openvswitch3 Announcement ID: SUSE-SU-2026:1440-1 Release Date: 2026-04-17T13:44:11Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch3 fixes the following issues: * CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler (bsc#1261273). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1440=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1440=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openvswitch3-pki-3.1.7-150500.3.28.1 * ovn3-host-debuginfo-23.03.3-150500.3.28.1 * openvswitch3-vtep-debuginfo-3.1.7-150500.3.28.1 * ovn3-devel-23.03.3-150500.3.28.1 * openvswitch3-test-debuginfo-3.1.7-150500.3.28.1 * openvswitch3-ipsec-3.1.7-150500.3.28.1 * ovn3-23.03.3-150500.3.28.1 * python3-ovs3-3.1.7-150500.3.28.1 * openvswitch3-debuginfo-3.1.7-150500.3.28.1 * ovn3-central-debuginfo-23.03.3-150500.3.28.1 * openvswitch3-test-3.1.7-150500.3.28.1 * ovn3-central-23.03.3-150500.3.28.1 * openvswitch3-3.1.7-150500.3.28.1 * openvswitch3-debugsource-3.1.7-150500.3.28.1 * libovn-23_03-0-debuginfo-23.03.3-150500.3.28.1 * ovn3-vtep-23.03.3-150500.3.28.1 * ovn3-vtep-debuginfo-23.03.3-150500.3.28.1 * libopenvswitch-3_1-0-3.1.7-150500.3.28.1 * openvswitch3-devel-3.1.7-150500.3.28.1 * openvswitch3-vtep-3.1.7-150500.3.28.1 * ovn3-docker-23.03.3-150500.3.28.1 * libovn-23_03-0-23.03.3-150500.3.28.1 * libopenvswitch-3_1-0-debuginfo-3.1.7-150500.3.28.1 * ovn3-host-23.03.3-150500.3.28.1 * ovn3-debuginfo-23.03.3-150500.3.28.1 * openSUSE Leap 15.5 (noarch) * ovn3-doc-23.03.3-150500.3.28.1 * openvswitch3-doc-3.1.7-150500.3.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * openvswitch3-debuginfo-3.1.7-150500.3.28.1 * ovn3-central-debuginfo-23.03.3-150500.3.28.1 * openvswitch3-pki-3.1.7-150500.3.28.1 * libopenvswitch-3_1-0-3.1.7-150500.3.28.1 * ovn3-debuginfo-23.03.3-150500.3.28.1 * ovn3-docker-23.03.3-150500.3.28.1 * libovn-23_03-0-23.03.3-150500.3.28.1 * ovn3-vtep-23.03.3-150500.3.28.1 * python3-ovs3-3.1.7-150500.3.28.1 * ovn3-host-debuginfo-23.03.3-150500.3.28.1 * libopenvswitch-3_1-0-debuginfo-3.1.7-150500.3.28.1 * ovn3-central-23.03.3-150500.3.28.1 * ovn3-host-23.03.3-150500.3.28.1 * openvswitch3-vtep-debuginfo-3.1.7-150500.3.28.1 * openvswitch3-3.1.7-150500.3.28.1 * openvswitch3-debugsource-3.1.7-150500.3.28.1 * libovn-23_03-0-debuginfo-23.03.3-150500.3.28.1 * openvswitch3-vtep-3.1.7-150500.3.28.1 * ovn3-vtep-debuginfo-23.03.3-150500.3.28.1 * ovn3-23.03.3-150500.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:31:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 20:31:00 -0000 Subject: SUSE-SU-2026:1439-1: moderate: Security update for openvswitch Message-ID: <177645786068.7345.8451230694522311340@5d6d53449fb2> # Security update for openvswitch Announcement ID: SUSE-SU-2026:1439-1 Release Date: 2026-04-17T13:43:32Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issue: Security updates: * CVE-2026-34956: Invalid memory access in conntrack FTP alg (bsc#1261273). Other updates: * Update openvswitch to 3.5.4 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1439=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1439=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-openvswitch-3.5.4-150700.41.15.1 * openvswitch-debuginfo-3.5.4-150700.41.15.1 * openvswitch-debugsource-3.5.4-150700.41.15.1 * python3-openvswitch-debuginfo-3.5.4-150700.41.15.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenvswitch-3_5-0-debuginfo-3.5.4-150700.41.15.1 * openvswitch-vtep-debuginfo-3.5.4-150700.41.15.1 * openvswitch-vtep-3.5.4-150700.41.15.1 * libovn-25_03-0-25.03.2-150700.41.15.1 * ovn-central-25.03.2-150700.41.15.1 * openvswitch-ipsec-3.5.4-150700.41.15.1 * ovn-host-debuginfo-25.03.2-150700.41.15.1 * libovn-25_03-0-debuginfo-25.03.2-150700.41.15.1 * ovn-central-debuginfo-25.03.2-150700.41.15.1 * ovn-vtep-25.03.2-150700.41.15.1 * openvswitch-test-debuginfo-3.5.4-150700.41.15.1 * python3-openvswitch-3.5.4-150700.41.15.1 * ovn-25.03.2-150700.41.15.1 * openvswitch-devel-3.5.4-150700.41.15.1 * libopenvswitch-3_5-0-3.5.4-150700.41.15.1 * openvswitch-3.5.4-150700.41.15.1 * python3-openvswitch-debuginfo-3.5.4-150700.41.15.1 * ovn-debuginfo-25.03.2-150700.41.15.1 * openvswitch-debuginfo-3.5.4-150700.41.15.1 * openvswitch-debugsource-3.5.4-150700.41.15.1 * ovn-docker-25.03.2-150700.41.15.1 * openvswitch-pki-3.5.4-150700.41.15.1 * ovn-vtep-debuginfo-25.03.2-150700.41.15.1 * ovn-devel-25.03.2-150700.41.15.1 * openvswitch-test-3.5.4-150700.41.15.1 * ovn-host-25.03.2-150700.41.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:31:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 20:31:06 -0000 Subject: SUSE-SU-2026:1438-1: important: Security update for libraw Message-ID: <177645786601.7345.17765723188093722981@5d6d53449fb2> # Security update for libraw Announcement ID: SUSE-SU-2026:1438-1 Release Date: 2026-04-17T13:39:26Z Rating: important References: * bsc#1261673 * bsc#1261674 * bsc#1261676 Cross-References: * CVE-2026-20911 * CVE-2026-21413 * CVE-2026-24660 CVSS scores: * CVE-2026-20911 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20911 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20911 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-21413 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-24660 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2026-20911: heap-based buffer overflow in `HuffTable::initval`(bsc#1261673). * CVE-2026-21413: heap-based buffer overflow in `lossless_jpeg_load_raw` (bsc#1261674). * CVE-2026-24660: heap-based buffer overflow in `x3f_load_huffman` (bsc#1261676). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1438=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libraw16-debuginfo-0.18.9-150000.3.33.1 * libraw-debugsource-0.18.9-150000.3.33.1 * libraw-debuginfo-0.18.9-150000.3.33.1 * libraw16-0.18.9-150000.3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20911.html * https://www.suse.com/security/cve/CVE-2026-21413.html * https://www.suse.com/security/cve/CVE-2026-24660.html * https://bugzilla.suse.com/show_bug.cgi?id=1261673 * https://bugzilla.suse.com/show_bug.cgi?id=1261674 * https://bugzilla.suse.com/show_bug.cgi?id=1261676 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:31:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 17 Apr 2026 20:31:11 -0000 Subject: SUSE-SU-2026:1436-1: moderate: Security update for python-ecdsa Message-ID: <177645787139.7345.9151973254444368445@5d6d53449fb2> # Security update for python-ecdsa Announcement ID: SUSE-SU-2026:1436-1 Release Date: 2026-04-17T12:51:37Z Rating: moderate References: * bsc#1261009 Cross-References: * CVE-2026-33936 CVSS scores: * CVE-2026-33936 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33936 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33936 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-ecdsa fixes the following issues: * CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions (bsc#1261009). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1436=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1436=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1436=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-ecdsa-0.18.0-150400.12.6.1 * openSUSE Leap 15.6 (noarch) * python311-ecdsa-0.18.0-150400.12.6.1 * Python 3 Module 15-SP7 (noarch) * python311-ecdsa-0.18.0-150400.12.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33936.html * https://bugzilla.suse.com/show_bug.cgi?id=1261009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 08:30:07 -0000 Subject: SUSE-SU-2026:1458-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667380775.8401.14776630041128747019@5d6d53449fb2> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1458-1 Release Date: 2026-04-19T19:34:11Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1458=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1457=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_0-debugsource-14-150700.3.39.1 * kernel-livepatch-6_4_0-150700_51-default-debuginfo-14-150700.3.39.1 * kernel-livepatch-6_4_0-150700_51-default-14-150700.3.39.1 * kernel-livepatch-6_4_0-150700_53_19-default-6-150700.2.1 * kernel-livepatch-6_4_0-150700_53_19-default-debuginfo-6-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_5-debugsource-6-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 08:30:12 -0000 Subject: SUSE-SU-2026:1456-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667381218.8401.2729109245464519345@5d6d53449fb2> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1456-1 Release Date: 2026-04-19T15:34:16Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.6 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1456=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_6-default-debuginfo-13-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_2-debugsource-13-150700.2.1 * kernel-livepatch-6_4_0-150700_53_6-default-13-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 08:30:18 -0000 Subject: SUSE-SU-2026:21136-1: important: Security update for vim Message-ID: <177667381892.8401.935492449607439765@5d6d53449fb2> # Security update for vim Announcement ID: SUSE-SU-2026:21136-1 Release Date: 2026-04-15T08:17:29Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-563=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * vim-9.2.0280-160000.1.1 * vim-debugsource-9.2.0280-160000.1.1 * xxd-9.2.0280-160000.1.1 * vim-debuginfo-9.2.0280-160000.1.1 * xxd-debuginfo-9.2.0280-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 08:30:29 -0000 Subject: SUSE-SU-2026:21134-1: important: Security update for vim Message-ID: <177667382992.8401.296683008165268632@5d6d53449fb2> # Security update for vim Announcement ID: SUSE-SU-2026:21134-1 Release Date: 2026-04-15T08:15:55Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-563=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * vim-data-common-9.2.0280-160000.1.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0280-160000.1.1 * vim-small-debuginfo-9.2.0280-160000.1.1 * vim-small-9.2.0280-160000.1.1 * vim-debuginfo-9.2.0280-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 08:30:33 -0000 Subject: SUSE-SU-2026:1454-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667383399.8401.1804204455933404301@5d6d53449fb2> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1454-1 Release Date: 2026-04-18T05:35:00Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.28 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1454=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1455=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_28-rt-debuginfo-4-150700.2.1 * kernel-livepatch-6_4_0-150700_7_28-rt-4-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-4-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-4-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_8-debugsource-4-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 08:30:38 -0000 Subject: SUSE-SU-2026:1447-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667383844.8401.11968486386149170345@5d6d53449fb2> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1447-1 Release Date: 2026-04-18T05:34:54Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.22 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1453=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1447=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1448=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1449=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1450=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1451=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1452=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-6-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-13-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-14-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-6-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-13-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-5-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-14-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-13-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-9-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-14-150700.3.1 * kernel-livepatch-6_4_0-150700_7_13-rt-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-6-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-9-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 08:30:41 -0000 Subject: SUSE-SU-2026:1444-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667384148.8401.7256625711033358434@5d6d53449fb2> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1444-1 Release Date: 2026-04-17T18:34:25Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.31 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1444=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_9-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-debuginfo-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 12:30:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 12:30:10 -0000 Subject: SUSE-SU-2026:1463-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Message-ID: <177668821038.7097.11835671269849993778@4d3cf67d624c> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1463-1 Release Date: 2026-04-20T06:34:20Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1463=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1463=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.2 * kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.2 * kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 12:30:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 12:30:15 -0000 Subject: SUSE-SU-2026:1464-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5) Message-ID: <177668821548.7097.13192959747635600501@4d3cf67d624c> # Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1464-1 Release Date: 2026-04-20T07:34:17Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1459=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1460=1 SUSE-SLE-Module-Live- Patching-15-SP5-2026-1462=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1460=1 SUSE-2026-1462=1 SUSE-2026-1459=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1464=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1464=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_35-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-4-150500.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_35-debugsource-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-4-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-15-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-15-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 12:30:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 12:30:19 -0000 Subject: SUSE-SU-2026:1461-1: low: Security update for jetty-minimal Message-ID: <177668821949.7097.16357321234238860388@4d3cf67d624c> # Security update for jetty-minimal Announcement ID: SUSE-SU-2026:1461-1 Release Date: 2026-04-20T05:47:00Z Rating: low References: * bsc#1259242 Cross-References: * CVE-2025-11143 CVSS scores: * CVE-2025-11143 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-11143 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-11143 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-11143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for jetty-minimal fixes the following issues: * CVE-2025-11143: Fixed different parsing of invalid URIs (bsc#1259242). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1461=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1461=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1461=1 ## Package List: * openSUSE Leap 15.6 (noarch) * jetty-jsp-9.4.58-150200.3.37.1 * jetty-javax-websocket-client-impl-9.4.58-150200.3.37.1 * jetty-minimal-javadoc-9.4.58-150200.3.37.1 * jetty-start-9.4.58-150200.3.37.1 * jetty-security-9.4.58-150200.3.37.1 * jetty-webapp-9.4.58-150200.3.37.1 * jetty-websocket-common-9.4.58-150200.3.37.1 * jetty-deploy-9.4.58-150200.3.37.1 * jetty-server-9.4.58-150200.3.37.1 * jetty-plus-9.4.58-150200.3.37.1 * jetty-jmx-9.4.58-150200.3.37.1 * jetty-util-9.4.58-150200.3.37.1 * jetty-cdi-9.4.58-150200.3.37.1 * jetty-http-spi-9.4.58-150200.3.37.1 * jetty-project-9.4.58-150200.3.37.1 * jetty-websocket-servlet-9.4.58-150200.3.37.1 * jetty-annotations-9.4.58-150200.3.37.1 * jetty-io-9.4.58-150200.3.37.1 * jetty-continuation-9.4.58-150200.3.37.1 * jetty-javax-websocket-server-impl-9.4.58-150200.3.37.1 * jetty-jaas-9.4.58-150200.3.37.1 * jetty-jndi-9.4.58-150200.3.37.1 * jetty-websocket-server-9.4.58-150200.3.37.1 * jetty-servlet-9.4.58-150200.3.37.1 * jetty-proxy-9.4.58-150200.3.37.1 * jetty-websocket-client-9.4.58-150200.3.37.1 * jetty-xml-9.4.58-150200.3.37.1 * jetty-ant-9.4.58-150200.3.37.1 * jetty-rewrite-9.4.58-150200.3.37.1 * jetty-servlets-9.4.58-150200.3.37.1 * jetty-util-ajax-9.4.58-150200.3.37.1 * jetty-openid-9.4.58-150200.3.37.1 * jetty-http-9.4.58-150200.3.37.1 * jetty-websocket-api-9.4.58-150200.3.37.1 * jetty-websocket-javadoc-9.4.58-150200.3.37.1 * jetty-fcgi-9.4.58-150200.3.37.1 * jetty-quickstart-9.4.58-150200.3.37.1 * jetty-client-9.4.58-150200.3.37.1 * Development Tools Module 15-SP7 (noarch) * jetty-util-9.4.58-150200.3.37.1 * jetty-util-ajax-9.4.58-150200.3.37.1 * jetty-http-9.4.58-150200.3.37.1 * jetty-servlet-9.4.58-150200.3.37.1 * jetty-security-9.4.58-150200.3.37.1 * jetty-server-9.4.58-150200.3.37.1 * jetty-io-9.4.58-150200.3.37.1 * SUSE Package Hub 15 15-SP7 (noarch) * jetty-continuation-9.4.58-150200.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11143.html * https://bugzilla.suse.com/show_bug.cgi?id=1259242 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 16:30:04 -0000 Subject: SUSE-SU-2026:1469-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177670260455.8795.10894176442803282325@5d6d53449fb2> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1469-1 Release Date: 2026-04-20T08:34:33Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.31 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1466=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1470=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1469=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_25-default-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_28-default-debuginfo-4-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_9-debugsource-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_7-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_31-default-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_28-default-4-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_8-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_31-default-debuginfo-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 16:30:11 -0000 Subject: SUSE-SU-2026:1468-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Message-ID: <177670261119.8795.5786529917607397819@5d6d53449fb2> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1468-1 Release Date: 2026-04-20T08:34:18Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1468=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1465=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_16-default-9-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_6-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_22-default-debuginfo-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_16-default-debuginfo-9-150700.2.1 * kernel-livepatch-6_4_0-150700_53_22-default-4-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_4-debugsource-9-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 16:30:15 -0000 Subject: SUSE-SU-2026:1483-1: moderate: Security update for helm Message-ID: <177670261550.8795.11229215085124412226@5d6d53449fb2> # Security update for helm Announcement ID: SUSE-SU-2026:1483-1 Release Date: 2026-04-20T10:29:47Z Rating: moderate References: * bsc#1248093 * bsc#1261938 Cross-References: * CVE-2025-55199 * CVE-2026-35206 CVSS scores: * CVE-2025-55199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55199 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-35206 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-35206 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for helm fixes the following issues: * CVE-2025-55199: crafted JSON Schema can lead to out of memory (OOM) termination (bsc#1248093). * CVE-2026-35206: files written to unexpected directory via specially crafted Chart(bsc#1261938). Changes for helm: * Update to version 3.20.2 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1483=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1483=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1483=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * helm-debuginfo-3.20.2-150000.1.71.2 * helm-3.20.2-150000.1.71.2 * SUSE Linux Enterprise Micro 5.5 (noarch) * helm-bash-completion-3.20.2-150000.1.71.2 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * helm-debuginfo-3.20.2-150000.1.71.2 * helm-3.20.2-150000.1.71.2 * Containers Module 15-SP7 (noarch) * helm-bash-completion-3.20.2-150000.1.71.2 * helm-zsh-completion-3.20.2-150000.1.71.2 * SUSE Package Hub 15 15-SP7 (noarch) * helm-fish-completion-3.20.2-150000.1.71.2 ## References: * https://www.suse.com/security/cve/CVE-2025-55199.html * https://www.suse.com/security/cve/CVE-2026-35206.html * https://bugzilla.suse.com/show_bug.cgi?id=1248093 * https://bugzilla.suse.com/show_bug.cgi?id=1261938 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 16:30:18 -0000 Subject: SUSE-SU-2026:1482-1: moderate: Security update for openvswitch Message-ID: <177670261832.8795.9814143329312482577@5d6d53449fb2> # Security update for openvswitch Announcement ID: SUSE-SU-2026:1482-1 Release Date: 2026-04-20T10:10:04Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler (bsc#1261273). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1482=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libopenvswitch-2_11-0-2.11.5-3.30.1 * openvswitch-debuginfo-2.11.5-3.30.1 * openvswitch-debugsource-2.11.5-3.30.1 * openvswitch-2.11.5-3.30.1 * libopenvswitch-2_11-0-debuginfo-2.11.5-3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 16:30:21 -0000 Subject: SUSE-SU-2026:1481-1: important: Security update for gegl Message-ID: <177670262180.8795.17251311228438425592@5d6d53449fb2> # Security update for gegl Announcement ID: SUSE-SU-2026:1481-1 Release Date: 2026-04-20T10:09:56Z Rating: important References: * bsc#1259749 Cross-References: * CVE-2026-2049 CVSS scores: * CVE-2026-2049 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2049 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gegl fixes the following issue: * CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow (bsc#1259749). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1481=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1481=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1481=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gegl-debuginfo-0.4.46-150600.4.8.2 * gegl-0_4-0.4.46-150600.4.8.2 * gegl-debugsource-0.4.46-150600.4.8.2 * gegl-0_4-debuginfo-0.4.46-150600.4.8.2 * libgegl-0_4-0-0.4.46-150600.4.8.2 * libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2 * typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2 * gegl-devel-0.4.46-150600.4.8.2 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gegl-0_4-lang-0.4.46-150600.4.8.2 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * gegl-debuginfo-0.4.46-150600.4.8.2 * gegl-0_4-0.4.46-150600.4.8.2 * gegl-debugsource-0.4.46-150600.4.8.2 * gegl-0_4-debuginfo-0.4.46-150600.4.8.2 * gegl-doc-0.4.46-150600.4.8.2 * libgegl-0_4-0-0.4.46-150600.4.8.2 * libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2 * typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2 * gegl-devel-0.4.46-150600.4.8.2 * gegl-0.4.46-150600.4.8.2 * openSUSE Leap 15.6 (noarch) * gegl-0_4-lang-0.4.46-150600.4.8.2 * openSUSE Leap 15.6 (x86_64) * libgegl-0_4-0-32bit-debuginfo-0.4.46-150600.4.8.2 * libgegl-0_4-0-32bit-0.4.46-150600.4.8.2 * openSUSE Leap 15.6 (aarch64_ilp32) * libgegl-0_4-0-64bit-debuginfo-0.4.46-150600.4.8.2 * libgegl-0_4-0-64bit-0.4.46-150600.4.8.2 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * gegl-debuginfo-0.4.46-150600.4.8.2 * gegl-0_4-0.4.46-150600.4.8.2 * gegl-debugsource-0.4.46-150600.4.8.2 * gegl-0_4-debuginfo-0.4.46-150600.4.8.2 * gegl-doc-0.4.46-150600.4.8.2 * libgegl-0_4-0-0.4.46-150600.4.8.2 * libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2 * typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2 * gegl-devel-0.4.46-150600.4.8.2 * gegl-0.4.46-150600.4.8.2 * SUSE Package Hub 15 15-SP7 (noarch) * gegl-0_4-lang-0.4.46-150600.4.8.2 ## References: * https://www.suse.com/security/cve/CVE-2026-2049.html * https://bugzilla.suse.com/show_bug.cgi?id=1259749 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 16:30:23 -0000 Subject: SUSE-SU-2026:1480-1: important: Security update for buildah Message-ID: <177670262325.8795.2758274521158647767@5d6d53449fb2> # Security update for buildah Announcement ID: SUSE-SU-2026:1480-1 Release Date: 2026-04-20T10:09:40Z Rating: important References: Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that can now be installed. ## Description: This update for buildah rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1480=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1480=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1480=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1480=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1480=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.35.5-150400.3.61.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * buildah-1.35.5-150400.3.61.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * buildah-1.35.5-150400.3.61.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150400.3.61.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * buildah-1.35.5-150400.3.61.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 16:30:26 -0000 Subject: SUSE-SU-2026:1479-1: important: Security update for gegl Message-ID: <177670262640.8795.4257758332941576899@5d6d53449fb2> # Security update for gegl Announcement ID: SUSE-SU-2026:1479-1 Release Date: 2026-04-20T10:09:18Z Rating: important References: * bsc#1259749 Cross-References: * CVE-2026-2049 CVSS scores: * CVE-2026-2049 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2049 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gegl fixes the following issue: * CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow (bsc#1259749). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1479=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1479=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * gegl-devel-0.2.0-15.14.2 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gegl-devel-0.2.0-15.14.2 ## References: * https://www.suse.com/security/cve/CVE-2026-2049.html * https://bugzilla.suse.com/show_bug.cgi?id=1259749 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 16:30:39 -0000 Subject: SUSE-SU-2026:1478-1: important: Security update for nodejs22 Message-ID: <177670263930.8795.8044068214244803827@5d6d53449fb2> # Security update for nodejs22 Announcement ID: SUSE-SU-2026:1478-1 Release Date: 2026-04-20T10:09:08Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs22 fixes the following issues: Update to version 22.22.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1478=1 ## Package List: * Web and Scripting Module 15-SP7 (aarch64 ppc64le s390x x86_64) * nodejs22-devel-22.22.2-150700.3.9.1 * nodejs22-debuginfo-22.22.2-150700.3.9.1 * nodejs22-debugsource-22.22.2-150700.3.9.1 * nodejs22-22.22.2-150700.3.9.1 * npm22-22.22.2-150700.3.9.1 * Web and Scripting Module 15-SP7 (noarch) * nodejs22-docs-22.22.2-150700.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 16:30:47 -0000 Subject: SUSE-SU-2026:1477-1: low: Security update for opensc Message-ID: <177670264734.8795.2721005885465159891@5d6d53449fb2> # Security update for opensc Announcement ID: SUSE-SU-2026:1477-1 Release Date: 2026-04-20T10:08:55Z Rating: low References: * bsc#1261214 * bsc#1261218 * bsc#1261219 * bsc#1261220 Cross-References: * CVE-2025-49010 * CVE-2025-66037 * CVE-2025-66038 * CVE-2025-66215 CVSS scores: * CVE-2025-49010 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-49010 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66037 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66037 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66037 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66037 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66038 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66215 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66215 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in `GET RESPONSE` (bsc#1261214). * CVE-2025-66037: specially crafted input processed by the `fuzz_pkcs15_reader` harness can lead to an out-of-bounds heap read in the X.509/SPKI handling path (bsc#1261218). * CVE-2025-66038: improper compact-TLV length validation can lead to the dereferecing of out-of-bounds pointers and memory corruption (bsc#1261219). * CVE-2025-66215: specially crafted smart card or USB device can lead to a stack buffer overflow write in `card-oberthur` (bsc#1261220). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1477=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1477=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * opensc-debugsource-0.19.0-150100.3.34.1 * opensc-debuginfo-0.19.0-150100.3.34.1 * opensc-0.19.0-150100.3.34.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * opensc-debugsource-0.19.0-150100.3.34.1 * opensc-debuginfo-0.19.0-150100.3.34.1 * opensc-0.19.0-150100.3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49010.html * https://www.suse.com/security/cve/CVE-2025-66037.html * https://www.suse.com/security/cve/CVE-2025-66038.html * https://www.suse.com/security/cve/CVE-2025-66215.html * https://bugzilla.suse.com/show_bug.cgi?id=1261214 * https://bugzilla.suse.com/show_bug.cgi?id=1261218 * https://bugzilla.suse.com/show_bug.cgi?id=1261219 * https://bugzilla.suse.com/show_bug.cgi?id=1261220 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 20:30:01 -0000 Subject: SUSE-SU-2026:1492-1: important: Security update for docker Message-ID: <177671700178.7325.10932285990558971691@5a8be24cc32b> # Security update for docker Announcement ID: SUSE-SU-2026:1492-1 Release Date: 2026-04-20T15:57:20Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * Containers Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for docker rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1492=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1492=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1492=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1492=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1492=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1492=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1492=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1492=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1492=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1492=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1492=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1492=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1492=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1492=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1492=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1492=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1492=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1492=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1492=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * docker-zsh-completion-28.5.1_ce-150000.245.2 * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * docker-zsh-completion-28.5.1_ce-150000.245.2 * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * Containers Module 15-SP7 (noarch) * docker-zsh-completion-28.5.1_ce-150000.245.2 * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 20:30:03 -0000 Subject: SUSE-SU-2026:1491-1: important: Security update for buildah Message-ID: <177671700320.7325.37243186255843841@5a8be24cc32b> # Security update for buildah Announcement ID: SUSE-SU-2026:1491-1 Release Date: 2026-04-20T15:55:20Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for buildah rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1491=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1491=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1491=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1491=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1491=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1491=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1491=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1491=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.35.5-150500.3.55.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * buildah-1.35.5-150500.3.55.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 20:30:04 -0000 Subject: SUSE-SU-2026:1490-1: important: Security update for kubernetes Message-ID: <177671700468.7325.3410256238975328984@5a8be24cc32b> # Security update for kubernetes Announcement ID: SUSE-SU-2026:1490-1 Release Date: 2026-04-20T15:54:48Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for kubernetes rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1490=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1490=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * kubernetes1.35-client-common-1.35.0-150600.13.29.1 * kubernetes1.35-client-1.35.0-150600.13.29.1 * openSUSE Leap 15.6 (noarch) * kubernetes1.35-client-bash-completion-1.35.0-150600.13.29.1 * kubernetes1.35-client-fish-completion-1.35.0-150600.13.29.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kubernetes1.35-client-common-1.35.0-150600.13.29.1 * kubernetes1.35-client-1.35.0-150600.13.29.1 * Containers Module 15-SP7 (noarch) * kubernetes1.35-client-bash-completion-1.35.0-150600.13.29.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 20:30:06 -0000 Subject: SUSE-SU-2026:1489-1: important: Security update for kubernetes-old Message-ID: <177671700681.7325.3478964990124838823@5a8be24cc32b> # Security update for kubernetes-old Announcement ID: SUSE-SU-2026:1489-1 Release Date: 2026-04-20T15:54:39Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for kubernetes-old rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1489=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1489=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * kubernetes1.33-client-1.33.7-150600.13.27.1 * kubernetes1.33-client-common-1.33.7-150600.13.27.1 * openSUSE Leap 15.6 (noarch) * kubernetes1.33-client-bash-completion-1.33.7-150600.13.27.1 * kubernetes1.33-client-fish-completion-1.33.7-150600.13.27.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kubernetes1.33-client-1.33.7-150600.13.27.1 * kubernetes1.33-client-common-1.33.7-150600.13.27.1 * Containers Module 15-SP7 (noarch) * kubernetes1.33-client-bash-completion-1.33.7-150600.13.27.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 20:30:08 -0000 Subject: SUSE-SU-2026:1488-1: important: Security update for rekor Message-ID: <177671700847.7325.6781372319448077953@5a8be24cc32b> # Security update for rekor Announcement ID: SUSE-SU-2026:1488-1 Release Date: 2026-04-20T15:54:29Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for rekor rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1488=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1488=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1488=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1488=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1488=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1488=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1488=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1488=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1488=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1488=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1488=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1488=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 20:30:10 -0000 Subject: SUSE-SU-2026:1487-1: important: Security update for runc Message-ID: <177671701098.7325.4746496260175989084@5a8be24cc32b> # Security update for runc Announcement ID: SUSE-SU-2026:1487-1 Release Date: 2026-04-20T15:53:00Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for runc rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1487=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1487=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1487=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1487=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1487=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1487=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1487=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1487=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1487=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1487=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1487=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1487=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1487=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1487=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1487=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1487=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2026-1487=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1487=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1487=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 20:30:12 -0000 Subject: SUSE-SU-2026:1486-1: important: Security update for cosign Message-ID: <177671701241.7325.14236222885258662163@5a8be24cc32b> # Security update for cosign Announcement ID: SUSE-SU-2026:1486-1 Release Date: 2026-04-20T15:51:24Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for cosign rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1486=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1486=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1486=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1486=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1486=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1486=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1486=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1486=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1486=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1486=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1486=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1486=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-3.0.5-150400.3.39.1 * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * cosign-debuginfo-3.0.5-150400.3.39.1 * cosign-3.0.5-150400.3.39.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cosign-debuginfo-3.0.5-150400.3.39.1 * cosign-3.0.5-150400.3.39.1 * openSUSE Leap 15.4 (noarch) * cosign-bash-completion-3.0.5-150400.3.39.1 * cosign-zsh-completion-3.0.5-150400.3.39.1 * cosign-fish-completion-3.0.5-150400.3.39.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-3.0.5-150400.3.39.1 * cosign-3.0.5-150400.3.39.1 * Basesystem Module 15-SP7 (noarch) * cosign-bash-completion-3.0.5-150400.3.39.1 * cosign-zsh-completion-3.0.5-150400.3.39.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * cosign-3.0.5-150400.3.39.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 20 Apr 2026 20:30:18 -0000 Subject: SUSE-SU-2026:1484-1: important: Security update for container-suseconnect Message-ID: <177671701849.7325.1757348282895894532@5a8be24cc32b> # Security update for container-suseconnect Announcement ID: SUSE-SU-2026:1484-1 Release Date: 2026-04-20T13:35:38Z Rating: important References: Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for container-suseconnect rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1484=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1484=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1484=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1484=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1484=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1484=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1484=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1484=1 ## Package List: * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * container-suseconnect-2.5.6-150000.4.84.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:30:08 -0000 Subject: SUSE-SU-2026:1504-1: moderate: Security update for GraphicsMagick Message-ID: <177676020812.7466.10926132786952092320@4d3cf67d624c> # Security update for GraphicsMagick Announcement ID: SUSE-SU-2026:1504-1 Release Date: 2026-04-20T16:18:42Z Rating: moderate References: * bsc#1260874 Cross-References: * CVE-2026-33535 CVSS scores: * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for GraphicsMagick fixes the following issue: * CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1504=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1504=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * GraphicsMagick-1.3.42-150600.3.21.1 * libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.21.1 * libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.21.1 * perl-GraphicsMagick-1.3.42-150600.3.21.1 * libGraphicsMagick-Q16-3-1.3.42-150600.3.21.1 * libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.21.1 * libGraphicsMagick++-devel-1.3.42-150600.3.21.1 * libGraphicsMagick3-config-1.3.42-150600.3.21.1 * libGraphicsMagickWand-Q16-2-1.3.42-150600.3.21.1 * libGraphicsMagick++-Q16-12-1.3.42-150600.3.21.1 * GraphicsMagick-devel-1.3.42-150600.3.21.1 * GraphicsMagick-debuginfo-1.3.42-150600.3.21.1 * GraphicsMagick-debugsource-1.3.42-150600.3.21.1 * perl-GraphicsMagick-debuginfo-1.3.42-150600.3.21.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * GraphicsMagick-1.3.42-150600.3.21.1 * libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.21.1 * libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.21.1 * perl-GraphicsMagick-1.3.42-150600.3.21.1 * libGraphicsMagick-Q16-3-1.3.42-150600.3.21.1 * libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.21.1 * libGraphicsMagick++-devel-1.3.42-150600.3.21.1 * libGraphicsMagick3-config-1.3.42-150600.3.21.1 * libGraphicsMagickWand-Q16-2-1.3.42-150600.3.21.1 * libGraphicsMagick++-Q16-12-1.3.42-150600.3.21.1 * GraphicsMagick-devel-1.3.42-150600.3.21.1 * GraphicsMagick-debuginfo-1.3.42-150600.3.21.1 * GraphicsMagick-debugsource-1.3.42-150600.3.21.1 * perl-GraphicsMagick-debuginfo-1.3.42-150600.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33535.html * https://bugzilla.suse.com/show_bug.cgi?id=1260874 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:30:11 -0000 Subject: SUSE-SU-2026:1503-1: moderate: Security update for python Message-ID: <177676021144.7466.7953006926478593365@4d3cf67d624c> # Security update for python Announcement ID: SUSE-SU-2026:1503-1 Release Date: 2026-04-20T16:17:55Z Rating: moderate References: * bsc#1261970 Cross-References: * CVE-2026-3446 CVSS scores: * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python fixes the following issue: * CVE-2026-3446: Base64 decoding stops at first padded quad by default (bsc#1261970). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1503=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python-base-debuginfo-2.7.18-150000.117.1 * python-gdbm-2.7.18-150000.117.1 * python-debugsource-2.7.18-150000.117.1 * python-base-2.7.18-150000.117.1 * python-xml-debuginfo-2.7.18-150000.117.1 * libpython2_7-1_0-2.7.18-150000.117.1 * python-debuginfo-2.7.18-150000.117.1 * python-curses-debuginfo-2.7.18-150000.117.1 * python-curses-2.7.18-150000.117.1 * python-gdbm-debuginfo-2.7.18-150000.117.1 * python-2.7.18-150000.117.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.117.1 * python-base-debugsource-2.7.18-150000.117.1 * python-xml-2.7.18-150000.117.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1261970 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:30:17 -0000 Subject: SUSE-SU-2026:1502-1: moderate: Security update for python312 Message-ID: <177676021753.7466.13892198802299539127@4d3cf67d624c> # Security update for python312 Announcement ID: SUSE-SU-2026:1502-1 Release Date: 2026-04-20T16:17:01Z Rating: moderate References: * bsc#1258364 * bsc#1261970 Cross-References: * CVE-2026-3446 CVSS scores: * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2026-3446: Base64 decoding stops at first padded quad by default (bsc#1261970). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1502=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-3.12.13-150600.3.56.1 * python312-debuginfo-3.12.13-150600.3.56.1 * python312-base-3.12.13-150600.3.56.1 * python312-core-debugsource-3.12.13-150600.3.56.1 * python312-doc-devhelp-3.12.13-150600.3.56.1 * python312-testsuite-3.12.13-150600.3.56.1 * python312-tk-3.12.13-150600.3.56.1 * python312-dbm-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.56.1 * python312-tools-3.12.13-150600.3.56.1 * python312-devel-3.12.13-150600.3.56.1 * python312-base-debuginfo-3.12.13-150600.3.56.1 * python312-tk-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-3.12.13-150600.3.56.1 * python312-debugsource-3.12.13-150600.3.56.1 * python312-dbm-3.12.13-150600.3.56.1 * python312-testsuite-debuginfo-3.12.13-150600.3.56.1 * python312-curses-3.12.13-150600.3.56.1 * python312-curses-debuginfo-3.12.13-150600.3.56.1 * python312-idle-3.12.13-150600.3.56.1 * python312-doc-3.12.13-150600.3.56.1 * openSUSE Leap 15.6 (x86_64) * libpython3_12-1_0-32bit-3.12.13-150600.3.56.1 * python312-32bit-debuginfo-3.12.13-150600.3.56.1 * python312-base-32bit-3.12.13-150600.3.56.1 * python312-32bit-3.12.13-150600.3.56.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.56.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-base-64bit-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-64bit-3.12.13-150600.3.56.1 * python312-64bit-3.12.13-150600.3.56.1 * python312-base-64bit-3.12.13-150600.3.56.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.56.1 * python312-64bit-debuginfo-3.12.13-150600.3.56.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1258364 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:30:27 -0000 Subject: SUSE-SU-2026:1501-1: important: Security update for glibc-livepatches Message-ID: <177676022717.7466.9908788774687539615@4d3cf67d624c> # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:1501-1 Release Date: 2026-04-20T16:16:50Z Rating: important References: * bsc#1261209 Cross-References: * CVE-2026-4046 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for glibc-livepatches fixes the following issue: * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1501=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le x86_64) * glibc-livepatches-debugsource-0.4-150700.10.7.1 * glibc-livepatches-0.4-150700.10.7.1 * glibc-livepatches-debuginfo-0.4-150700.10.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://bugzilla.suse.com/show_bug.cgi?id=1261209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:30:31 -0000 Subject: SUSE-SU-2026:1500-1: important: Security update for libpng15 Message-ID: <177676023172.7466.4614462322399031920@4d3cf67d624c> # Security update for libpng15 Announcement ID: SUSE-SU-2026:1500-1 Release Date: 2026-04-20T16:16:44Z Rating: important References: * bsc#1260754 * bsc#1261957 Cross-References: * CVE-2026-33416 * CVE-2026-34757 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng15 fixes the following issues: * CVE-2026-34757: use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` can lead to information disclosure and data corruption (bsc#1261957). * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1500=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1500=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng15-debugsource-1.5.22-10.10.1 * libpng15-15-debuginfo-1.5.22-10.10.1 * libpng15-15-1.5.22-10.10.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng15-debugsource-1.5.22-10.10.1 * libpng15-15-debuginfo-1.5.22-10.10.1 * libpng15-15-1.5.22-10.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1261957 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:30:34 -0000 Subject: SUSE-SU-2026:1499-1: moderate: Security update for ncurses Message-ID: <177676023478.7466.6054560928658189959@4d3cf67d624c> # Security update for ncurses Announcement ID: SUSE-SU-2026:1499-1 Release Date: 2026-04-20T16:16:27Z Rating: moderate References: * bsc#1259924 Cross-References: * CVE-2025-69720 CVSS scores: * CVE-2025-69720 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-69720 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2025-69720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-69720 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2025-69720 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ncurses fixes the following issue: * CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1499=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * ncurses-devel-5.9-91.1 * tack-debuginfo-5.9-91.1 * ncurses-devel-32bit-5.9-91.1 * ncurses-devel-debuginfo-32bit-5.9-91.1 * ncurses-utils-debuginfo-5.9-91.1 * ncurses-utils-5.9-91.1 * libncurses5-32bit-5.9-91.1 * libncurses5-5.9-91.1 * libncurses5-debuginfo-32bit-5.9-91.1 * terminfo-5.9-91.1 * tack-5.9-91.1 * terminfo-base-5.9-91.1 * libncurses6-debuginfo-32bit-5.9-91.1 * ncurses-debugsource-5.9-91.1 * libncurses6-debuginfo-5.9-91.1 * libncurses5-debuginfo-5.9-91.1 * ncurses-devel-debuginfo-5.9-91.1 * libncurses6-32bit-5.9-91.1 * libncurses6-5.9-91.1 ## References: * https://www.suse.com/security/cve/CVE-2025-69720.html * https://bugzilla.suse.com/show_bug.cgi?id=1259924 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:30:37 -0000 Subject: SUSE-SU-2026:1498-1: important: Security update for glibc-livepatches Message-ID: <177676023784.7466.10730104672420903367@4d3cf67d624c> # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:1498-1 Release Date: 2026-04-20T16:16:20Z Rating: important References: * bsc#1261209 Cross-References: * CVE-2026-4046 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for glibc-livepatches fixes the following issue: * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1498=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1498=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * glibc-livepatches-debugsource-0.4-150600.8.5.1 * glibc-livepatches-debuginfo-0.4-150600.8.5.1 * glibc-livepatches-0.4-150600.8.5.1 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * glibc-livepatches-0.4-150600.8.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://bugzilla.suse.com/show_bug.cgi?id=1261209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:31:11 -0000 Subject: SUSE-SU-2026:1497-1: important: Security update for ImageMagick Message-ID: <177676027170.7466.1967318363947981094@4d3cf67d624c> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1497-1 Release Date: 2026-04-20T16:15:55Z Rating: important References: * bsc#1258790 * bsc#1259446 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259464 * bsc#1259466 * bsc#1259467 * bsc#1259468 * bsc#1259528 * bsc#1259612 * bsc#1259872 * bsc#1260874 * bsc#1260879 * bsc#1262097 Cross-References: * CVE-2026-24484 * CVE-2026-28493 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30929 * CVE-2026-30936 * CVE-2026-30937 * CVE-2026-31853 * CVE-2026-32259 * CVE-2026-32636 * CVE-2026-33535 * CVE-2026-33536 * CVE-2026-33905 CVSS scores: * CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28493 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28493 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28493 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30929 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30929 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30929 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30929 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-30936 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32259 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32259 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32636 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-32636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32636 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32636 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33905 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-33905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 21 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). * CVE-2026-30936: heap buffer overflow in `WaveletDenoiseImage` (bsc#1259464). * CVE-2026-30937: heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). * CVE-2026-32259: memory allocation failure in the SIXEL encoder can lead to a stack out-of-bound write (bsc#1259612). * CVE-2026-32636: denial of service via out-of-bounds write in `NewXMLTree` method (bsc#1259872). * CVE-2026-33535: out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). * CVE-2026-33536: denial of Service via a stack out-of-bounds write in `InterpretImageFilename` (bsc#1260879). * CVE-2026-33905: denial of service via out-of-bounds read in `-sample` operation (bsc#1262097). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1497=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1497=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1497=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1497=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1497=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1497=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1497=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1497=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1497=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1497=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1497=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1497=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-extra-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * openSUSE Leap 15.4 (x86_64) * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.75.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.75.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.75.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-devel-64bit-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.75.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24484.html * https://www.suse.com/security/cve/CVE-2026-28493.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30929.html * https://www.suse.com/security/cve/CVE-2026-30936.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://www.suse.com/security/cve/CVE-2026-32259.html * https://www.suse.com/security/cve/CVE-2026-32636.html * https://www.suse.com/security/cve/CVE-2026-33535.html * https://www.suse.com/security/cve/CVE-2026-33536.html * https://www.suse.com/security/cve/CVE-2026-33905.html * https://bugzilla.suse.com/show_bug.cgi?id=1258790 * https://bugzilla.suse.com/show_bug.cgi?id=1259446 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259464 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259468 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 * https://bugzilla.suse.com/show_bug.cgi?id=1259612 * https://bugzilla.suse.com/show_bug.cgi?id=1259872 * https://bugzilla.suse.com/show_bug.cgi?id=1260874 * https://bugzilla.suse.com/show_bug.cgi?id=1260879 * https://bugzilla.suse.com/show_bug.cgi?id=1262097 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:31:15 -0000 Subject: SUSE-SU-2026:1496-1: important: Security update for gegl Message-ID: <177676027569.7466.4184246475716277814@4d3cf67d624c> # Security update for gegl Announcement ID: SUSE-SU-2026:1496-1 Release Date: 2026-04-20T16:14:44Z Rating: important References: * bsc#1259749 Cross-References: * CVE-2026-2049 CVSS scores: * CVE-2026-2049 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2049 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gegl fixes the following issues: * CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow (bsc#1259749). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1496=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libgegl-0_3-0-0.3.34-150000.3.9.1 * gegl-debuginfo-0.3.34-150000.3.9.1 * gegl-0_3-debuginfo-0.3.34-150000.3.9.1 * gegl-debugsource-0.3.34-150000.3.9.1 * gegl-0_3-0.3.34-150000.3.9.1 * libgegl-0_3-0-debuginfo-0.3.34-150000.3.9.1 * typelib-1_0-Gegl-0_3-0.3.34-150000.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2049.html * https://bugzilla.suse.com/show_bug.cgi?id=1259749 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:31:17 -0000 Subject: SUSE-SU-2026:1495-1: important: Security update for containerd Message-ID: <177676027726.7466.7379214316306323532@4d3cf67d624c> # Security update for containerd Announcement ID: SUSE-SU-2026:1495-1 Release Date: 2026-04-20T16:00:19Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * Containers Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for containerd rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1495=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1495=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1495=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1495=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1495=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1495=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1495=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1495=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1495=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1495=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1495=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1495=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1495=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1495=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1495=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1495=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:31:20 -0000 Subject: SUSE-SU-2026:1493-1: important: Security update for rootlesskit Message-ID: <177676028027.7466.9799962216016549933@4d3cf67d624c> # Security update for rootlesskit Announcement ID: SUSE-SU-2026:1493-1 Release Date: 2026-04-20T15:58:01Z Rating: important References: Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for rootlesskit rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1493=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1493=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1493=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1493=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1493=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1493=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1493=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1493=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 08:31:18 -0000 Subject: SUSE-SU-2026:1494-1: important: Security update for rootlesskit Message-ID: <177676027859.7466.2772334899283326805@4d3cf67d624c> # Security update for rootlesskit Announcement ID: SUSE-SU-2026:1494-1 Release Date: 2026-04-20T15:58:21Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for rootlesskit rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1494=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1494=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1494=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1494=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * rootlesskit-1.1.1-150600.3.2.2 * rootlesskit-debuginfo-1.1.1-150600.3.2.2 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rootlesskit-1.1.1-150600.3.2.2 * rootlesskit-debuginfo-1.1.1-150600.3.2.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * rootlesskit-1.1.1-150600.3.2.2 * rootlesskit-debuginfo-1.1.1-150600.3.2.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * rootlesskit-1.1.1-150600.3.2.2 * rootlesskit-debuginfo-1.1.1-150600.3.2.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:30:24 -0000 Subject: SUSE-SU-2026:21224-1: important: Security update for corosync Message-ID: <177677462494.7580.16610423172040899788@5a8be24cc32b> # Security update for corosync Announcement ID: SUSE-SU-2026:21224-1 Release Date: 2026-04-10T11:19:07Z Rating: important References: * bsc#1261299 * bsc#1261300 Cross-References: * CVE-2026-35091 * CVE-2026-35092 CVSS scores: * CVE-2026-35091 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35091 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35091 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35092 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35092 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for corosync fixes the following issues: * CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet (bsc#1261299). * CVE-2026-35092: Denial of Service via integer overflow in join message validation (bsc#1261300). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-521=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * corosync-devel-3.1.9-160000.3.1 * corosync-debugsource-3.1.9-160000.3.1 * corosync-libs-3.1.9-160000.3.1 * corosync-libs-debuginfo-3.1.9-160000.3.1 * corosync-3.1.9-160000.3.1 * corosync-debuginfo-3.1.9-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35091.html * https://www.suse.com/security/cve/CVE-2026-35092.html * https://bugzilla.suse.com/show_bug.cgi?id=1261299 * https://bugzilla.suse.com/show_bug.cgi?id=1261300 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:31:23 -0000 Subject: SUSE-SU-2026:21218-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177677468326.7580.534479166137326740@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21218-1 Release Date: 2026-04-13T02:13:48Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-532=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-532=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_5-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-debuginfo-2-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_5-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-debuginfo-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:31:36 -0000 Subject: SUSE-SU-2026:21217-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177677469693.7580.2034045227154960228@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21217-1 Release Date: 2026-04-11T07:40:52Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-530=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-530=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-debuginfo-9-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-9-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-9-160000.4.3 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_5-default-debuginfo-9-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-9-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-9-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:31:46 -0000 Subject: SUSE-SU-2026:21216-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177677470645.7580.18339206384376487169@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21216-1 Release Date: 2026-04-10T08:13:56Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-517=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-517=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_9-default-3-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-debuginfo-3-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_9-default-3-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-debuginfo-3-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:31:47 -0000 Subject: SUSE-SU-2026:21215-1: moderate: Security update for patterns-glibc-hwcaps Message-ID: <177677470772.7580.6772461829896044541@5a8be24cc32b> # Security update for patterns-glibc-hwcaps Announcement ID: SUSE-SU-2026:21215-1 Release Date: 2026-04-09T08:56:02Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that can now be installed. ## Description: This update for patterns-glibc-hwcaps fixes the following issues: The pattern is moved from PackageHub to regular SLES. It requires packages for the x86_64 v3 architecture and is automatically pulled in when this architecture is present. These packages are optimized for the x86_64 v3 architecture to increase performance. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-494=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-494=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (x86_64) * patterns-glibc-hwcaps-x86_64_v3-20230201-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * patterns-glibc-hwcaps-x86_64_v3-20230201-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:33:46 -0000 Subject: SUSE-SU-2026:21191-1: important: Security update for cockpit-subscriptions Message-ID: <177677482665.7580.481721000940969436@5a8be24cc32b> # Security update for cockpit-subscriptions Announcement ID: SUSE-SU-2026:21191-1 Release Date: 2026-04-14T12:10:22Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-subscriptions fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-555=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-555=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-subscriptions-12.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-subscriptions-12.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:32:03 -0000 Subject: SUSE-SU-2026:21212-1: important: Security update for freeipmi Message-ID: <177677472322.7580.9164270854958622306@5a8be24cc32b> # Security update for freeipmi Announcement ID: SUSE-SU-2026:21212-1 Release Date: 2026-04-17T08:18:30Z Rating: important References: * bsc#1260414 Cross-References: * CVE-2026-33554 CVSS scores: * CVE-2026-33554 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33554 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-33554 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for freeipmi fixes the following issue: * CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses (bsc#1260414). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-579=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-579=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libfreeipmi17-debuginfo-1.6.15-160000.3.1 * libipmidetect0-debuginfo-1.6.15-160000.3.1 * freeipmi-1.6.15-160000.3.1 * freeipmi-bmc-watchdog-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmidetectd-1.6.15-160000.3.1 * libipmidetect0-1.6.15-160000.3.1 * libfreeipmi17-1.6.15-160000.3.1 * freeipmi-ipmiseld-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmiseld-1.6.15-160000.3.1 * libipmimonitoring6-1.6.15-160000.3.1 * libipmiconsole2-1.6.15-160000.3.1 * freeipmi-bmc-watchdog-1.6.15-160000.3.1 * freeipmi-debuginfo-1.6.15-160000.3.1 * libipmiconsole2-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmidetectd-debuginfo-1.6.15-160000.3.1 * libipmimonitoring6-debuginfo-1.6.15-160000.3.1 * freeipmi-devel-1.6.15-160000.3.1 * freeipmi-debugsource-1.6.15-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libfreeipmi17-debuginfo-1.6.15-160000.3.1 * libipmidetect0-debuginfo-1.6.15-160000.3.1 * freeipmi-1.6.15-160000.3.1 * freeipmi-bmc-watchdog-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmidetectd-1.6.15-160000.3.1 * libipmidetect0-1.6.15-160000.3.1 * libfreeipmi17-1.6.15-160000.3.1 * freeipmi-ipmiseld-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmiseld-1.6.15-160000.3.1 * libipmimonitoring6-1.6.15-160000.3.1 * libipmiconsole2-1.6.15-160000.3.1 * freeipmi-bmc-watchdog-1.6.15-160000.3.1 * freeipmi-debuginfo-1.6.15-160000.3.1 * libipmiconsole2-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmidetectd-debuginfo-1.6.15-160000.3.1 * libipmimonitoring6-debuginfo-1.6.15-160000.3.1 * freeipmi-devel-1.6.15-160000.3.1 * freeipmi-debugsource-1.6.15-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33554.html * https://bugzilla.suse.com/show_bug.cgi?id=1260414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:32:36 -0000 Subject: SUSE-SU-2026:21208-1: important: Security update for dovecot24 Message-ID: <177677475601.7580.17909593734128896301@5a8be24cc32b> # Security update for dovecot24 Announcement ID: SUSE-SU-2026:21208-1 Release Date: 2026-04-16T13:10:27Z Rating: important References: * bsc#1260893 * bsc#1260894 * bsc#1260895 * bsc#1260896 * bsc#1260897 * bsc#1260898 * bsc#1260899 * bsc#1260900 * bsc#1260901 * bsc#1260902 Cross-References: * CVE-2025-59028 * CVE-2025-59031 * CVE-2025-59032 * CVE-2026-24031 * CVE-2026-27855 * CVE-2026-27856 * CVE-2026-27857 * CVE-2026-27858 * CVE-2026-27859 * CVE-2026-27860 CVSS scores: * CVE-2025-59028 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-59028 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-59031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59031 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-59031 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-59032 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59032 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59032 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-24031 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-24031 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2026-24031 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2026-27855 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-27855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-27855 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-27856 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-27856 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27856 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27857 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27857 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27857 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27858 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27858 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27858 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27859 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27859 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27859 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-27860 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for dovecot24 fixes the following issues: * Update to v2.4.3 * CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins (bsc#1260894). * CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing (bsc#1260895). * CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client (bsc#1260902). * CVE-2026-24031: SQL injection possible if auth_username_chars is configured empty. Fixed escaping to always happen. v2.4 regression (bsc#1260896). * CVE-2026-27855: OTP driver vulnerable to replay attack (bsc#1260900). * CVE-2026-27856: Doveadm credentials were not checked using timing-safe checking function (bsc#1260899). * CVE-2026-27857: sending excessive parenthesis causes imap-login to use excessive memory (bsc#1260898). * CVE-2026-27858: pigeonhole: managesieve-login can allocate large amount of memory during authentication (bsc#1260901). * CVE-2026-27859: excessive RFC 2231 MIME parameters in email would can excessive CPU usage (bsc#1260897). * CVE-2026-27860: LDAP query injection possible if auth_username_chars is configured empty. Fixed escaping to always happen. v2.4 regression (bsc#1260893). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-577=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-577=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * dovecot24-fts-solr-2.4.3-160000.1.1 * dovecot24-fts-solr-debuginfo-2.4.3-160000.1.1 * dovecot24-debugsource-2.4.3-160000.1.1 * dovecot24-backend-mysql-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-pgsql-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-sqlite-debuginfo-2.4.3-160000.1.1 * dovecot24-devel-2.4.3-160000.1.1 * dovecot24-fts-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-pgsql-2.4.3-160000.1.1 * dovecot24-debuginfo-2.4.3-160000.1.1 * dovecot24-fts-2.4.3-160000.1.1 * dovecot24-2.4.3-160000.1.1 * dovecot24-backend-mysql-2.4.3-160000.1.1 * dovecot24-backend-sqlite-2.4.3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * dovecot24-fts-solr-2.4.3-160000.1.1 * dovecot24-fts-solr-debuginfo-2.4.3-160000.1.1 * dovecot24-debugsource-2.4.3-160000.1.1 * dovecot24-backend-mysql-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-pgsql-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-sqlite-debuginfo-2.4.3-160000.1.1 * dovecot24-devel-2.4.3-160000.1.1 * dovecot24-fts-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-pgsql-2.4.3-160000.1.1 * dovecot24-debuginfo-2.4.3-160000.1.1 * dovecot24-fts-2.4.3-160000.1.1 * dovecot24-2.4.3-160000.1.1 * dovecot24-backend-mysql-2.4.3-160000.1.1 * dovecot24-backend-sqlite-2.4.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59028.html * https://www.suse.com/security/cve/CVE-2025-59031.html * https://www.suse.com/security/cve/CVE-2025-59032.html * https://www.suse.com/security/cve/CVE-2026-24031.html * https://www.suse.com/security/cve/CVE-2026-27855.html * https://www.suse.com/security/cve/CVE-2026-27856.html * https://www.suse.com/security/cve/CVE-2026-27857.html * https://www.suse.com/security/cve/CVE-2026-27858.html * https://www.suse.com/security/cve/CVE-2026-27859.html * https://www.suse.com/security/cve/CVE-2026-27860.html * https://bugzilla.suse.com/show_bug.cgi?id=1260893 * https://bugzilla.suse.com/show_bug.cgi?id=1260894 * https://bugzilla.suse.com/show_bug.cgi?id=1260895 * https://bugzilla.suse.com/show_bug.cgi?id=1260896 * https://bugzilla.suse.com/show_bug.cgi?id=1260897 * https://bugzilla.suse.com/show_bug.cgi?id=1260898 * https://bugzilla.suse.com/show_bug.cgi?id=1260899 * https://bugzilla.suse.com/show_bug.cgi?id=1260900 * https://bugzilla.suse.com/show_bug.cgi?id=1260901 * https://bugzilla.suse.com/show_bug.cgi?id=1260902 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:32:43 -0000 Subject: SUSE-SU-2026:21206-1: important: Security update for LibVNCServer Message-ID: <177677476311.7580.1460872027683153473@5a8be24cc32b> # Security update for LibVNCServer Announcement ID: SUSE-SU-2026:21206-1 Release Date: 2026-04-16T13:10:27Z Rating: important References: * bsc#1260429 * bsc#1260431 Cross-References: * CVE-2026-32853 * CVE-2026-32854 CVSS scores: * CVE-2026-32853 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32853 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-32853 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32853 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-32854 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32854 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32854 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for LibVNCServer fixes the following issues: * CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service (bsc#1260431). * CVE-2026-32854: crafted HTTP requests can cause a denial of service (bsc#1260429). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-575=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-575=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * LibVNCServer-debugsource-0.9.14-160000.4.1 * libvncclient1-0.9.14-160000.4.1 * libvncserver1-0.9.14-160000.4.1 * libvncclient1-debuginfo-0.9.14-160000.4.1 * libvncserver1-debuginfo-0.9.14-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * LibVNCServer-debugsource-0.9.14-160000.4.1 * libvncclient1-0.9.14-160000.4.1 * libvncserver1-0.9.14-160000.4.1 * libvncclient1-debuginfo-0.9.14-160000.4.1 * libvncserver1-debuginfo-0.9.14-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32853.html * https://www.suse.com/security/cve/CVE-2026-32854.html * https://bugzilla.suse.com/show_bug.cgi?id=1260429 * https://bugzilla.suse.com/show_bug.cgi?id=1260431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:32:54 -0000 Subject: SUSE-SU-2026:21204-1: important: Security update for bind Message-ID: <177677477478.7580.16821008180334616253@5a8be24cc32b> # Security update for bind Announcement ID: SUSE-SU-2026:21204-1 Release Date: 2026-04-16T10:12:49Z Rating: important References: * bsc#1259202 * bsc#1260567 * bsc#1260568 * bsc#1260569 * bsc#1260805 Cross-References: * CVE-2026-1519 * CVE-2026-3104 * CVE-2026-3119 * CVE-2026-3591 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3104 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3104 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3104 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3119 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3591 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3591 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3591 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for bind fixes the following issues: * Update to release 9.20.21 * CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805). * CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567). * CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly (bsc#1260568). * CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-573=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-573=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * bind-modules-ldap-9.20.21-160000.1.1 * bind-modules-sqlite3-9.20.21-160000.1.1 * bind-modules-sqlite3-debuginfo-9.20.21-160000.1.1 * bind-utils-debuginfo-9.20.21-160000.1.1 * bind-modules-generic-9.20.21-160000.1.1 * bind-modules-perl-9.20.21-160000.1.1 * bind-utils-9.20.21-160000.1.1 * bind-debuginfo-9.20.21-160000.1.1 * bind-debugsource-9.20.21-160000.1.1 * bind-modules-perl-debuginfo-9.20.21-160000.1.1 * bind-modules-generic-debuginfo-9.20.21-160000.1.1 * bind-modules-ldap-debuginfo-9.20.21-160000.1.1 * bind-modules-mysql-9.20.21-160000.1.1 * bind-9.20.21-160000.1.1 * bind-modules-mysql-debuginfo-9.20.21-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * bind-doc-9.20.21-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * bind-modules-ldap-9.20.21-160000.1.1 * bind-modules-sqlite3-9.20.21-160000.1.1 * bind-modules-sqlite3-debuginfo-9.20.21-160000.1.1 * bind-utils-debuginfo-9.20.21-160000.1.1 * bind-modules-generic-9.20.21-160000.1.1 * bind-modules-perl-9.20.21-160000.1.1 * bind-utils-9.20.21-160000.1.1 * bind-debuginfo-9.20.21-160000.1.1 * bind-debugsource-9.20.21-160000.1.1 * bind-modules-perl-debuginfo-9.20.21-160000.1.1 * bind-modules-generic-debuginfo-9.20.21-160000.1.1 * bind-modules-ldap-debuginfo-9.20.21-160000.1.1 * bind-modules-mysql-9.20.21-160000.1.1 * bind-9.20.21-160000.1.1 * bind-modules-mysql-debuginfo-9.20.21-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * bind-doc-9.20.21-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://www.suse.com/security/cve/CVE-2026-3104.html * https://www.suse.com/security/cve/CVE-2026-3119.html * https://www.suse.com/security/cve/CVE-2026-3591.html * https://bugzilla.suse.com/show_bug.cgi?id=1259202 * https://bugzilla.suse.com/show_bug.cgi?id=1260567 * https://bugzilla.suse.com/show_bug.cgi?id=1260568 * https://bugzilla.suse.com/show_bug.cgi?id=1260569 * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:32:59 -0000 Subject: SUSE-SU-2026:21203-1: important: Security update for strongswan Message-ID: <177677477912.7580.1273400457833958397@5a8be24cc32b> # Security update for strongswan Announcement ID: SUSE-SU-2026:21203-1 Release Date: 2026-04-16T09:06:50Z Rating: important References: * bsc#1257359 * bsc#1259472 Cross-References: * CVE-2025-9615 * CVE-2026-25075 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-25075 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25075 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25075 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25075 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for strongswan fixes the following issues: Update to strongswan 6.0.4: * CVE-2025-9615: NetworkManager File Access (bsc#1257359). * CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP (bsc#1259472). Changes for strongswan: * Fixed a vulnerability in the NetworkManager plugin that potentially allows using credentials of other local users. This vulnerability has been registered as CVE-2025-9615. * The maximum supported length for section names in swanctl.conf has been increased to the upper limit of 256 characters that's enforced by VICI. * Prevent a crash if a confused peer rekeys a Child SA twice before sending a delete. * Fixed a memory leak if a peer's self-signed certificate is untrusted. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-570=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-570=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * strongswan-sqlite-6.0.4-160000.1.1 * strongswan-fips-6.0.4-160000.1.1 * strongswan-6.0.4-160000.1.1 * strongswan-ipsec-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-6.0.4-160000.1.1 * strongswan-nm-6.0.4-160000.1.1 * strongswan-ipsec-6.0.4-160000.1.1 * strongswan-nm-debuginfo-6.0.4-160000.1.1 * strongswan-sqlite-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-debuginfo-6.0.4-160000.1.1 * strongswan-debugsource-6.0.4-160000.1.1 * strongswan-debuginfo-6.0.4-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * strongswan-doc-6.0.4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * strongswan-sqlite-6.0.4-160000.1.1 * strongswan-fips-6.0.4-160000.1.1 * strongswan-6.0.4-160000.1.1 * strongswan-ipsec-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-6.0.4-160000.1.1 * strongswan-nm-6.0.4-160000.1.1 * strongswan-ipsec-6.0.4-160000.1.1 * strongswan-nm-debuginfo-6.0.4-160000.1.1 * strongswan-sqlite-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-debuginfo-6.0.4-160000.1.1 * strongswan-debugsource-6.0.4-160000.1.1 * strongswan-debuginfo-6.0.4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * strongswan-doc-6.0.4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://www.suse.com/security/cve/CVE-2026-25075.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 * https://bugzilla.suse.com/show_bug.cgi?id=1259472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:33:23 -0000 Subject: SUSE-SU-2026:21197-1: important: Security update for vim Message-ID: <177677480371.7580.6564718609002616889@5a8be24cc32b> # Security update for vim Announcement ID: SUSE-SU-2026:21197-1 Release Date: 2026-04-15T08:17:27Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-563=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-563=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0280-160000.1.1 * xxd-debuginfo-9.2.0280-160000.1.1 * xxd-9.2.0280-160000.1.1 * vim-debuginfo-9.2.0280-160000.1.1 * vim-small-debuginfo-9.2.0280-160000.1.1 * gvim-9.2.0280-160000.1.1 * vim-small-9.2.0280-160000.1.1 * gvim-debuginfo-9.2.0280-160000.1.1 * vim-9.2.0280-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * vim-data-common-9.2.0280-160000.1.1 * vim-data-9.2.0280-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * vim-debugsource-9.2.0280-160000.1.1 * xxd-debuginfo-9.2.0280-160000.1.1 * xxd-9.2.0280-160000.1.1 * vim-debuginfo-9.2.0280-160000.1.1 * vim-small-debuginfo-9.2.0280-160000.1.1 * gvim-9.2.0280-160000.1.1 * vim-small-9.2.0280-160000.1.1 * gvim-debuginfo-9.2.0280-160000.1.1 * vim-9.2.0280-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * vim-data-common-9.2.0280-160000.1.1 * vim-data-9.2.0280-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:33:35 -0000 Subject: SUSE-SU-2026:21195-1: important: Security update for go1.26-openssl Message-ID: <177677481542.7580.851561166759342444@5a8be24cc32b> # Security update for go1.26-openssl Announcement ID: SUSE-SU-2026:21195-1 Release Date: 2026-04-14T15:36:24Z Rating: important References: * bsc#1255111 * bsc#1259264 * bsc#1259265 * bsc#1259266 * bsc#1259267 * bsc#1259268 * jsc#SLE-18320 Cross-References: * CVE-2026-25679 * CVE-2026-27137 * CVE-2026-27138 * CVE-2026-27139 * CVE-2026-27142 CVSS scores: * CVE-2026-25679 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25679 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25679 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27137 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27137 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-27137 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27138 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27138 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27138 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27139 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-27139 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27139 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27142 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27142 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-27142 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 (bsc#1255111, jsc#SLE-18320): * CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). * CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints (bsc#1259266). * CVE-2026-27138: crypto/x509: panic in name constraint checking for malformed certificates (bsc#1259267). * CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). * CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * Fix fips140only test in boring mode * Fix fips140 only test * Add GODEBUG=fips140=auto mode (#341) * go#77252 cmd/compile: miscompile of global array initialization * go#77407 os: Go 1.25.x regression on RemoveAll for windows * go#77474 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77529 cmd/fix, x/tools/go/analysis/passes/modernize: stringscut: OOB panic in indexArgValid analyzing "buf.Bytes()" call * go#77532 net/smtp: expiry date of localhostCert for testing is too short * go#77536 cmd/compile: internal compiler error: 'main.func1': not lowered: v15, Load STRUCT PTR SSA * go#77618 strings: HasSuffix doesn't work correctly for multibyte runes in go 1.26 * go#77623 cmd/compile: internal compiler error on : "tried to free an already free register" with generic function and type >= 192 bytes * go#77624 cmd/fix, x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when combining two strings.Builders * go#77680 cmd/link: TestFlagW/-w_-linkmode=external fails on illumos * go#77766 cmd/fix,x/tools/go/analysis/passes/modernize: rangeint uses target platform's type in the range expression, breaking other platforms * go#77780 reflect: breaking change for reflect.Value.Interface behaviour * go#77786 cmd/compile: rewriteFixedLoad does not properly sign extend AuxInt * go#77803 cmd/fix,x/tools/go/analysis/passes/modernize: reflect.TypeOf(nil) transformed into reflect.TypeForuntyped nil * go#77804 cmd/fix,x/tools/go/analysis/passes/modernize: minmax breaks select statements * go#77805 cmd/fix, x/tools/go/analysis/passes/modernize: waitgroup leads to a compilation error * go#77807 cmd/fix,x/tools/go/analysis/passes/modernize: stringsbuilder ignores variables if they are used multiple times * go#77849 cmd/fix,x/tools/go/analysis/passes/modernize: stringscut rewrite changes behavior * go#77860 cmd/go: change go mod init default go directive back to 1.N * go#77899 cmd/fix, x/tools/go/analysis/passes/modernize: bad rangeint rewriting * go#77904 x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when GenDecl is a block declaration * go1.26.0 (released 2026-02-10) is a major release of Go. go1.26.x minor releases will be provided through February 2027. https://github.com/golang/go/wiki/Go-Release-Cycle go1.26 arrives six months after Go 1.25. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: The built-in new function, which creates a new variable, now allows its operand to be an expression, specifying the initial value of the variable. * Language change: The restriction that a generic type may not refer to itself in its type parameter list has been lifted. It is now possible to specify type constraints that refer to the generic type being constrained. * go command: The venerable go fix command has been completely revamped and is now the home of Go's modernizers. It provides a dependable, push-button way to update Go code bases to the latest idioms and core library APIs. The initial suite of modernizers includes dozens of fixers to make use of modern features of the Go language and library, as well a source-level inliner that allows users to automate their own API migrations using //go:fix inline directives. These fixers should not change the behavior of your program, so if you encounter any issues with a fix performed by go fix, please report it. * go command: The rewritten go fix command builds atop the exact same Go analysis framework as go vet. This means the same analyzers that provide diagnostics in go vet can be used to suggest and apply fixes in go fix. The go fix command's historical fixers, all of which were obsolete, have been removed. * go command: Two upcoming Go blog posts will go into more detail on modernizers, the inliner, and how to get the most out of go fix. * go command: go mod init now defaults to a lower go version in new go.mod files. Running go mod init using a toolchain of version 1.N.X will create a go.mod file specifying the Go version go 1.(N-1).0. Pre-release versions of 1.N will create go.mod files specifying go 1.(N-2).0. For example, the Go 1.26 release candidates will create go.mod files with go 1.24.0, and Go 1.26 and its minor releases will create go.mod files with go 1.25.0. This is intended to encourage the creation of modules that are compatible with currently supported versions of Go. For additional control over the go version in new modules, go mod init can be followed up with go get go at version. * go command: cmd/doc, and go tool doc have been deleted. go doc can be used as a replacement for go tool doc: it takes the same flags and arguments and has the same behavior. * pprof: The pprof tool web UI, enabled with the -http flag, now defaults to the flame graph view. The previous graph view is available in the "View -> Graph" menu, or via /ui/graph. * Runtime: The new Green Tea garbage collector, previously available as an experiment in Go 1.25, is now enabled by default after incorporating feedback. This garbage collector's design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark results vary, but we expect somewhere between a 10-- 40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. Further improvements, on the order of 10% in garbage collection overhead, are expected when running on newer amd64-based CPU platforms (Intel Ice Lake or AMD Zen 4 and newer), as the garbage collector now leverages vector instructions for scanning small objects when possible. The new garbage collector may be disabled by setting GOEXPERIMENT=nogreenteagc at build time. This opt-out setting is expected to be removed in Go 1.27. If you disable the new garbage collector for any reason related to its performance or behavior, please file an issue. * Runtime: cgo: The baseline runtime overhead of cgo calls has been reduced by ~30%. * Runtime: Heap base address randomization: On 64-bit platforms, the runtime now randomizes the heap base address at startup. This is a security enhancement that makes it harder for attackers to predict memory addresses and exploit vulnerabilities when using cgo. This feature may be disabled by setting GOEXPERIMENT=norandomizedheapbase64 at build time. This opt-out setting is expected to be removed in a future Go release. * Runtime: Experimental goroutine leak profile: A new profile type that reports leaked goroutines is now available as an experiment. The new profile type, named goroutineleak in the runtime/pprof package, may be enabled by setting GOEXPERIMENT=goroutineleakprofile at build time. Enabling the experiment also makes the profile available as a net/http/pprof endpoint, /debug/pprof/goroutineleak. A leaked goroutine is a goroutine blocked on some concurrency primitive (channels, sync.Mutex, sync.Cond, etc) that cannot possibly become unblocked. The runtime detects leaked goroutines using the garbage collector: if a goroutine G is blocked on concurrency primitive P, and P is unreachable from any runnable goroutine or any goroutine that those could unblock, then P cannot be unblocked, so goroutine G can never wake up. While it is impossible to detect permanently blocked goroutines in all cases, this approach detects a large class of such leaks. Because this technique builds on reachability, the runtime may fail to identify leaks caused by blocking on concurrency primitives reachable through global variables or the local variables of runnable goroutines. Special thanks to Vlad Saioc at Uber for contributing this work. The underlying theory is presented in detail in a publication by Saioc et al. The implementation is production-ready, and is only considered an experiment for the purposes of collecting feedback on the API, specifically the choice to make it a new profile. The feature is also designed to not incur any additional run-time overhead unless it is actively in-use. We encourage users to try out the new feature in the Go playground, in tests, in continuous integration, and in production. We welcome additional feedback on the proposal issue. We aim to enable goroutine leak profiles by default in Go 1.27. * Compiler: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. If this change is causing trouble, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. If you encounter issues with this optimization, please file an issue. * Linker: On 64-bit ARM-based Windows (the windows/arm64 port), the linker now supports internal linking mode of cgo programs, which can be requested with the -ldflags=-linkmode=internal flag. * Linker: There are several minor changes to executable files. These changes do not affect running Go programs. They may affect programs that analyze Go executables, and they may affect people who use external linking mode with custom linker scripts. * Linker: The moduledata structure is now in its own section, named .go.module. * Linker: The moduledata cutab field, which is a slice, now has the correct length; previously the length was four times too large. * Linker: The pcHeader found at the start of the .gopclntab section no longer records the start of the text section. That field is now always zero. * Linker: That pcHeader change was made so that the .gopclntab section no longer contains any relocations. On platforms that support relro, the section has moved from the relro segment to the rodata segment. * Linker: The funcdata symbols and the findfunctab have moved from the .rodata section to the .gopclntab section. * Linker: The .gosymtab section has been removed. It was previously always present but empty. * Linker: When using internal linking, ELF sections now appear in the section header list sorted by address. The previous order was somewhat unpredictable. * Linker: The references to section names here use the ELF names as seen on Linux and other systems. The Mach-O names as seen on Darwin start with a double underscore and do not contain any dots. * Bootstrap: As mentioned in the Go 1.24 release notes, Go 1.26 now requires Go 1.24.6 or later for bootstrap. We expect that Go 1.28 will require a minor release of Go 1.26 or later for bootstrap. * Standard Library: New crypto/hpke package: The new crypto/hpke package implements Hybrid Public Key Encryption (HPKE) as specified in RFC 9180, including support for post-quantum hybrid KEMs. * Standard Library: New experimental simd/archsimd package: Go 1.26 introduces a new experimental simd/archsimd package, which can be enabled by setting the environment variable GOEXPERIMENT=simd at build time. This package provides access to architecture-specific SIMD operations. It is currently available on the amd64 architecture and supports 128-bit, 256-bit, and 512-bit vector types, such as Int8x16 and Float64x8, with operations such as Int8x16.Add. The API is not yet considered stable. We intend to provide support for other architectures in future versions, but the API intentionally architecture-specific and thus non-portable. In addition, we plan to develop a high-level portable SIMD package in the future. * Standard Library: New experimental runtime/secret package: The new runtime/secret package is available as an experiment, which GOEXPERIMENT=runtimesecret at build time. It provides a facility for securely erasing temporaries used in code that manipulates secret information--typically cryptographic in nature--such as registers, stack, new heap allocations. This package is intended to make it easier to ensure forward secrecy. It currently supports the amd64 and arm64 architectures on Linux. * bytes: The new Buffer.Peek method returns the next n bytes from the buffer without advancing it. * crypto: The new Encapsulator and Decapsulator interfaces allow accepting abstract KEM encapsulation or decapsulation keys. * crypto/dsa: The random parameter to GenerateKey is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/ecdh: The random parameter to Curve.GenerateKey is now behavior. The new KeyExchanger interface, implemented by PrivateKey, makes it possible to accept abstract ECDH private keys, e.g. those implemented in hardware. * crypto/ecdsa: The big.Int fields of PublicKey and PrivateKey are now deprecated. The random parameter to GenerateKey, SignASN1, Sign, and PrivateKey.Sign is now ignored. Instead, they now always use a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old * crypto/ed25519: If the random parameter to GenerateKey is nil, GenerateKey now always uses a secure source of cryptographically random bytes, instead of crypto/rand.Reader (which could have been overridden). The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/fips140: The new WithoutEnforcement and Enforced functions now allow running in GODEBUG=fips140=only mode while selectively disabling the strict FIPS 140-3 checks. Version returns the resolved FIPS 140-3 Go Cryptographic Module version when building against a frozen module with GOFIPS140. * crypto/mlkem: The new DecapsulationKey768.Encapsulator and DecapsulationKey1024.Encapsulator methods implement the new crypto.Decapsulator interface. * crypto/mlkem/mlkemtest: The new crypto/mlkem/mlkemtest package exposes the Encapsulate768 and Encapsulate1024 functions which implement derandomized ML-KEM encapsulation, for use with known-answer tests. * crypto/rand: The random parameter to Prime is now * crypto/rsa: The new EncryptOAEPWithOptions function allows specifying different hash functions for OAEP padding and MGF1 mask generation. * crypto/rsa: The random parameter to GenerateKey, GenerateMultiPrimeKey, and EncryptPKCS1v15 is now ignored. Instead, they now always use a secure source of * crypto/rsa: If PrivateKey fields are modified after calling PrivateKey.Precompute, PrivateKey.Validate now fails. * crypto/rsa: PrivateKey.D is now checked for consistency with precomputed values, even if it is not used. * crypto/rsa: Unsafe PKCS #1 v1.5 encryption padding (implemented by EncryptPKCS1v15, DecryptPKCS1v15, and DecryptPKCS1v15SessionKey) is now deprecated. * crypto/subtle: The WithDataIndependentTiming function no longer locks the calling goroutine to the OS thread while executing the passed function. Additionally, any goroutines which are spawned during the execution of the passed function and their descendants now inherit the properties of WithDataIndependentTiming for their lifetime. This change also affects cgo in the following ways: * crypto/subtle: Any C code called via cgo from within the function passed to WithDataIndependentTiming, or from a goroutine spawned by the function passed to WithDataIndependentTiming and its descendants, will also have data independent timing enabled for the duration of the call. If the C code disables data independent timing, it will be re-enabled on return to Go. * crypto/subtle: If C code called via cgo, from the function passed to WithDataIndependentTiming or elsewhere, enables or disables data independent timing then calling into Go will preserve that state for the duration of the call. * crypto/tls: The hybrid SecP256r1MLKEM768 and SecP384r1MLKEM1024 post-quantum key exchanges are now enabled by default. They can be disabled by setting Config.CurvePreferences or with the tlssecpmlkem=0 GODEBUG setting. * crypto/tls: The new ClientHelloInfo.HelloRetryRequest field indicates if the ClientHello was sent in response to a HelloRetryRequest message. The new ConnectionState.HelloRetryRequest field indicates if the server sent a HelloRetryRequest, or if the client received a HelloRetryRequest, depending on connection role. * crypto/tls: The QUICConn type used by QUIC implementations includes a new event for reporting TLS handshake errors. * crypto/tls: If Certificate.PrivateKey implements crypto.MessageSigner, its SignMessage method is used instead of Sign in TLS 1.2 and later. * crypto/tls: The following GODEBUG settings introduced in Go 1.22 and Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version. * crypto/tls: GODEBUG tlsunsafeekm: ConnectionState.ExportKeyingMaterial will require TLS 1.3 or Extended Master Secret. * crypto/tls: GODEBUG tlsrsakex: legacy RSA-only key exchanges without ECDH won't be enabled by default. * crypto/tls: GODEBUG tls10server: the default minimum TLS version for both clients and servers will be TLS 1.2. * crypto/tls: GODEBUG tls3des: the default cipher suites will not include 3DES. * crypto/tls: GODEBUG x509keypairleaf: X509KeyPair and LoadX509KeyPair will always populate the Certificate.Leaf field. * crypto/x509: The ExtKeyUsage and KeyUsage types now have String methods that return the corresponding OID names as defined in RFC 5280 and other registries. * crypto/x509: The ExtKeyUsage type now has an OID method that returns the corresponding OID for the EKU. * crypto/x509: The new OIDFromASN1OID function allows converting an encoding/asn1.ObjectIdentifier into an OID. * debug/elf: Additional R_LARCH_* constants from LoongArch ELF psABI v20250521 (global version v2.40) are defined for use with LoongArch systems. * errors: The new AsType function is a generic version of As. It is type-safe, faster, and, in most cases, easier to use. * fmt: For unformatted strings, fmt.Errorf("x") now allocates less and generally matches the allocations for errors.New("x"). * go/ast: The new ParseDirective function parses directive comments, which are comments such as //go:generate. Source code tools can support their own directive comments and this new API should help them implement the conventional syntax. * go/ast: The new BasicLit.ValueEnd field records the precise end position of a literal so that the BasicLit.End method can now always return the correct answer. (Previously it was computed using a heuristic that was incorrect for multi-line raw string literals in Windows source files, due to removal of carriage returns.) * go/ast: Programs that update the ValuePos field of BasicLits produced by the parser may need to also update or clear the ValueEnd field to avoid minor differences in formatted output. * go/token: The new File.End convenience method returns the file's end position. * go/types: The gotypesalias GODEBUG setting introduced in Go 1.22 will be removed in the next major Go release. Starting in Go 1.27, the go/types package will always produce an Alias type for the representation of type aliases regardless of GODEBUG setting or go.mod language version. * image/jpeg: The JPEG encoder and decoder have been replaced with new, faster, more accurate implementations. Code that expects specific bit-for- bit outputs from the encoder or decoder may need to be updated. * io: ReadAll now allocates less intermediate memory and returns a minimally sized final slice. It is often about two times faster while typically allocating around half as much total memory, with more benefit for larger inputs. * log/slog: The NewMultiHandler function creates a MultiHandler that invokes all the given Handlers. Its Enabled method reports whether any of the handlers' Enabled methods return true. Its Handle, WithAttrs and WithGroup methods call the corresponding method on each of the enabled handlers. * net: The new Dialer methods DialIP, DialTCP, DialUDP, and DialUnix permit dialing specific network types with context values. * net/http: The new HTTP2Config.StrictMaxConcurrentRequests field controls whether a new connection should be opened if an existing HTTP/2 connection has exceeded its stream limit. * net/http: The new Transport.NewClientConn method returns a client connection to an HTTP server. Most users should continue to use Transport.RoundTrip to make requests, which manages a pool of connections. NewClientConn is useful for users who need to implement their own connection management. * net/http: Client now uses and sets cookies scoped to URLs with the host portion matching Request.Host when available. Previously, the connection address host was always used. * net/http/httptest: The HTTP client returned by Server.Client will now redirect requests for example.com and any subdomains to the server being tested. * net/http/httputil: The ReverseProxy.Director configuration field is deprecated in favor of ReverseProxy.Rewrite. * net/http/httputil: A malicious client can remove headers added by a Director function by designating those headers as hop-by-hop. Since there is no way to address this problem within the scope of the Director API, we added a new Rewrite hook in Go 1.20. Rewrite hooks are provided with both the unmodified inbound request received by the proxy and the outbound request which will be sent by the proxy. Since the Director hook is fundamentally unsafe, we are now deprecating it. * net/netip: The new Prefix.Compare method compares two prefixes. * net/url: Parse now rejects malformed URLs containing colons in the host subcomponent, such as http://::1/ or http://localhost:80:80/. URLs containing bracketed IPv6 addresses, such as http://[::1]/ are still accepted. The new GODEBUG setting urlstrictcolons=0 restores the old behavior. * os: The new Process.WithHandle method provides access to an internal process handle on supported platforms (pidfd on Linux 5.4 or later, Handle on Windows). * os: On Windows, the OpenFile flag parameter can now contain any combination of Windows-specific file flags, such as FILE_FLAG_OVERLAPPED and FILE_FLAG_SEQUENTIAL_SCAN, for control of file or device caching behavior, access modes, and other special-purpose flags. * os/signal: NotifyContext now cancels the returned context with context.CancelCauseFunc and an error indicating which signal was received. * reflect: The new methods Type.Fields, Type.Methods, Type.Ins and Type.Outs return iterators for a type's fields (for a struct type), methods, inputs and outputs parameters (for a function type), respectively. Similarly, the new methods Value.Fields and Value.Methods return iterators over a value's fields or methods, respectively. Each iteration yields the type information (StructField or Method) of a field or method, along with the field or method Value. * runtime/metrics: Several new scheduler metrics have been added, including counts of goroutines in various states (waiting, runnable, etc.) under the /sched/goroutines prefix, the number of OS threads the runtime is aware of with /sched/threads:threads, and the total number of goroutines created by the program with /sched/goroutines-created:goroutines. * testing: The new methods T.ArtifactDir, B.ArtifactDir, and F.ArtifactDir return a directory in which to write test output files (artifacts). * testing: When the -artifacts flag is provided to go test, this directory will be located under the output directory (specified with -outputdir, or the current directory by default). Otherwise, artifacts are stored in a temporary directory which is removed after the test completes. * testing: The first call to ArtifactDir when -artifacts is provided writes the location of the directory to the test log. * testing: The B.Loop method no longer prevents inlining in the loop body, which could lead to unanticipated allocation and slower benchmarks. With this fix, we expect that all benchmarks can be converted from the old B.N style to the new B.Loop style with no ill effects. Within the body of a for b.Loop() { ... } loop, function call parameters, results, and assigned variables are still kept alive, preventing the compiler from optimizing away entire parts of the benchmark. * testing/cryptotest: The new SetGlobalRandom function configures a global, deterministic cryptographic randomness source for the duration of the test. It affects crypto/rand, and all implicit sources of cryptographic randomness in the crypto/... packages. * time: The asynctimerchan GODEBUG setting introduced in Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the time package will always use unbuffered (synchronous) channels for timers regardless of GODEBUG setting or go.mod language version. * Ports: Darwin: Go 1.26 is the last release that will run on macOS 12 Monterey. Go 1.27 will require macOS 13 Ventura or later. * Ports: FreeBSD: The freebsd/riscv64 port (GOOS=freebsd GOARCH=riscv64) has been marked broken. See issue 76475 for details. * Ports: Windows: As announced in the Go 1.25 release notes, the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm) has been removed. * Ports: PowerPC: Go 1.26 is the last release that supports the ELFv1 ABI on the big-endian 64-bit PowerPC port on Linux (GOOS=linux GOARCH=ppc64). It will switch to the ELFv2 ABI in Go 1.27. As the port does not currently support linking against other ELF objects, we expect this change to be transparent to users. * Ports: RISC-V: The linux/riscv64 port now supports the race detector. * Ports: S390X: The s390x port now supports passing function arguments and results using registers. * Ports: WebAssembly: The compiler now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions. These features have been standardized since at least Wasm 2.0. The corresponding GOWASM settings, signext and satconv, are now ignored. * Ports: WebAssembly: For WebAssembly applications, the runtime now manages chunks of heap memory in much smaller increments, leading to significantly reduced memory usage for applications with heaps less than around 16 MiB in size. * go1.26rc3 (released 2026-02-04) is a release candidate version of go1.26 cut from the master branch at the revision tagged go1.26rc3. * go1.26rc2 (released 2026-01-15) is a release candidate version of go1.26rc2. * go1.26 requires go1.24.6 or later for bootstrap. * go1.26rc1 (released 2025-12-16) is a release candidate version of go1.26rc1. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-560=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-560=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * go1.26-openssl-1.26.1-160000.1.1 * go1.26-openssl-doc-1.26.1-160000.1.1 * go1.26-openssl-race-1.26.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * go1.26-openssl-1.26.1-160000.1.1 * go1.26-openssl-doc-1.26.1-160000.1.1 * go1.26-openssl-race-1.26.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25679.html * https://www.suse.com/security/cve/CVE-2026-27137.html * https://www.suse.com/security/cve/CVE-2026-27138.html * https://www.suse.com/security/cve/CVE-2026-27139.html * https://www.suse.com/security/cve/CVE-2026-27142.html * https://bugzilla.suse.com/show_bug.cgi?id=1255111 * https://bugzilla.suse.com/show_bug.cgi?id=1259264 * https://bugzilla.suse.com/show_bug.cgi?id=1259265 * https://bugzilla.suse.com/show_bug.cgi?id=1259266 * https://bugzilla.suse.com/show_bug.cgi?id=1259267 * https://bugzilla.suse.com/show_bug.cgi?id=1259268 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:33:39 -0000 Subject: SUSE-SU-2026:21194-1: important: Security update for plexus-utils Message-ID: <177677481925.7580.5600658399621486428@5a8be24cc32b> # Security update for plexus-utils Announcement ID: SUSE-SU-2026:21194-1 Release Date: 2026-04-14T15:02:17Z Rating: important References: * bsc#1260588 Cross-References: * CVE-2025-67030 CVSS scores: * CVE-2025-67030 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-67030 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for plexus-utils fixes the following issue: * CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-558=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-558=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * plexus-utils-javadoc-4.0.2-160000.3.1 * plexus-utils-4.0.2-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * plexus-utils-javadoc-4.0.2-160000.3.1 * plexus-utils-4.0.2-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67030.html * https://bugzilla.suse.com/show_bug.cgi?id=1260588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:37:53 -0000 Subject: SUSE-SU-2026:21142-1: moderate: Security update for libtasn1 Message-ID: <177677507395.7580.5659916392804361342@5a8be24cc32b> # Security update for libtasn1 Announcement ID: SUSE-SU-2026:21142-1 Release Date: 2026-04-07T14:33:05Z Rating: moderate References: * bsc#1256341 Cross-References: * CVE-2025-13151 CVSS scores: * CVE-2025-13151 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-13151 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-13151 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for libtasn1 fixes the following issues: * CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-484=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-484=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libtasn1-tools-4.21.0-160000.1.1 * libtasn1-tools-debuginfo-4.21.0-160000.1.1 * libtasn1-6-debuginfo-4.21.0-160000.1.1 * libtasn1-devel-4.21.0-160000.1.1 * libtasn1-debugsource-4.21.0-160000.1.1 * libtasn1-6-4.21.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libtasn1-tools-4.21.0-160000.1.1 * libtasn1-tools-debuginfo-4.21.0-160000.1.1 * libtasn1-6-debuginfo-4.21.0-160000.1.1 * libtasn1-devel-4.21.0-160000.1.1 * libtasn1-debugsource-4.21.0-160000.1.1 * libtasn1-6-4.21.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13151.html * https://bugzilla.suse.com/show_bug.cgi?id=1256341 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:33:43 -0000 Subject: SUSE-SU-2026:21192-1: moderate: Security update for pam Message-ID: <177677482375.7580.16267301894583262689@5a8be24cc32b> # Security update for pam Announcement ID: SUSE-SU-2026:21192-1 Release Date: 2026-04-14T14:33:17Z Rating: moderate References: * bsc#1232234 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for pam fixes the following issue: * CVE-2024-10041: libpam: vulnerable to read hashed password (bsc#1232234). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-556=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-556=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * pam-devel-1.7.1-160000.3.1 * pam-1.7.1-160000.3.1 * pam-extra-1.7.1-160000.3.1 * pam-debuginfo-1.7.1-160000.3.1 * pam-extra-debuginfo-1.7.1-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x) * pam-full-src-debugsource-1.7.1-160000.3.1 * pam-debugsource-1.7.1-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * pam-doc-1.7.1-160000.3.1 * pam-manpages-1.7.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * pam-devel-1.7.1-160000.3.1 * pam-1.7.1-160000.3.1 * pam-extra-1.7.1-160000.3.1 * pam-debuginfo-1.7.1-160000.3.1 * pam-extra-debuginfo-1.7.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * pam-doc-1.7.1-160000.3.1 * pam-manpages-1.7.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le) * pam-full-src-debugsource-1.7.1-160000.3.1 * pam-debugsource-1.7.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1232234 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:37:56 -0000 Subject: SUSE-SU-2026:21141-1: important: Security update for cockpit-packages Message-ID: <177677507693.7580.10333991943427062617@5a8be24cc32b> # Security update for cockpit-packages Announcement ID: SUSE-SU-2026:21141-1 Release Date: 2026-04-07T12:21:55Z Rating: important References: * bsc#1258641 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-packages fixes the following issue: Update cockpit-packages to version 4: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). Changes for cockpit-packages: * Translation updates * Dependency updates ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-483=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-483=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-packages-4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-packages-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:38:04 -0000 Subject: SUSE-SU-2026:21139-1: important: Security update for python-cbor2 Message-ID: <177677508418.7580.18086769930448315328@5a8be24cc32b> # Security update for python-cbor2 Announcement ID: SUSE-SU-2026:21139-1 Release Date: 2026-04-07T11:57:38Z Rating: important References: * bsc#1255783 * bsc#1260367 Cross-References: * CVE-2025-68131 * CVE-2026-26209 CVSS scores: * CVE-2025-68131 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-68131 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-68131 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-68131 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-26209 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-26209 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26209 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-cbor2 fixes the following issues: * CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via attacker-controlled messages (bsc#1255783). * CVE-2026-26209: uncontrolled recursion via crafted CBOR payloads can cause a denial of service (bsc#1260367). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-482=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-482=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python313-cbor2-debuginfo-5.6.5-160000.4.1 * python-cbor2-debugsource-5.6.5-160000.4.1 * python313-cbor2-5.6.5-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python313-cbor2-debuginfo-5.6.5-160000.4.1 * python-cbor2-debugsource-5.6.5-160000.4.1 * python313-cbor2-5.6.5-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68131.html * https://www.suse.com/security/cve/CVE-2026-26209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255783 * https://bugzilla.suse.com/show_bug.cgi?id=1260367 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:34:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:34:09 -0000 Subject: SUSE-SU-2026:21186-1: important: Security update for openssl-3 Message-ID: <177677484992.7580.2091048940509250725@5a8be24cc32b> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:21186-1 Release Date: 2026-04-13T15:48:00Z Rating: important References: * bsc#1259652 * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 * bsc#1261678 * jsc#PED-15724 Cross-References: * CVE-2026-2673 * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-28390 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-2673 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-2673 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2673 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for openssl-3 fixes the following issues: Security issues fixed: * CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group (bsc#1259652). * CVE-2026-28387: potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL pointer dereference when processing a delta (bsc#1260442). * CVE-2026-28389: possible NULL pointer dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-31789: heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Other updates and bugfixes: * Enable MD2 in legacy provider (jsc#PED-15724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-547=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-547=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * openssl-3-debugsource-3.5.0-160000.7.1 * openssl-3-debuginfo-3.5.0-160000.7.1 * libopenssl3-3.5.0-160000.7.1 * libopenssl-3-devel-3.5.0-160000.7.1 * libopenssl-3-fips-provider-3.5.0-160000.7.1 * libopenssl3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-fips-provider-debuginfo-3.5.0-160000.7.1 * openssl-3-3.5.0-160000.7.1 * SUSE Linux Enterprise Server 16.0 (noarch) * openssl-3-doc-3.5.0-160000.7.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libopenssl3-x86-64-v3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.7.1 * libopenssl3-x86-64-v3-3.5.0-160000.7.1 * libopenssl-3-fips-provider-x86-64-v3-debuginfo-3.5.0-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * openssl-3-debugsource-3.5.0-160000.7.1 * openssl-3-debuginfo-3.5.0-160000.7.1 * libopenssl3-3.5.0-160000.7.1 * libopenssl-3-devel-3.5.0-160000.7.1 * libopenssl-3-fips-provider-3.5.0-160000.7.1 * libopenssl3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-fips-provider-debuginfo-3.5.0-160000.7.1 * openssl-3-3.5.0-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libopenssl3-x86-64-v3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.7.1 * libopenssl3-x86-64-v3-3.5.0-160000.7.1 * libopenssl-3-fips-provider-x86-64-v3-debuginfo-3.5.0-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * openssl-3-doc-3.5.0-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2673.html * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1259652 * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 * https://jira.suse.com/browse/PED-15724 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:34:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:34:16 -0000 Subject: SUSE-SU-2026:21184-1: critical: Security update for cockpit Message-ID: <177677485669.7580.11879029002741286248@5a8be24cc32b> # Security update for cockpit Announcement ID: SUSE-SU-2026:21184-1 Release Date: 2026-04-13T14:07:43Z Rating: critical References: * bsc#1261829 Cross-References: * CVE-2026-4631 CVSS scores: * CVE-2026-4631 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4631 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit fixes the following issues: Changes in cockpit: * CVE-2026-4631: Avoid ssh command injection that could be used to cause remote code execution (bsc#1261829) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-545=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-545=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * cockpit-ws-debuginfo-354-160000.3.1 * cockpit-ws-354-160000.3.1 * cockpit-ws-selinux-354-160000.3.1 * cockpit-devel-354-160000.3.1 * cockpit-debugsource-354-160000.3.1 * cockpit-354-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-firewalld-354-160000.3.1 * cockpit-networkmanager-354-160000.3.1 * cockpit-kdump-354-160000.3.1 * cockpit-storaged-354-160000.3.1 * cockpit-doc-354-160000.3.1 * cockpit-bridge-354-160000.3.1 * cockpit-packagekit-354-160000.3.1 * cockpit-selinux-354-160000.3.1 * cockpit-system-354-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * cockpit-ws-debuginfo-354-160000.3.1 * cockpit-ws-354-160000.3.1 * cockpit-ws-selinux-354-160000.3.1 * cockpit-devel-354-160000.3.1 * cockpit-debugsource-354-160000.3.1 * cockpit-354-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-firewalld-354-160000.3.1 * cockpit-networkmanager-354-160000.3.1 * cockpit-kdump-354-160000.3.1 * cockpit-storaged-354-160000.3.1 * cockpit-doc-354-160000.3.1 * cockpit-bridge-354-160000.3.1 * cockpit-packagekit-354-160000.3.1 * cockpit-selinux-354-160000.3.1 * cockpit-system-354-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4631.html * https://bugzilla.suse.com/show_bug.cgi?id=1261829 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:35:56 -0000 Subject: SUSE-SU-2026:21173-1: moderate: Security update for sqlite3 Message-ID: <177677495659.7580.9624620334432848581@5a8be24cc32b> # Security update for sqlite3 Announcement ID: SUSE-SU-2026:21173-1 Release Date: 2026-04-10T18:56:55Z Rating: moderate References: * bsc#1248586 * bsc#1252217 * bsc#1254670 * bsc#1259619 Cross-References: * CVE-2025-70873 * CVE-2025-7709 CVSS scores: * CVE-2025-70873 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-70873 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-70873 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-7709 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-7709 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2025-7709 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for sqlite3 fixes the following issues: Update sqlite3 to version 3.51.3: Security issues: * CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). * CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Non security issue: * sqlite3 won't build when using --with icu (bsc#1248586). Changelog: Update to version 3.51.3: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug * Other minor bug fixes. Update to version 3.51.2: * Fix an obscure deadlock in the new broken-posix-lock detection logic. * Fix multiple problems in the EXISTS-to-JOIN optimization. Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release Update to version 3.51.0: * New macros in sqlite3.h: \- SQLITE_SCM_BRANCH -> the name of the branch from which the source code is taken. \- SQLITE_SCM_TAGS -> space-separated list of tags on the source code check-in. \- SQLITE_SCM_DATETIME -> ISO-8601 date and time of the source * Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the existing json_each() and json_tree() functions except that they return JSONB for the "value" column when the "type" is 'array' or 'object'. * The carray and percentile extensions are now built into the amalgamation, though they are disabled by default and must be activated at compile-time using the -DSQLITE_ENABLE_CARRAY and/or -DSQLITE_ENABLE_PERCENTILE options, respectively. * Enhancements to TCL Interface: \- Add the -asdict flag to the eval command to have it set the row data as a dict instead of an array. \- User-defined functions may now break to return an SQL NULL. * CLI enhancements: \- Increase the precision of ".timer" to microseconds. \- Enhance the "box" and "column" formatting modes to deal with double-wide characters. \- The ".imposter" command provides read-only imposter tables that work with VACUUM and do not require the --unsafe-testing option. \- Add the --ifexists option to the CLI command-line option and to the .open command. \- Limit columns widths set by the ".width" command to 30,000 or less, as there is not good reason to have wider columns, but supporting wider columns provides opportunity to malefactors. * Performance enhancements: \- Use fewer CPU cycles to commit a read transaction. \- Early detection of joins that return no rows due to one or more of the tables containing no rows. \- Avoid evaluation of scalar subqueries if the result of the subquery does not change the result of the overall expression. \- Faster window function queries when using "BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y. * Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2(). * Add the sqlite3_set_errmsg() API for use by extensions. * Add the sqlite3_db_status64() API, which works just like the existing sqlite3_db_status() API except that it returns 64-bit results. * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and sqlite3_db_status64() interfaces. * In the session extension add the sqlite3changeset_apply_v3() interface. * For the built-in printf() and the format() SQL function, omit the leading '-' from negative floating point numbers if the '+' flag is omitted and the "#" flag is present and all displayed digits are '0'. Use '%#f' or similar to avoid outputs like '-0.00' and instead show just '0.00'. * Improved error messages generated by FTS5. * Enforce STRICT typing on computed columns. * Improved support for VxWorks * JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be 32-bit but creating one's own 64-bit build is now as simple as running "make". * Improved resistance to database corruption caused by an application breaking Posix advisory locks using close(). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-529=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-529=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * sqlite3-debugsource-3.51.3-160000.1.1 * sqlite3-devel-3.51.3-160000.1.1 * libsqlite3-0-debuginfo-3.51.3-160000.1.1 * sqlite3-tcl-debuginfo-3.51.3-160000.1.1 * sqlite3-debuginfo-3.51.3-160000.1.1 * libsqlite3-0-3.51.3-160000.1.1 * sqlite3-3.51.3-160000.1.1 * sqlite3-tcl-3.51.3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * sqlite3-doc-3.51.3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libsqlite3-0-x86-64-v3-3.51.3-160000.1.1 * libsqlite3-0-x86-64-v3-debuginfo-3.51.3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * sqlite3-debugsource-3.51.3-160000.1.1 * sqlite3-devel-3.51.3-160000.1.1 * libsqlite3-0-debuginfo-3.51.3-160000.1.1 * sqlite3-tcl-debuginfo-3.51.3-160000.1.1 * sqlite3-debuginfo-3.51.3-160000.1.1 * libsqlite3-0-3.51.3-160000.1.1 * sqlite3-3.51.3-160000.1.1 * sqlite3-tcl-3.51.3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libsqlite3-0-x86-64-v3-3.51.3-160000.1.1 * libsqlite3-0-x86-64-v3-debuginfo-3.51.3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * sqlite3-doc-3.51.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-70873.html * https://www.suse.com/security/cve/CVE-2025-7709.html * https://bugzilla.suse.com/show_bug.cgi?id=1248586 * https://bugzilla.suse.com/show_bug.cgi?id=1252217 * https://bugzilla.suse.com/show_bug.cgi?id=1254670 * https://bugzilla.suse.com/show_bug.cgi?id=1259619 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:38:15 -0000 Subject: SUSE-SU-2026:1505-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) Message-ID: <177677509513.7580.17664482828988696159@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1505-1 Release Date: 2026-04-21T07:34:22Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1505=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1512=1 SUSE-SLE-Module-Live- Patching-15-SP6-2026-1507=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1512=1 SUSE-2026-1507=1 SUSE-2026-1505=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.1 * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:38:35 -0000 Subject: SUSE-SU-2026:1509-1: important: Security update for nodejs22 Message-ID: <177677511589.7580.16898067492366820307@5a8be24cc32b> # Security update for nodejs22 Announcement ID: SUSE-SU-2026:1509-1 Release Date: 2026-04-21T06:27:54Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs22 fixes the following issues: Update to version 22.22.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1509=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1509=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1509=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * npm22-22.22.2-150600.13.15.1 * nodejs22-debugsource-22.22.2-150600.13.15.1 * nodejs22-22.22.2-150600.13.15.1 * corepack22-22.22.2-150600.13.15.1 * nodejs22-devel-22.22.2-150600.13.15.1 * nodejs22-debuginfo-22.22.2-150600.13.15.1 * openSUSE Leap 15.6 (noarch) * nodejs22-docs-22.22.2-150600.13.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * npm22-22.22.2-150600.13.15.1 * nodejs22-debugsource-22.22.2-150600.13.15.1 * nodejs22-22.22.2-150600.13.15.1 * nodejs22-devel-22.22.2-150600.13.15.1 * nodejs22-debuginfo-22.22.2-150600.13.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * nodejs22-docs-22.22.2-150600.13.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * npm22-22.22.2-150600.13.15.1 * nodejs22-debugsource-22.22.2-150600.13.15.1 * nodejs22-22.22.2-150600.13.15.1 * nodejs22-devel-22.22.2-150600.13.15.1 * nodejs22-debuginfo-22.22.2-150600.13.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * nodejs22-docs-22.22.2-150600.13.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:30:47 -0000 Subject: SUSE-SU-2026:21221-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177677464782.7580.4668845712382383687@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21221-1 Release Date: 2026-04-13T09:00:08Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-538=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-538=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-5-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:36:15 -0000 Subject: SUSE-SU-2026:21167-1: important: Security update for cockpit-podman Message-ID: <177677497579.7580.6751795299246125569@5a8be24cc32b> # Security update for cockpit-podman Announcement ID: SUSE-SU-2026:21167-1 Release Date: 2026-04-10T11:48:27Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-podman fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-518=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-518=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-podman-117-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-podman-117-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:33:10 -0000 Subject: SUSE-SU-2026:21200-1: moderate: Security update for go1.25 Message-ID: <177677479080.7580.17346888388909066475@5a8be24cc32b> # Security update for go1.25 Announcement ID: SUSE-SU-2026:21200-1 Release Date: 2026-04-16T07:24:09Z Rating: moderate References: * bsc#1244485 * bsc#1259264 * bsc#1259265 * bsc#1259268 Cross-References: * CVE-2026-25679 * CVE-2026-27139 * CVE-2026-27142 CVSS scores: * CVE-2026-25679 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25679 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25679 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27139 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-27139 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27139 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27142 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27142 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-27142 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for go1.25 fixes the following issues: Update to go1.25.8 (bsc#1244485): * CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). * CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). * CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * go#77253 cmd/compile: miscompile of global array initialization * go#77406 os: Go 1.25.x regression on RemoveAll for windows * go#77413 runtime: netpollinit() incorrectly prints the error from linux.Eventfd * go#77438 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77531 net/smtp: expiry date of localhostCert for testing is too short ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-511=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-511=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.8-160000.1.1 * go1.25-1.25.8-160000.1.1 * go1.25-race-1.25.8-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * go1.25-libstd-debuginfo-1.25.8-160000.1.1 * go1.25-debuginfo-1.25.8-160000.1.1 * go1.25-libstd-1.25.8-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * go1.25-doc-1.25.8-160000.1.1 * go1.25-1.25.8-160000.1.1 * go1.25-race-1.25.8-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * go1.25-libstd-debuginfo-1.25.8-160000.1.1 * go1.25-debuginfo-1.25.8-160000.1.1 * go1.25-libstd-1.25.8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25679.html * https://www.suse.com/security/cve/CVE-2026-27139.html * https://www.suse.com/security/cve/CVE-2026-27142.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1259264 * https://bugzilla.suse.com/show_bug.cgi?id=1259265 * https://bugzilla.suse.com/show_bug.cgi?id=1259268 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:30:58 -0000 Subject: SUSE-SU-2026:21220-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177677465849.7580.8239258338246514242@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21220-1 Release Date: 2026-04-13T03:16:46Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-534=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-534=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_3-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_3-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:36:25 -0000 Subject: SUSE-SU-2026:21165-1: important: Security update for python-cryptography Message-ID: <177677498514.7580.13610671641457709621@5a8be24cc32b> # Security update for python-cryptography Announcement ID: SUSE-SU-2026:21165-1 Release Date: 2026-04-10T11:27:11Z Rating: important References: * bsc#1258074 * bsc#1260876 Cross-References: * CVE-2026-26007 * CVE-2026-34073 CVSS scores: * CVE-2026-26007 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-26007 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-26007 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26007 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-34073 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34073 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34073 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34073 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) * CVE-2026-26007: missing validation can lead to security issues for signature verification (ECDSA) and shared key negotiation (ECDH) (bsc#1258074). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-522=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-522=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python-cryptography-debugsource-44.0.3-160000.3.1 * python313-cryptography-debuginfo-44.0.3-160000.3.1 * python313-cryptography-44.0.3-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python-cryptography-debugsource-44.0.3-160000.3.1 * python313-cryptography-debuginfo-44.0.3-160000.3.1 * python313-cryptography-44.0.3-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26007.html * https://www.suse.com/security/cve/CVE-2026-34073.html * https://bugzilla.suse.com/show_bug.cgi?id=1258074 * https://bugzilla.suse.com/show_bug.cgi?id=1260876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:37:45 -0000 Subject: SUSE-SU-2026:21144-1: important: Security update for systemd Message-ID: <177677506575.7580.6058272468374944586@5a8be24cc32b> # Security update for systemd Announcement ID: SUSE-SU-2026:21144-1 Release Date: 2026-04-07T15:17:05Z Rating: important References: * bsc#1255326 * bsc#1258344 * bsc#1259418 * bsc#1259650 * bsc#1259697 * jsc#PED-14853 Cross-References: * CVE-2026-29111 * CVE-2026-4105 CVSS scores: * CVE-2026-29111 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29111 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4105 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4105 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4105 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities, contains one feature and has three fixes can now be installed. ## Description: This update for systemd fixes the following issues: Update to systemd v257.13: Security issues: * CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). * CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). * udev: local root execution via malicious hardware devices and unsanitized kernel output (bsc#1259697). Non security issues: * Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853). * Sign systemd-boot EFI binary on aarch64 (bsc#1258344) * terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) Changelog: * 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105) * 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697) * 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111) * fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28 ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-485=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-485=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * udev-257.13-160000.1.1 * systemd-portable-257.13-160000.1.1 * libsystemd0-debuginfo-257.13-160000.1.1 * systemd-resolved-debuginfo-257.13-160000.1.1 * systemd-experimental-257.13-160000.1.1 * libsystemd0-257.13-160000.1.1 * libudev1-257.13-160000.1.1 * systemd-experimental-debuginfo-257.13-160000.1.1 * udev-debuginfo-257.13-160000.1.1 * systemd-container-257.13-160000.1.1 * systemd-devel-257.13-160000.1.1 * systemd-homed-debuginfo-257.13-160000.1.1 * systemd-container-debuginfo-257.13-160000.1.1 * systemd-debugsource-257.13-160000.1.1 * systemd-journal-remote-debuginfo-257.13-160000.1.1 * systemd-resolved-257.13-160000.1.1 * libudev1-debuginfo-257.13-160000.1.1 * systemd-debuginfo-257.13-160000.1.1 * systemd-257.13-160000.1.1 * systemd-portable-debuginfo-257.13-160000.1.1 * systemd-homed-257.13-160000.1.1 * systemd-journal-remote-257.13-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * systemd-doc-257.13-160000.1.1 * systemd-lang-257.13-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * udev-257.13-160000.1.1 * systemd-portable-257.13-160000.1.1 * libsystemd0-debuginfo-257.13-160000.1.1 * systemd-resolved-debuginfo-257.13-160000.1.1 * systemd-experimental-257.13-160000.1.1 * libsystemd0-257.13-160000.1.1 * libudev1-257.13-160000.1.1 * systemd-experimental-debuginfo-257.13-160000.1.1 * udev-debuginfo-257.13-160000.1.1 * systemd-container-257.13-160000.1.1 * systemd-devel-257.13-160000.1.1 * systemd-homed-debuginfo-257.13-160000.1.1 * systemd-container-debuginfo-257.13-160000.1.1 * systemd-debugsource-257.13-160000.1.1 * systemd-journal-remote-debuginfo-257.13-160000.1.1 * systemd-resolved-257.13-160000.1.1 * libudev1-debuginfo-257.13-160000.1.1 * systemd-debuginfo-257.13-160000.1.1 * systemd-257.13-160000.1.1 * systemd-portable-debuginfo-257.13-160000.1.1 * systemd-homed-257.13-160000.1.1 * systemd-journal-remote-257.13-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * systemd-doc-257.13-160000.1.1 * systemd-lang-257.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29111.html * https://www.suse.com/security/cve/CVE-2026-4105.html * https://bugzilla.suse.com/show_bug.cgi?id=1255326 * https://bugzilla.suse.com/show_bug.cgi?id=1258344 * https://bugzilla.suse.com/show_bug.cgi?id=1259418 * https://bugzilla.suse.com/show_bug.cgi?id=1259650 * https://bugzilla.suse.com/show_bug.cgi?id=1259697 * https://jira.suse.com/browse/PED-14853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:37:50 -0000 Subject: SUSE-SU-2026:21143-1: important: Security update for tar Message-ID: <177677507079.7580.814902347997488@5a8be24cc32b> # Security update for tar Announcement ID: SUSE-SU-2026:21143-1 Release Date: 2026-04-07T14:58:07Z Rating: important References: * bsc#1246399 * bsc#1246607 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for tar fixes the following issue: Security issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). Non security issue: * Fixes tar creating invalid tarballs when used with --delete (bsc#1246607) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-486=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-486=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * tar-debuginfo-1.35-160000.3.1 * tar-debugsource-1.35-160000.3.1 * tar-rmt-1.35-160000.3.1 * tar-1.35-160000.3.1 * tar-rmt-debuginfo-1.35-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * tar-backup-scripts-1.35-160000.3.1 * tar-lang-1.35-160000.3.1 * tar-doc-1.35-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * tar-debuginfo-1.35-160000.3.1 * tar-debugsource-1.35-160000.3.1 * tar-rmt-1.35-160000.3.1 * tar-1.35-160000.3.1 * tar-rmt-debuginfo-1.35-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * tar-backup-scripts-1.35-160000.3.1 * tar-lang-1.35-160000.3.1 * tar-doc-1.35-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 * https://bugzilla.suse.com/show_bug.cgi?id=1246607 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:37:59 -0000 Subject: SUSE-SU-2026:21140-1: important: Security update for tigervnc Message-ID: <177677507970.7580.15967243690328313010@5a8be24cc32b> # Security update for tigervnc Announcement ID: SUSE-SU-2026:21140-1 Release Date: 2026-04-07T12:21:55Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-479=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-479=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * tigervnc-debuginfo-1.15.0-160000.3.1 * tigervnc-debugsource-1.15.0-160000.3.1 * tigervnc-1.15.0-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * tigervnc-selinux-1.15.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * tigervnc-debuginfo-1.15.0-160000.3.1 * tigervnc-debugsource-1.15.0-160000.3.1 * tigervnc-1.15.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * tigervnc-selinux-1.15.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:32:12 -0000 Subject: SUSE-SU-2026:21211-1: important: Security update for xwayland Message-ID: <177677473219.7580.8794787580792378862@5a8be24cc32b> # Security update for xwayland Announcement ID: SUSE-SU-2026:21211-1 Release Date: 2026-04-17T07:57:12Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-583=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-583=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * xwayland-debugsource-24.1.6-160000.4.1 * xwayland-24.1.6-160000.4.1 * xwayland-debuginfo-24.1.6-160000.4.1 * xwayland-devel-24.1.6-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * xwayland-debugsource-24.1.6-160000.4.1 * xwayland-24.1.6-160000.4.1 * xwayland-debuginfo-24.1.6-160000.4.1 * xwayland-devel-24.1.6-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:38:08 -0000 Subject: SUSE-SU-2026:21138-1: important: Security update for libpng16 Message-ID: <177677508856.7580.3616311366166343607@5a8be24cc32b> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21138-1 Release Date: 2026-04-07T11:57:38Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-480=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-480=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libpng16-devel-1.6.44-160000.6.1 * libpng16-compat-devel-1.6.44-160000.6.1 * libpng16-16-1.6.44-160000.6.1 * libpng16-tools-debuginfo-1.6.44-160000.6.1 * libpng16-tools-1.6.44-160000.6.1 * libpng16-debugsource-1.6.44-160000.6.1 * libpng16-16-debuginfo-1.6.44-160000.6.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libpng16-devel-x86-64-v3-1.6.44-160000.6.1 * libpng16-compat-devel-x86-64-v3-1.6.44-160000.6.1 * libpng16-16-x86-64-v3-debuginfo-1.6.44-160000.6.1 * libpng16-16-x86-64-v3-1.6.44-160000.6.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libpng16-devel-1.6.44-160000.6.1 * libpng16-compat-devel-1.6.44-160000.6.1 * libpng16-16-1.6.44-160000.6.1 * libpng16-tools-debuginfo-1.6.44-160000.6.1 * libpng16-tools-1.6.44-160000.6.1 * libpng16-debugsource-1.6.44-160000.6.1 * libpng16-16-debuginfo-1.6.44-160000.6.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libpng16-devel-x86-64-v3-1.6.44-160000.6.1 * libpng16-compat-devel-x86-64-v3-1.6.44-160000.6.1 * libpng16-16-x86-64-v3-debuginfo-1.6.44-160000.6.1 * libpng16-16-x86-64-v3-1.6.44-160000.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:38:20 -0000 Subject: SUSE-SU-2026:1511-1: important: Security update for flatpak Message-ID: <177677510026.7580.245004150020737532@5a8be24cc32b> # Security update for flatpak Announcement ID: SUSE-SU-2026:1511-1 Release Date: 2026-04-21T06:28:50Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox- expose options (bsc#1261769). * CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation (bsc#1261770). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1511=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1511=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1511=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1511=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1511=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:38:23 -0000 Subject: SUSE-SU-2026:1510-1: moderate: Security update for ncurses Message-ID: <177677510397.7580.15808730679851834994@5a8be24cc32b> # Security update for ncurses Announcement ID: SUSE-SU-2026:1510-1 Release Date: 2026-04-21T06:28:34Z Rating: moderate References: * bsc#1259924 Cross-References: * CVE-2025-69720 CVSS scores: * CVE-2025-69720 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-69720 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2025-69720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-69720 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2025-69720 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * Legacy Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ncurses fixes the following issue: * CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1510=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1510=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1510=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1510=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1510=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1510=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1510=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1510=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1510=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1510=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ncurses-devel-6.1-150000.5.33.1 * tack-6.1-150000.5.33.1 * terminfo-base-6.1-150000.5.33.1 * tack-debuginfo-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-screen-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * terminfo-iterm-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * ncurses-devel-debuginfo-6.1-150000.5.33.1 * Basesystem Module 15-SP7 (x86_64) * libncurses6-32bit-6.1-150000.5.33.1 * libncurses6-32bit-debuginfo-6.1-150000.5.33.1 * Development Tools Module 15-SP7 (x86_64) * ncurses-devel-32bit-6.1-150000.5.33.1 * ncurses-devel-32bit-debuginfo-6.1-150000.5.33.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ncurses5-devel-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * libncurses5-6.1-150000.5.33.1 * libncurses5-debuginfo-6.1-150000.5.33.1 * Legacy Module 15-SP7 (x86_64) * libncurses5-32bit-debuginfo-6.1-150000.5.33.1 * libncurses5-32bit-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 ## References: * https://www.suse.com/security/cve/CVE-2025-69720.html * https://bugzilla.suse.com/show_bug.cgi?id=1259924 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:38:37 -0000 Subject: SUSE-SU-2026:1508-1: important: Security update for podman Message-ID: <177677511775.7580.12056639937390514434@5a8be24cc32b> # Security update for podman Announcement ID: SUSE-SU-2026:1508-1 Release Date: 2026-04-21T06:27:09Z Rating: important References: Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that can now be installed. ## Description: This update for podman rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1508=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1508=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1508=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1508=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1508=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1508=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1508=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1508=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1508=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * podmansh-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * podman-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * openSUSE Leap 15.4 (noarch) * podman-docker-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * podman-docker-4.9.5-150400.4.67.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * podman-docker-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * podman-docker-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * podman-docker-4.9.5-150400.4.67.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:32:19 -0000 Subject: SUSE-SU-2026:21209-1: important: Security update for gdk-pixbuf Message-ID: <177677473992.7580.13744351559899867473@5a8be24cc32b> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:21209-1 Release Date: 2026-04-17T07:53:37Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-581=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-581=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libgdk_pixbuf-2_0-0-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-2.42.12-160000.4.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-debugsource-2.42.12-160000.4.1 * gdk-pixbuf-devel-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-160000.4.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1 * gdk-pixbuf-devel-debuginfo-2.42.12-160000.4.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-160000.4.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-thumbnailer-2.42.12-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * gdk-pixbuf-lang-2.42.12-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libgdk_pixbuf-2_0-0-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-2.42.12-160000.4.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-debugsource-2.42.12-160000.4.1 * gdk-pixbuf-devel-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-160000.4.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1 * gdk-pixbuf-devel-debuginfo-2.42.12-160000.4.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-160000.4.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-thumbnailer-2.42.12-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * gdk-pixbuf-lang-2.42.12-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:32:17 -0000 Subject: SUSE-SU-2026:21210-1: important: Security update for google-cloud-sap-agent Message-ID: <177677473705.7580.12155506014405886812@5a8be24cc32b> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2026:21210-1 Release Date: 2026-04-17T07:57:12Z Rating: important References: * bsc#1259816 * bsc#1260265 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 (bsc#1259816): * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260265). Changes for google-cloud-sap-agent: * Collect WLM metric `saphanasr_angi_installed` for all OS types. * Failure handling: Remove attached disks from CG * OTE Status checks for Parameter Manager (SAP Agent) * Log command-line arguments in configureinstance. * Minor multiple reliability checks and fixes * Support custom names for restored disks in hanadiskrestore * Add newAttachedDisks to Restorer and detach them on restore failure. * Improve unit test coverage for hanadiskbackup and hanadiskrestore * Add support for refresh point tests. * Refactor HANA disk backup user validation and physical path parsing. * Auto updated compiled protocol buffers * Parameter Manager integration to SAP Agent * Modify collection logic for SAP HANA configuration files. * Update workloadagentplatform version and hash. * Update WLM Validation metrics to support SAPHanaSR-angi setups. * Increment agent version to 3.12. * SAP HANA Pacemaker failover settings can come from `SAPHanaController`. * Update collection for WLM metric `ha_sr_hook_configured`. * Refactor CheckTopology to accept instance number. * Use constant backoff with max retries for snapshot group operations. * Update workloadagentplatform dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-578=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-578=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * google-cloud-sap-agent-3.12-160000.1.1 * google-cloud-sap-agent-debuginfo-3.12-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * google-cloud-sap-agent-3.12-160000.1.1 * google-cloud-sap-agent-debuginfo-3.12-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1259816 * https://bugzilla.suse.com/show_bug.cgi?id=1260265 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:31:12 -0000 Subject: SUSE-SU-2026:21219-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177677467229.7580.16140443558069483797@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21219-1 Release Date: 2026-04-13T02:44:51Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-533=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-533=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-7-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-7-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:36:49 -0000 Subject: SUSE-SU-2026:21159-1: moderate: Security update for python-gi-docgen Message-ID: <177677500948.7580.4940170593144751703@5a8be24cc32b> # Security update for python-gi-docgen Announcement ID: SUSE-SU-2026:21159-1 Release Date: 2026-04-09T14:40:05Z Rating: moderate References: * bsc#1251961 Cross-References: * CVE-2025-11687 CVSS scores: * CVE-2025-11687 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L * CVE-2025-11687 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2025-11687 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-gi-docgen fixes the following issues: * CVE-2025-11687: Fixed reflected DOM XSS (bsc#1251961) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-512=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-512=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * python3-gi-docgen-2025.5-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * python3-gi-docgen-2025.5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11687.html * https://bugzilla.suse.com/show_bug.cgi?id=1251961 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:37:17 -0000 Subject: SUSE-SU-2026:21151-1: moderate: Security update for zlib Message-ID: <177677503716.7580.11191188884489361791@5a8be24cc32b> # Security update for zlib Announcement ID: SUSE-SU-2026:21151-1 Release Date: 2026-04-09T11:18:30Z Rating: moderate References: * bsc#1216378 * bsc#1258392 Cross-References: * CVE-2023-45853 * CVE-2026-27171 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45853 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) * CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-502=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-502=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * minizip-devel-1.2.13-160000.3.1 * zlib-devel-static-1.2.13-160000.3.1 * libminizip1-1.2.13-160000.3.1 * libz1-debuginfo-1.2.13-160000.3.1 * zlib-devel-1.2.13-160000.3.1 * libz1-1.2.13-160000.3.1 * libminizip1-debuginfo-1.2.13-160000.3.1 * zlib-debugsource-1.2.13-160000.3.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libz1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-1.2.13-160000.3.1 * libz1-x86-64-v3-1.2.13-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * minizip-devel-1.2.13-160000.3.1 * zlib-devel-static-1.2.13-160000.3.1 * libminizip1-1.2.13-160000.3.1 * libz1-debuginfo-1.2.13-160000.3.1 * zlib-devel-1.2.13-160000.3.1 * libz1-1.2.13-160000.3.1 * libminizip1-debuginfo-1.2.13-160000.3.1 * zlib-debugsource-1.2.13-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libz1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-1.2.13-160000.3.1 * libz1-x86-64-v3-1.2.13-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://www.suse.com/security/cve/CVE-2026-27171.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 * https://bugzilla.suse.com/show_bug.cgi?id=1258392 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:36:32 -0000 Subject: SUSE-SU-2026:21164-1: important: Security update for glibc Message-ID: <177677499219.7580.7490924600387397001@5a8be24cc32b> # Security update for glibc Announcement ID: SUSE-SU-2026:21164-1 Release Date: 2026-04-10T06:36:43Z Rating: important References: * bsc#1258319 * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for glibc fixes the following issues: Security fixes: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). Other fixes: * nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-516=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-516=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * glibc-devel-debuginfo-2.40-160000.4.1 * glibc-locale-2.40-160000.4.1 * glibc-locale-base-2.40-160000.4.1 * glibc-utils-2.40-160000.4.1 * glibc-utils-debuginfo-2.40-160000.4.1 * glibc-extra-2.40-160000.4.1 * glibc-utils-src-debugsource-2.40-160000.4.1 * glibc-devel-static-2.40-160000.4.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.4.1 * glibc-profile-2.40-160000.4.1 * glibc-debuginfo-2.40-160000.4.1 * glibc-extra-debuginfo-2.40-160000.4.1 * glibc-debugsource-2.40-160000.4.1 * glibc-devel-2.40-160000.4.1 * glibc-gconv-modules-extra-2.40-160000.4.1 * glibc-2.40-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * glibc-lang-2.40-160000.4.1 * glibc-i18ndata-2.40-160000.4.1 * glibc-html-2.40-160000.4.1 * glibc-info-2.40-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * glibc-devel-debuginfo-2.40-160000.4.1 * glibc-locale-2.40-160000.4.1 * glibc-locale-base-2.40-160000.4.1 * glibc-utils-2.40-160000.4.1 * glibc-utils-debuginfo-2.40-160000.4.1 * glibc-extra-2.40-160000.4.1 * glibc-utils-src-debugsource-2.40-160000.4.1 * glibc-devel-static-2.40-160000.4.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.4.1 * glibc-profile-2.40-160000.4.1 * glibc-debuginfo-2.40-160000.4.1 * glibc-extra-debuginfo-2.40-160000.4.1 * glibc-debugsource-2.40-160000.4.1 * glibc-devel-2.40-160000.4.1 * glibc-gconv-modules-extra-2.40-160000.4.1 * glibc-2.40-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * glibc-lang-2.40-160000.4.1 * glibc-i18ndata-2.40-160000.4.1 * glibc-html-2.40-160000.4.1 * glibc-info-2.40-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1258319 * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:36:20 -0000 Subject: SUSE-SU-2026:21166-1: important: Security update for cockpit Message-ID: <177677498014.7580.18320569031014569907@5a8be24cc32b> # Security update for cockpit Announcement ID: SUSE-SU-2026:21166-1 Release Date: 2026-04-10T11:36:09Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-520=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-520=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * cockpit-debugsource-354-160000.2.1 * cockpit-ws-debuginfo-354-160000.2.1 * cockpit-354-160000.2.1 * cockpit-ws-354-160000.2.1 * cockpit-devel-354-160000.2.1 * cockpit-ws-selinux-354-160000.2.1 * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-bridge-354-160000.2.1 * cockpit-packagekit-354-160000.2.1 * cockpit-kdump-354-160000.2.1 * cockpit-doc-354-160000.2.1 * cockpit-storaged-354-160000.2.1 * cockpit-networkmanager-354-160000.2.1 * cockpit-firewalld-354-160000.2.1 * cockpit-selinux-354-160000.2.1 * cockpit-system-354-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * cockpit-debugsource-354-160000.2.1 * cockpit-ws-debuginfo-354-160000.2.1 * cockpit-354-160000.2.1 * cockpit-ws-354-160000.2.1 * cockpit-devel-354-160000.2.1 * cockpit-ws-selinux-354-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-bridge-354-160000.2.1 * cockpit-packagekit-354-160000.2.1 * cockpit-kdump-354-160000.2.1 * cockpit-doc-354-160000.2.1 * cockpit-storaged-354-160000.2.1 * cockpit-networkmanager-354-160000.2.1 * cockpit-firewalld-354-160000.2.1 * cockpit-selinux-354-160000.2.1 * cockpit-system-354-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:37:09 -0000 Subject: SUSE-SU-2026:21153-1: important: Security update for pgvector Message-ID: <177677502978.7580.16454092426769252577@5a8be24cc32b> # Security update for pgvector Announcement ID: SUSE-SU-2026:21153-1 Release Date: 2026-04-09T12:27:13Z Rating: important References: * bsc#1258945 Cross-References: * CVE-2026-3172 CVSS scores: * CVE-2026-3172 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-3172 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for pgvector fixes the following issue: Update to pgvector 0.8.2: * CVE-2026-3172: Buffer overflow in parallel HNSW index build (bsc#1258945). Changelog: * Fixed Index Searches in EXPLAIN output for Postgres 18 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-504=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-504=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * postgresql15-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql13-pgvector-debugsource-0.8.2-160000.1.1 * postgresql14-pgvector-debugsource-0.8.2-160000.1.1 * postgresql13-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql17-pgvector-debugsource-0.8.2-160000.1.1 * postgresql16-pgvector-debugsource-0.8.2-160000.1.1 * postgresql16-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-debugsource-0.8.2-160000.1.1 * postgresql13-pgvector-0.8.2-160000.1.1 * postgresql14-pgvector-0.8.2-160000.1.1 * postgresql15-pgvector-0.8.2-160000.1.1 * postgresql17-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-0.8.2-160000.1.1 * postgresql17-pgvector-0.8.2-160000.1.1 * postgresql16-pgvector-0.8.2-160000.1.1 * postgresql14-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql15-pgvector-debugsource-0.8.2-160000.1.1 * pgvector-devel-0.8.2-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * postgresql15-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql13-pgvector-debugsource-0.8.2-160000.1.1 * postgresql14-pgvector-debugsource-0.8.2-160000.1.1 * postgresql13-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql17-pgvector-debugsource-0.8.2-160000.1.1 * postgresql16-pgvector-debugsource-0.8.2-160000.1.1 * postgresql16-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-debugsource-0.8.2-160000.1.1 * postgresql13-pgvector-0.8.2-160000.1.1 * postgresql14-pgvector-0.8.2-160000.1.1 * postgresql15-pgvector-0.8.2-160000.1.1 * postgresql17-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-0.8.2-160000.1.1 * postgresql17-pgvector-0.8.2-160000.1.1 * postgresql16-pgvector-0.8.2-160000.1.1 * postgresql14-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql15-pgvector-debugsource-0.8.2-160000.1.1 * pgvector-devel-0.8.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3172.html * https://bugzilla.suse.com/show_bug.cgi?id=1258945 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:35:59 -0000 Subject: SUSE-SU-2026:21172-1: moderate: Security update for pcre2 Message-ID: <177677495974.7580.13325716763937477494@5a8be24cc32b> # Security update for pcre2 Announcement ID: SUSE-SU-2026:21172-1 Release Date: 2026-04-10T18:29:30Z Rating: moderate References: * bsc#1248842 Cross-References: * CVE-2025-58050 CVSS scores: * CVE-2025-58050 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-58050 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2025-58050 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58050 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for pcre2 fixes the following issue: * CVE-2025-58050: integer overflow leads to heap buffer overread in match_ref due to missing boundary restoration in SCS (bsc#1248842). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-528=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-528=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libpcre2-8-0-10.45-160000.3.1 * pcre2-tools-debuginfo-10.45-160000.3.1 * libpcre2-32-0-10.45-160000.3.1 * libpcre2-posix3-debuginfo-10.45-160000.3.1 * libpcre2-16-0-10.45-160000.3.1 * libpcre2-32-0-debuginfo-10.45-160000.3.1 * pcre2-devel-10.45-160000.3.1 * libpcre2-8-0-debuginfo-10.45-160000.3.1 * pcre2-debugsource-10.45-160000.3.1 * libpcre2-16-0-debuginfo-10.45-160000.3.1 * libpcre2-posix3-10.45-160000.3.1 * pcre2-devel-static-10.45-160000.3.1 * pcre2-tools-10.45-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * pcre2-doc-10.45-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libpcre2-8-0-10.45-160000.3.1 * pcre2-tools-debuginfo-10.45-160000.3.1 * libpcre2-32-0-10.45-160000.3.1 * libpcre2-posix3-debuginfo-10.45-160000.3.1 * libpcre2-16-0-10.45-160000.3.1 * libpcre2-32-0-debuginfo-10.45-160000.3.1 * pcre2-devel-10.45-160000.3.1 * libpcre2-8-0-debuginfo-10.45-160000.3.1 * pcre2-debugsource-10.45-160000.3.1 * libpcre2-16-0-debuginfo-10.45-160000.3.1 * libpcre2-posix3-10.45-160000.3.1 * pcre2-devel-static-10.45-160000.3.1 * pcre2-tools-10.45-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * pcre2-doc-10.45-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58050.html * https://bugzilla.suse.com/show_bug.cgi?id=1248842 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:35:17 -0000 Subject: SUSE-SU-2026:21180-1: important: Security update for webkit2gtk3 Message-ID: <177677491718.7580.8570029567469631818@5a8be24cc32b> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:21180-1 Release Date: 2026-04-13T11:47:50Z Rating: important References: * bsc#1259934 * bsc#1259935 * bsc#1259936 * bsc#1259937 * bsc#1259938 * bsc#1259939 * bsc#1259940 * bsc#1259941 * bsc#1259942 * bsc#1259943 * bsc#1259944 * bsc#1259945 * bsc#1259946 * bsc#1259947 * bsc#1259948 * bsc#1259949 * bsc#1259950 * bsc#1261172 * bsc#1261173 * bsc#1261174 * bsc#1261175 * bsc#1261176 * bsc#1261177 * bsc#1261178 * bsc#1261179 Cross-References: * CVE-2023-43010 * CVE-2025-31223 * CVE-2025-31277 * CVE-2025-43213 * CVE-2025-43214 * CVE-2025-43433 * CVE-2025-43438 * CVE-2025-43441 * CVE-2025-43457 * CVE-2025-43511 * CVE-2025-46299 * CVE-2026-20608 * CVE-2026-20635 * CVE-2026-20636 * CVE-2026-20643 * CVE-2026-20644 * CVE-2026-20652 * CVE-2026-20664 * CVE-2026-20665 * CVE-2026-20676 * CVE-2026-20691 * CVE-2026-28857 * CVE-2026-28859 * CVE-2026-28861 * CVE-2026-28871 CVSS scores: * CVE-2023-43010 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-43010 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43010 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31223 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31277 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43213 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43213 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43214 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43214 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43214 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43433 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43433 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43433 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43438 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43441 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43441 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43441 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43457 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43457 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43457 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43511 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43511 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43511 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46299 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-46299 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-46299 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20608 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20608 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20635 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20636 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20636 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20636 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20644 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20644 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20652 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20652 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-20676 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-20676 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: * CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1259947). * CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1259946). * CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash due to use-after-free (bsc#1259942). * CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash due to use-after-free (bsc#1259941). * CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app due to improper memory initialization (bsc#1259940). * CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash due to improper state management (bsc#1259939). * CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259938). * CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259937). * CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy due to improper input validation (bsc#1261172). * CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259936). * CVE-2026-20652: a remote attacker may be able to cause a denial-of-service due to improper memory handling (bsc#1259935). * CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1261173). * CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to improper state management (bsc#1261174). * CVE-2026-20676: a website may be able to track users through web extensions due to improper state management (bsc#1259934). * CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint users due to improper state management (bsc#1261175). * CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1261176). * CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox due to improper memory management (bsc#1261177). * CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins due to improper state management (bsc#1261178). * CVE-2026-28871: visiting a maliciously crafted website may lead to a cross- site scripting attack due to missing checks (bsc#1261179). Other updates and bugfixes: * Version 2.52.1: * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. * Version 2.52.0: * Make scrolling with touch input smoother for small movements. * Fix estimated load progress of downloads when Content-Length value is wrong. * Ensure that "scrollend" events are correctly emitted after scroll animations. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-540=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-540=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * WebKitGTK-6.0-lang-2.52.1-160000.1.1 * WebKitGTK-4.1-lang-2.52.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-2.52.1-160000.1.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-debuginfo-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-2.52.1-160000.1.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-160000.1.1 * typelib-1_0-WebKit-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * WebKitGTK-6.0-lang-2.52.1-160000.1.1 * WebKitGTK-4.1-lang-2.52.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-2.52.1-160000.1.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-debuginfo-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-2.52.1-160000.1.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-160000.1.1 * typelib-1_0-WebKit-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43010.html * https://www.suse.com/security/cve/CVE-2025-31223.html * https://www.suse.com/security/cve/CVE-2025-31277.html * https://www.suse.com/security/cve/CVE-2025-43213.html * https://www.suse.com/security/cve/CVE-2025-43214.html * https://www.suse.com/security/cve/CVE-2025-43433.html * https://www.suse.com/security/cve/CVE-2025-43438.html * https://www.suse.com/security/cve/CVE-2025-43441.html * https://www.suse.com/security/cve/CVE-2025-43457.html * https://www.suse.com/security/cve/CVE-2025-43511.html * https://www.suse.com/security/cve/CVE-2025-46299.html * https://www.suse.com/security/cve/CVE-2026-20608.html * https://www.suse.com/security/cve/CVE-2026-20635.html * https://www.suse.com/security/cve/CVE-2026-20636.html * https://www.suse.com/security/cve/CVE-2026-20643.html * https://www.suse.com/security/cve/CVE-2026-20644.html * https://www.suse.com/security/cve/CVE-2026-20652.html * https://www.suse.com/security/cve/CVE-2026-20664.html * https://www.suse.com/security/cve/CVE-2026-20665.html * https://www.suse.com/security/cve/CVE-2026-20676.html * https://www.suse.com/security/cve/CVE-2026-20691.html * https://www.suse.com/security/cve/CVE-2026-28857.html * https://www.suse.com/security/cve/CVE-2026-28859.html * https://www.suse.com/security/cve/CVE-2026-28861.html * https://www.suse.com/security/cve/CVE-2026-28871.html * https://bugzilla.suse.com/show_bug.cgi?id=1259934 * https://bugzilla.suse.com/show_bug.cgi?id=1259935 * https://bugzilla.suse.com/show_bug.cgi?id=1259936 * https://bugzilla.suse.com/show_bug.cgi?id=1259937 * https://bugzilla.suse.com/show_bug.cgi?id=1259938 * https://bugzilla.suse.com/show_bug.cgi?id=1259939 * https://bugzilla.suse.com/show_bug.cgi?id=1259940 * https://bugzilla.suse.com/show_bug.cgi?id=1259941 * https://bugzilla.suse.com/show_bug.cgi?id=1259942 * https://bugzilla.suse.com/show_bug.cgi?id=1259943 * https://bugzilla.suse.com/show_bug.cgi?id=1259944 * https://bugzilla.suse.com/show_bug.cgi?id=1259945 * https://bugzilla.suse.com/show_bug.cgi?id=1259946 * https://bugzilla.suse.com/show_bug.cgi?id=1259947 * https://bugzilla.suse.com/show_bug.cgi?id=1259948 * https://bugzilla.suse.com/show_bug.cgi?id=1259949 * https://bugzilla.suse.com/show_bug.cgi?id=1259950 * https://bugzilla.suse.com/show_bug.cgi?id=1261172 * https://bugzilla.suse.com/show_bug.cgi?id=1261173 * https://bugzilla.suse.com/show_bug.cgi?id=1261174 * https://bugzilla.suse.com/show_bug.cgi?id=1261175 * https://bugzilla.suse.com/show_bug.cgi?id=1261176 * https://bugzilla.suse.com/show_bug.cgi?id=1261177 * https://bugzilla.suse.com/show_bug.cgi?id=1261178 * https://bugzilla.suse.com/show_bug.cgi?id=1261179 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:36:58 -0000 Subject: SUSE-SU-2026:21157-1: important: Security update for MozillaFirefox Message-ID: <177677501894.7580.6209067253326127865@5a8be24cc32b> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:21157-1 Release Date: 2026-04-09T12:58:07Z Rating: important References: * bsc#1261663 * jsc#PED-15778 Cross-References: * CVE-2026-5731 * CVE-2026-5732 * CVE-2026-5734 CVSS scores: * CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5731 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5732 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.9.1 ESR (bsc#1261663). * MFSA 2026-27: * CVE-2026-5731: memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-501=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-501=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-140.9.1-160000.1.1 * MozillaFirefox-translations-other-140.9.1-160000.1.1 * MozillaFirefox-debuginfo-140.9.1-160000.1.1 * MozillaFirefox-140.9.1-160000.1.1 * MozillaFirefox-debugsource-140.9.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * MozillaFirefox-devel-140.9.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * MozillaFirefox-translations-common-140.9.1-160000.1.1 * MozillaFirefox-translations-other-140.9.1-160000.1.1 * MozillaFirefox-debuginfo-140.9.1-160000.1.1 * MozillaFirefox-140.9.1-160000.1.1 * MozillaFirefox-debugsource-140.9.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * MozillaFirefox-devel-140.9.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5731.html * https://www.suse.com/security/cve/CVE-2026-5732.html * https://www.suse.com/security/cve/CVE-2026-5734.html * https://bugzilla.suse.com/show_bug.cgi?id=1261663 * https://jira.suse.com/browse/PED-15778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:36:43 -0000 Subject: SUSE-SU-2026:21161-1: moderate: Security update for ovmf Message-ID: <177677500394.7580.2737858474774834420@5a8be24cc32b> # Security update for ovmf Announcement ID: SUSE-SU-2026:21161-1 Release Date: 2026-04-09T15:10:40Z Rating: moderate References: * bsc#1252441 Cross-References: * CVE-2025-59438 CVSS scores: * CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59438 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ovmf fixes the following issue: * CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-514=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-514=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * ovmf-tools-202502-160000.4.1 * ovmf-202502-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * qemu-ovmf-x86_64-202502-160000.4.1 * qemu-uefi-aarch64-202502-160000.4.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * ovmf-debugsource-202502-160000.4.1 * ovmf-debuginfo-202502-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * ovmf-tools-202502-160000.4.1 * ovmf-202502-160000.4.1 * ovmf-debugsource-202502-160000.4.1 * ovmf-debuginfo-202502-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * qemu-ovmf-x86_64-202502-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59438.html * https://bugzilla.suse.com/show_bug.cgi?id=1252441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:55 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:36:55 -0000 Subject: SUSE-SU-2026:21158-1: moderate: Security update for util-linux Message-ID: <177677501597.7580.2875461212032591750@5a8be24cc32b> # Security update for util-linux Announcement ID: SUSE-SU-2026:21158-1 Release Date: 2026-04-09T13:00:19Z Rating: moderate References: * bsc#1222465 * bsc#1254666 * bsc#1258859 * jsc#PED-13682 Cross-References: * CVE-2025-14104 * CVE-2026-3184 CVSS scores: * CVE-2025-14104 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-14104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-14104 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-3184 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-3184 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for util-linux fixes the following issues: Security issues: * CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). * CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: * fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). * lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-510=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-510=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * util-linux-2.41.1-160000.3.1 * libuuid-devel-2.41.1-160000.3.1 * liblastlog2-2-debuginfo-2.41.1-160000.3.1 * libblkid1-2.41.1-160000.3.1 * libfdisk1-2.41.1-160000.3.1 * libuuid1-2.41.1-160000.3.1 * util-linux-systemd-debuginfo-2.41.1-160000.3.1 * liblastlog2-devel-2.41.1-160000.3.1 * uuidd-2.41.1-160000.3.1 * python313-libmount-2.41.1-160000.3.1 * util-linux-systemd-debugsource-2.41.1-160000.3.1 * libfdisk-devel-2.41.1-160000.3.1 * libblkid-devel-2.41.1-160000.3.1 * libblkid-devel-static-2.41.1-160000.3.1 * libmount-devel-2.41.1-160000.3.1 * liblastlog2-2-2.41.1-160000.3.1 * libuuid-devel-static-2.41.1-160000.3.1 * libfdisk-devel-static-2.41.1-160000.3.1 * util-linux-debugsource-2.41.1-160000.3.1 * util-linux-debuginfo-2.41.1-160000.3.1 * libmount1-2.41.1-160000.3.1 * lastlog2-2.41.1-160000.3.1 * util-linux-systemd-2.41.1-160000.3.1 * util-linux-tty-tools-debuginfo-2.41.1-160000.3.1 * libuuid1-debuginfo-2.41.1-160000.3.1 * libmount1-debuginfo-2.41.1-160000.3.1 * libsmartcols1-debuginfo-2.41.1-160000.3.1 * libsmartcols1-2.41.1-160000.3.1 * python313-libmount-debuginfo-2.41.1-160000.3.1 * libblkid1-debuginfo-2.41.1-160000.3.1 * libsmartcols-devel-2.41.1-160000.3.1 * util-linux-tty-tools-2.41.1-160000.3.1 * lastlog2-debuginfo-2.41.1-160000.3.1 * libmount-devel-static-2.41.1-160000.3.1 * libfdisk1-debuginfo-2.41.1-160000.3.1 * libsmartcols-devel-static-2.41.1-160000.3.1 * python-libmount-debugsource-2.41.1-160000.3.1 * uuidd-debuginfo-2.41.1-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * util-linux-lang-2.41.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * util-linux-2.41.1-160000.3.1 * libuuid-devel-2.41.1-160000.3.1 * liblastlog2-2-debuginfo-2.41.1-160000.3.1 * libblkid1-2.41.1-160000.3.1 * libfdisk1-2.41.1-160000.3.1 * libuuid1-2.41.1-160000.3.1 * util-linux-systemd-debuginfo-2.41.1-160000.3.1 * liblastlog2-devel-2.41.1-160000.3.1 * uuidd-2.41.1-160000.3.1 * python313-libmount-2.41.1-160000.3.1 * util-linux-systemd-debugsource-2.41.1-160000.3.1 * libfdisk-devel-2.41.1-160000.3.1 * libblkid-devel-2.41.1-160000.3.1 * libblkid-devel-static-2.41.1-160000.3.1 * libmount-devel-2.41.1-160000.3.1 * liblastlog2-2-2.41.1-160000.3.1 * libuuid-devel-static-2.41.1-160000.3.1 * libfdisk-devel-static-2.41.1-160000.3.1 * util-linux-debugsource-2.41.1-160000.3.1 * util-linux-debuginfo-2.41.1-160000.3.1 * libmount1-2.41.1-160000.3.1 * lastlog2-2.41.1-160000.3.1 * util-linux-systemd-2.41.1-160000.3.1 * util-linux-tty-tools-debuginfo-2.41.1-160000.3.1 * libuuid1-debuginfo-2.41.1-160000.3.1 * libmount1-debuginfo-2.41.1-160000.3.1 * libsmartcols1-debuginfo-2.41.1-160000.3.1 * libsmartcols1-2.41.1-160000.3.1 * python313-libmount-debuginfo-2.41.1-160000.3.1 * libblkid1-debuginfo-2.41.1-160000.3.1 * libsmartcols-devel-2.41.1-160000.3.1 * util-linux-tty-tools-2.41.1-160000.3.1 * lastlog2-debuginfo-2.41.1-160000.3.1 * libmount-devel-static-2.41.1-160000.3.1 * libfdisk1-debuginfo-2.41.1-160000.3.1 * libsmartcols-devel-static-2.41.1-160000.3.1 * python-libmount-debugsource-2.41.1-160000.3.1 * uuidd-debuginfo-2.41.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * util-linux-lang-2.41.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14104.html * https://www.suse.com/security/cve/CVE-2026-3184.html * https://bugzilla.suse.com/show_bug.cgi?id=1222465 * https://bugzilla.suse.com/show_bug.cgi?id=1254666 * https://bugzilla.suse.com/show_bug.cgi?id=1258859 * https://jira.suse.com/browse/PED-13682 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:37:37 -0000 Subject: SUSE-SU-2026:21145-1: moderate: Security update for perl-Authen-SASL Message-ID: <177677505704.7580.2649187387130258160@5a8be24cc32b> # Security update for perl-Authen-SASL Announcement ID: SUSE-SU-2026:21145-1 Release Date: 2026-04-09T10:58:55Z Rating: moderate References: * bsc#1246623 Cross-References: * CVE-2025-40918 CVSS scores: * CVE-2025-40918 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-40918 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-40918 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for perl-Authen-SASL fixes the following issues: Changes in perl-Authen-SASL: * CVE-2025-40918: use Crypt:URandom for generating nonces (bsc#1246623) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-495=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-495=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * perl-Authen-SASL-2.170.0-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-0.550.0-160000.1.1 * perl-Crypt-URandom-debugsource-0.550.0-160000.1.1 * perl-Crypt-URandom-debuginfo-0.550.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * perl-Authen-SASL-2.170.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * perl-Crypt-URandom-0.550.0-160000.1.1 * perl-Crypt-URandom-debugsource-0.550.0-160000.1.1 * perl-Crypt-URandom-debuginfo-0.550.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40918.html * https://bugzilla.suse.com/show_bug.cgi?id=1246623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:34:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:34:38 -0000 Subject: SUSE-SU-2026:21181-1: important: Security update for nodejs24 Message-ID: <177677487884.7580.10585701327492748891@5a8be24cc32b> # Security update for nodejs24 Announcement ID: SUSE-SU-2026:21181-1 Release Date: 2026-04-13T12:29:51Z Rating: important References: * bsc#1256572 * bsc#1256576 * bsc#1260455 * bsc#1260460 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2025-59464 * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21712 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2025-59464 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-59464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-59464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59464 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21712 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21712 ( NVD ): 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21712: assertion error caused by flaw in URL processing allows for a process crash via a URL with a malformed IDN (bsc#1260460). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). * CVE-2025-59464: memory leak allows for remote denial of service against applications processing TLS client certificates (bsc#1256572). Other updates and bugfixes: * Version 24.14.0: * async_hooks: add trackPromises option to createHook() * build,deps: replace cjs-module-lexer with merve * deps: add LIEF as a dependency * events: repurpose events.listenerCount() to accept EventTargets * fs: add ignore option to fs.watch * http: add http.setGlobalProxyFromEnv() * module: allow subpath imports that start with #/ * process: preserve AsyncLocalStorage in queueMicrotask only when needed * sea: split sea binary manipulation code * sqlite: enable defensive mode by default * sqlite: add sqlite prepare options args * src: add initial support for ESM in embedder API * stream: add bytes() method to node:stream/consumers * stream: do not pass readable.compose() output via Readable.from() * test: use fixture directories for sea tests * test_runner: add env option to run function * test_runner: support expecting a test-case to fail * util: add convertProcessSignalToExitCode utility * For details, see https://nodejs.org/en/blog/release/v24.14.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-541=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-541=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * nodejs24-debugsource-24.14.1-160000.1.1 * corepack24-24.14.1-160000.1.1 * npm24-24.14.1-160000.1.1 * nodejs24-24.14.1-160000.1.1 * nodejs24-debuginfo-24.14.1-160000.1.1 * nodejs24-devel-24.14.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * nodejs24-docs-24.14.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * nodejs24-debugsource-24.14.1-160000.1.1 * corepack24-24.14.1-160000.1.1 * npm24-24.14.1-160000.1.1 * nodejs24-24.14.1-160000.1.1 * nodejs24-debuginfo-24.14.1-160000.1.1 * nodejs24-devel-24.14.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * nodejs24-docs-24.14.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59464.html * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21712.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256572 * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260460 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:35:30 -0000 Subject: SUSE-SU-2026:21178-1: important: Security update for python313 Message-ID: <177677493000.7580.11254624769355839363@5a8be24cc32b> # Security update for python313 Announcement ID: SUSE-SU-2026:21178-1 Release Date: 2026-04-13T09:41:21Z Rating: important References: * bsc#1257181 * bsc#1259240 * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 * jsc#PED-15850 Cross-References: * CVE-2025-13462 * CVE-2026-1299 * CVE-2026-2297 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for python313 fixes the following issues: Update to version 3.13.13. * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-539=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-539=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python313-base-3.13.13-160000.1.1 * python313-curses-3.13.13-160000.1.1 * python313-tk-debuginfo-3.13.13-160000.1.1 * python313-core-debugsource-3.13.13-160000.1.1 * python313-curses-debuginfo-3.13.13-160000.1.1 * python313-doc-devhelp-3.13.13-160000.1.1 * python313-dbm-3.13.13-160000.1.1 * python313-3.13.13-160000.1.1 * python313-debugsource-3.13.13-160000.1.1 * libpython3_13-1_0-3.13.13-160000.1.1 * libpython3_13-1_0-debuginfo-3.13.13-160000.1.1 * python313-tk-3.13.13-160000.1.1 * python313-devel-3.13.13-160000.1.1 * python313-devel-debuginfo-3.13.13-160000.1.1 * python313-debuginfo-3.13.13-160000.1.1 * python313-tools-3.13.13-160000.1.1 * python313-doc-3.13.13-160000.1.1 * python313-idle-3.13.13-160000.1.1 * python313-dbm-debuginfo-3.13.13-160000.1.1 * python313-base-debuginfo-3.13.13-160000.1.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * python313-x86-64-v3-debuginfo-3.13.13-160000.1.1 * python313-base-x86-64-v3-3.13.13-160000.1.1 * libpython3_13-1_0-x86-64-v3-3.13.13-160000.1.1 * libpython3_13-1_0-x86-64-v3-debuginfo-3.13.13-160000.1.1 * python313-x86-64-v3-3.13.13-160000.1.1 * python313-base-x86-64-v3-debuginfo-3.13.13-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python313-base-3.13.13-160000.1.1 * python313-curses-3.13.13-160000.1.1 * python313-tk-debuginfo-3.13.13-160000.1.1 * python313-core-debugsource-3.13.13-160000.1.1 * python313-curses-debuginfo-3.13.13-160000.1.1 * python313-doc-devhelp-3.13.13-160000.1.1 * python313-dbm-3.13.13-160000.1.1 * python313-3.13.13-160000.1.1 * python313-debugsource-3.13.13-160000.1.1 * libpython3_13-1_0-3.13.13-160000.1.1 * libpython3_13-1_0-debuginfo-3.13.13-160000.1.1 * python313-tk-3.13.13-160000.1.1 * python313-devel-3.13.13-160000.1.1 * python313-devel-debuginfo-3.13.13-160000.1.1 * python313-debuginfo-3.13.13-160000.1.1 * python313-tools-3.13.13-160000.1.1 * python313-doc-3.13.13-160000.1.1 * python313-idle-3.13.13-160000.1.1 * python313-dbm-debuginfo-3.13.13-160000.1.1 * python313-base-debuginfo-3.13.13-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * python313-x86-64-v3-debuginfo-3.13.13-160000.1.1 * python313-base-x86-64-v3-3.13.13-160000.1.1 * libpython3_13-1_0-x86-64-v3-3.13.13-160000.1.1 * libpython3_13-1_0-x86-64-v3-debuginfo-3.13.13-160000.1.1 * python313-x86-64-v3-3.13.13-160000.1.1 * python313-base-x86-64-v3-debuginfo-3.13.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 * https://jira.suse.com/browse/PED-15850 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 12:36:10 -0000 Subject: SUSE-SU-2026:21168-1: important: Security update for cockpit-machines Message-ID: <177677497039.7580.3324434343316251580@5a8be24cc32b> # Security update for cockpit-machines Announcement ID: SUSE-SU-2026:21168-1 Release Date: 2026-04-10T11:48:27Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-machines fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-519=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-519=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-machines-346-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-machines-346-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:30:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:30:33 -0000 Subject: SUSE-SU-2026:21228-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools and Salt Bundle Message-ID: <177678903328.35.1158486505395989644@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools and Salt Bundle Announcement ID: SUSE-SU-2026:21228-1 Release Date: 2026-04-21T07:59:37Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259553 * bsc#1259554 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 16 An update that solves one vulnerability and has 16 fixes can now be installed. ## Description: This update fixes the following issues: Implementation of Grafana and Prometheus observability packages: * golang-github-QubitProducts-exporter_exporter * golang-github-boynux-squid_exporter * golang-github-lusitaniae-apache_exporter * golang-github-prometheus-alertmanager * golang-github-prometheus-node_exporter * golang-github-prometheus-prometheus * golang-github-prometheus-promu * grafana * prometheus-blackbox_exporter * prometheus-postgres_exporter * system-user-grafana * system-user-prometheus spacecmd: * Version 5.1.13-0 * Update translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Fixed Ssl Key file that can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 16 zypper in -t patch Multi-Linux-ManagerTools-SLE-16-3=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 16 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-debuginfo-3.5.0-160002.1.1 * golang-github-boynux-squid_exporter-1.13.0-160002.1.1 * prometheus-blackbox_exporter-debuginfo-0.26.0-160002.1.1 * golang-github-lusitaniae-apache_exporter-1.0.10-160002.1.1 * golang-github-lusitaniae-apache_exporter-debuginfo-1.0.10-160002.1.1 * golang-github-QubitProducts-exporter_exporter-debuginfo-0.4.0-160002.2.1 * grafana-debuginfo-11.6.14+security01-160002.1.1 * golang-github-QubitProducts-exporter_exporter-0.4.0-160002.2.1 * golang-github-prometheus-alertmanager-debuginfo-0.28.1-160002.1.1 * prometheus-postgres_exporter-0.10.1-160002.1.1 * mgrctl-5.1.26-160002.1.1 * prometheus-postgres_exporter-debuginfo-0.10.1-160002.1.1 * golang-github-prometheus-node_exporter-debuginfo-1.9.1-160002.1.1 * grafana-11.6.14+security01-160002.1.1 * golang-github-prometheus-prometheus-3.5.0-160002.1.1 * mgrctl-debuginfo-5.1.26-160002.1.1 * venv-salt-minion-3006.0-160002.5.1 * prometheus-blackbox_exporter-0.26.0-160002.1.1 * golang-github-boynux-squid_exporter-debuginfo-1.13.0-160002.1.1 * golang-github-prometheus-alertmanager-0.28.1-160002.1.1 * golang-github-prometheus-node_exporter-1.9.1-160002.1.1 * SUSE Multi-Linux Manager Client Tools for SLE 16 (noarch) * mgrctl-lang-5.1.26-160002.1.1 * system-user-grafana-1.0.0-160002.1.1 * mgrctl-zsh-completion-5.1.26-160002.1.1 * system-user-prometheus-1.0.0-160002.1.1 * spacecmd-5.1.13-160002.1.1 * mgrctl-bash-completion-5.1.26-160002.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:30:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:30:40 -0000 Subject: SUSE-SU-2026:1513-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6) Message-ID: <177678904056.35.993444866225801432@46b3146b979a> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1513-1 Release Date: 2026-04-21T08:04:23Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.73 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1513=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1513=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:30:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:30:36 -0000 Subject: SUSE-SU-2026:1527-1: important: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Message-ID: <177678903634.35.4504523441877406079@46b3146b979a> # Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1527-1 Release Date: 2026-04-21T10:34:38Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1527=1 SUSE-2026-1528=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1527=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1528=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:30:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:30:49 -0000 Subject: SUSE-SU-2026:1530-1: important: Security update for python311 Message-ID: <177678904935.35.2080269169060718444@46b3146b979a> # Security update for python311 Announcement ID: SUSE-SU-2026:1530-1 Release Date: 2026-04-21T11:04:59Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1530=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1530=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1530=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1530=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1530=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1530=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1530=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1530=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1530=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1530=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-curses-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-testsuite-debuginfo-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-testsuite-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * openSUSE Leap 15.4 (x86_64) * libpython3_11-1_0-32bit-debuginfo-3.11.15-150400.9.85.1 * python311-32bit-debuginfo-3.11.15-150400.9.85.1 * python311-base-32bit-debuginfo-3.11.15-150400.9.85.1 * python311-32bit-3.11.15-150400.9.85.1 * python311-base-32bit-3.11.15-150400.9.85.1 * libpython3_11-1_0-32bit-3.11.15-150400.9.85.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpython3_11-1_0-64bit-3.11.15-150400.9.85.1 * python311-base-64bit-3.11.15-150400.9.85.1 * libpython3_11-1_0-64bit-debuginfo-3.11.15-150400.9.85.1 * python311-64bit-3.11.15-150400.9.85.1 * python311-base-64bit-debuginfo-3.11.15-150400.9.85.1 * python311-64bit-debuginfo-3.11.15-150400.9.85.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:32:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:32:40 -0000 Subject: SUSE-SU-2026:1525-1: important: Security update 5.1.3 for Multi-Linux Manager Salt Bundle Message-ID: <177678916001.35.7220553770706646148@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Salt Bundle Announcement ID: SUSE-SU-2026:1525-1 Release Date: 2026-04-21T09:26:33Z Rating: important References: * bsc#1254629 * bsc#1257831 * bsc#1258957 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 15 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-1525=1 * SUSE Multi-Linux Manager Client Tools for SLE 15 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-15-2026-1525=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150002.5.12.2 * SUSE Multi-Linux Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150002.5.12.2 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:33:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:33:26 -0000 Subject: SUSE-SU-2026:1524-1: critical: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678920678.35.16929821385265282123@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1524-1 Release Date: 2026-04-21T09:26:10Z Rating: critical References: * bsc#1245302 * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1257329 * bsc#1257337 * bsc#1257349 * bsc#1257442 * bsc#1257447 * bsc#1257660 * bsc#1257841 * bsc#1257897 * bsc#1257941 * bsc#1258015 * bsc#1258136 * bsc#1258418 * bsc#1258595 * bsc#1258873 * bsc#1258893 * bsc#1258927 * bsc#1259208 * bsc#1260263 * bsc#1260267 * bsc#1260878 * bsc#1261025 * bsc#1261026 * bsc#1261027 * bsc#1261029 * jsc#MSQA-1048 * jsc#PED-15474 Cross-References: * CVE-2025-13465 * CVE-2025-3415 * CVE-2025-61140 * CVE-2026-1615 * CVE-2026-21720 * CVE-2026-21721 * CVE-2026-21722 * CVE-2026-21724 * CVE-2026-21725 * CVE-2026-25547 * CVE-2026-26958 * CVE-2026-27606 * CVE-2026-27876 * CVE-2026-27877 * CVE-2026-27879 * CVE-2026-28375 * CVE-2026-33186 CVSS scores: * CVE-2025-13465 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-13465 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-13465 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-3415 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-3415 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-3415 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-61140 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-61140 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-61140 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-1615 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1615 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-1615 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1615 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21720 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21720 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21721 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21721 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21721 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21722 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21722 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21722 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21724 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21725 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21725 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2026-21725 ( NVD ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-21725 ( NVD ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26958 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-26958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2026-26958 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27606 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-27606 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27606 ( NVD ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27876 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-27876 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-27876 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-27877 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-27877 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-27877 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-27877 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-27879 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27879 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27879 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28375 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28375 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28375 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 15 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves 17 vulnerabilities, contains two features and has 13 security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: * Security issues fixed: * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893) * Bumped rollup to version 4.59.0 * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841) * Bumped brace-expansion to version 5.0.2 * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442) * CVE-2025-13465: Bumped lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329) * CVE-2026-33186: Fixed authorization bypass due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260267) * Bumped google.golang.org/grpc to version 1.79.3 grafana: * Security issues fixed: * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136) * CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337) * CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302) * CVE-2026-26958: Bumped filippo.io/edwards25519 to version 1.1.1 (bsc#1258595) * CVE-2026-21725: Fixed missing UID when deleting datasource by name (bsc#1258873) * CVE-2026-21725: Fixed missing UID when deleting datasource by name (bsc#1258873) * CVE-2026-27876: Fixed remote arbitrary code execution via chained SQL Expressions (bsc#1261025) * CVE-2026-27877: Fixed information disclosure of data-source passwords via public dashboards (bsc#1261026) * CVE-2026-28375: Fixed denial of service via testdata data-source (bsc#1261029) * CVE-2026-27879: Fixed denial of service via resample query (bsc#1261027) * CVE-2026-33186: Fixed authorization bypass due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260263) * CVE-2026-21724: Fixed authorization bypass allows modification of protected webhook URLs (bsc#1260878) * Version update from 11.5.10 to 11.6.14+security01 with the following highlighted changes and fixes: * Public Dashboards: Wired the public dashboard service to the HTTP server to ensure proper connectivity and availability * Authentication: Refined the redirect logic to ensure consistent behavior during login and logout sequences * Dashboard Reliability: Resolved a bug preventing single panels from rendering correctly when dashboard variables are referenced * Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and removed blurred backgrounds from UI overlays to speed up the interface * One-Click Actions: Visualizations now support faster navigation via one- click links and actions * Alerting History: Added version history for alert rules, allowing you to track changes over time * Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup * Cron Support: Annotations now support Cron syntax for more flexible scheduling * Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues when Grafana is hosted on a subpath * Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting * Alerting Limits: Added size limits for expanded notification templates to prevent system strain * RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field * Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated rows or nested queries * Dashboard Reliability: * Fixed bugs involving row repeats and "self-referencing" data links * Fixed a bug preventing single panels from rendering correctly when dashboard variables are referenced * Alerting Fixes: Patched a critical "panic" (crash) caused by a race condition in alert rules and fixed issues where contact points weren't working correctly * URL Handling: Fixed a bug where "true" values in URL parameters weren't being read correctly prometheus-blackbox_exporter: * Internal changes to fix build issues with no impact for customers spacecmd: * Version 5.1.13-0 * Update translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 15 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-15-2026-1524=1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-1524=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * mgrctl-5.1.26-150002.3.12.1 * grafana-11.6.14+security01-150002.4.14.1 * golang-github-prometheus-prometheus-3.5.0-150002.3.8.1 * prometheus-blackbox_exporter-0.26.0-150002.3.6.1 * firewalld-prometheus-config-0.1-150002.3.8.1 * mgrctl-debuginfo-5.1.26-150002.3.12.1 * golang-github-lusitaniae-apache_exporter-debuginfo-1.0.10-150002.3.6.1 * golang-github-lusitaniae-apache_exporter-1.0.10-150002.3.6.1 * grafana-debuginfo-11.6.14+security01-150002.4.14.1 * golang-github-prometheus-prometheus-debuginfo-3.5.0-150002.3.8.1 * SUSE Multi-Linux Manager Client Tools for SLE 15 (noarch) * mgrctl-bash-completion-5.1.26-150002.3.12.1 * mgrctl-zsh-completion-5.1.26-150002.3.12.1 * mgrctl-lang-5.1.26-150002.3.12.1 * spacecmd-5.1.13-150002.3.9.3 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * mgrctl-5.1.26-150002.3.12.1 * mgrctl-debuginfo-5.1.26-150002.3.12.1 * prometheus-blackbox_exporter-0.26.0-150002.3.6.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch) * mgrctl-bash-completion-5.1.26-150002.3.12.1 * mgrctl-zsh-completion-5.1.26-150002.3.12.1 * mgrctl-lang-5.1.26-150002.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13465.html * https://www.suse.com/security/cve/CVE-2025-3415.html * https://www.suse.com/security/cve/CVE-2025-61140.html * https://www.suse.com/security/cve/CVE-2026-1615.html * https://www.suse.com/security/cve/CVE-2026-21720.html * https://www.suse.com/security/cve/CVE-2026-21721.html * https://www.suse.com/security/cve/CVE-2026-21722.html * https://www.suse.com/security/cve/CVE-2026-21724.html * https://www.suse.com/security/cve/CVE-2026-21725.html * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26958.html * https://www.suse.com/security/cve/CVE-2026-27606.html * https://www.suse.com/security/cve/CVE-2026-27876.html * https://www.suse.com/security/cve/CVE-2026-27877.html * https://www.suse.com/security/cve/CVE-2026-27879.html * https://www.suse.com/security/cve/CVE-2026-28375.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1245302 * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1257329 * https://bugzilla.suse.com/show_bug.cgi?id=1257337 * https://bugzilla.suse.com/show_bug.cgi?id=1257349 * https://bugzilla.suse.com/show_bug.cgi?id=1257442 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257841 * https://bugzilla.suse.com/show_bug.cgi?id=1257897 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258136 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258595 * https://bugzilla.suse.com/show_bug.cgi?id=1258873 * https://bugzilla.suse.com/show_bug.cgi?id=1258893 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1260263 * https://bugzilla.suse.com/show_bug.cgi?id=1260267 * https://bugzilla.suse.com/show_bug.cgi?id=1260878 * https://bugzilla.suse.com/show_bug.cgi?id=1261025 * https://bugzilla.suse.com/show_bug.cgi?id=1261026 * https://bugzilla.suse.com/show_bug.cgi?id=1261027 * https://bugzilla.suse.com/show_bug.cgi?id=1261029 * https://jira.suse.com/browse/MSQA-1048 * https://jira.suse.com/browse/PED-15474 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:33:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:33:34 -0000 Subject: SUSE-SU-2026:1523-1: important: Security update 5.1.3 for Multi-Linux Manager Salt Bundle Message-ID: <177678921482.35.13012318477776773959@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Salt Bundle Announcement ID: SUSE-SU-2026:1523-1 Release Date: 2026-04-21T09:25:44Z Rating: important References: * bsc#1254629 * bsc#1257831 * bsc#1258957 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 12 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Backport security patch for Salt vendored tornado (bsc#1259554): * CVE-2026-31958: Add limits on multipart form data parsing * Add x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fix ansible.playbooks extra-vars quoting (bsc#1257831) * Fix virtualenv call in test helper to use proper python version * Fix the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fix the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 12 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-12-2026-1523=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-120002.5.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:34:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:34:04 -0000 Subject: SUSE-SU-2026:1521-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678924433.35.14303129628350540517@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1521-1 Release Date: 2026-04-21T09:25:11Z Rating: important References: * bsc#1254629 * bsc#1257831 * bsc#1258957 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers spacecmd: * Version 5.1.13-0 * Updated translation strings venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-RES-7-2026-1521=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones (aarch64 ppc64le x86_64) * venv-salt-minion-3006.0-70002.5.12.1 * golang-github-lusitaniae-apache_exporter-1.0.10-70002.3.6.1 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones (noarch) * spacecmd-5.1.13-70002.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:34:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:34:30 -0000 Subject: SUSE-SU-2026:1520-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678927037.35.4333641051399816641@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1520-1 Release Date: 2026-04-21T09:24:50Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers spacecmd: * Version 5.1.13-0 * Updated translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-EL-8-2026-1520=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones (aarch64 ppc64le x86_64) * venv-salt-minion-3006.0-80002.5.12.3 * mgrctl-5.1.26-80002.3.9.2 * golang-github-lusitaniae-apache_exporter-1.0.10-80002.3.6.2 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones (noarch) * mgrctl-bash-completion-5.1.26-80002.3.9.2 * mgrctl-zsh-completion-5.1.26-80002.3.9.2 * spacecmd-5.1.13-80002.3.9.2 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:34:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:34:56 -0000 Subject: SUSE-SU-2026:1519-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678929673.35.4789141151305092002@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1519-1 Release Date: 2026-04-21T09:24:29Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers spacecmd: * Version 5.1.13-0 * Updated translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-EL-9-2026-1519=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-90002.5.12.2 * golang-github-lusitaniae-apache_exporter-1.0.10-90002.3.6.1 * mgrctl-5.1.26-90002.3.9.1 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (noarch) * mgrctl-bash-completion-5.1.26-90002.3.9.1 * spacecmd-5.1.13-90002.3.9.1 * mgrctl-zsh-completion-5.1.26-90002.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:35:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:35:23 -0000 Subject: SUSE-SU-2026:1517-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678932304.35.12198061076540915090@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1517-1 Release Date: 2026-04-21T09:21:20Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.1.13-0 * Updated translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patch SUSE-MultiLinuxManagerTools-Ubuntu-22.04-2026-1517=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 (all) * spacecmd-5.1.13-220402.3.15.1 * mgrctl-zsh-completion-5.1.26-220402.3.15.1 * mgrctl-bash-completion-5.1.26-220402.3.15.1 * mgrctl-fish-completion-5.1.26-220402.3.15.1 * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 (amd64) * venv-salt-minion-3006.0-220402.3.18.1 * mgrctl-5.1.26-220402.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:35:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:35:48 -0000 Subject: SUSE-SU-2026:1516-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678934832.35.4123782833152423128@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1516-1 Release Date: 2026-04-21T09:21:03Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.1.13-0 * Updated translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 zypper in -t patch SUSE-MultiLinuxManagerTools-Ubuntu-24.04-2026-1516=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 (all) * spacecmd-5.1.13-240402.3.20.1 * mgrctl-zsh-completion-5.1.26-240402.3.15.1 * mgrctl-bash-completion-5.1.26-240402.3.15.1 * mgrctl-fish-completion-5.1.26-240402.3.15.1 * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 (amd64) * mgrctl-5.1.26-240402.3.15.1 * venv-salt-minion-3006.0-240402.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:36:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 16:36:15 -0000 Subject: SUSE-SU-2026:1515-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678937516.35.14659469226340540416@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1515-1 Release Date: 2026-04-21T09:20:46Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Debian 12 An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.1.13-0 * Update translation strings uyuni-tools: * Version 5.1.26-0 * Fix applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fix default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Add continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Backport security patch for Salt vendored tornado (bsc#1259554): * CVE-2026-31958: Add limits on multipart form data parsing * Add x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fix ansible.playbooks extra-vars quoting (bsc#1257831) * Fix virtualenv call in test helper to use proper python version * Fix the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fix the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Debian 12 zypper in -t patch SUSE-MultiLinuxManagerTools-Debian-12-2026-1515=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Debian 12 (all) * mgrctl-fish-completion-5.1.26-120002.3.17.1 * mgrctl-bash-completion-5.1.26-120002.3.17.1 * mgrctl-zsh-completion-5.1.26-120002.3.17.1 * spacecmd-5.1.13-120002.3.17.1 * SUSE Multi-Linux Manager Client Tools for Debian 12 (amd64 arm64) * venv-salt-minion-3006.0-120002.3.20.5 * mgrctl-5.1.26-120002.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 20:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 20:30:08 -0000 Subject: SUSE-SU-2026:1535-1: important: Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) Message-ID: <177680340843.60.4773419517418442838@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1535-1 Release Date: 2026-04-21T14:34:30Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1535=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_258-default-14-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 20:30:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 20:30:14 -0000 Subject: SUSE-SU-2026:1532-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Message-ID: <177680341420.60.3023113887902270382@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1532-1 Release Date: 2026-04-21T12:04:58Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.3 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1532=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x) * kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-14-150700.2.2 * kernel-livepatch-SLE15-SP7_Update_1-debugsource-14-150700.2.2 * kernel-livepatch-6_4_0-150700_53_3-default-14-150700.2.2 * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7_Update_1-debugsource-14-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-14-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-14-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 20:30:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 21 Apr 2026 20:30:17 -0000 Subject: SUSE-SU-2026:1531-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Message-ID: <177680341713.60.5695308742770546350@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1531-1 Release Date: 2026-04-21T12:04:50Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.87 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1531=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1531=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.2 * kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.2 * kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:30:16 -0000 Subject: SUSE-SU-2026:21239-1: moderate: Security update for libpng16 Message-ID: <177686101684.329.5007164898729678662@d4c6dfb45de4> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21239-1 Release Date: 2026-04-21T10:12:43Z Rating: moderate References: * bsc#1261957 Cross-References: * CVE-2026-34757 CVSS scores: * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issue: * CVE-2026-34757: libpng: Information disclosure and data corruption via use- after-free vulnerability (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-603=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libpng16-16-1.6.44-160000.7.1 * libpng16-debugsource-1.6.44-160000.7.1 * libpng16-16-debuginfo-1.6.44-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1261957 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:32:05 -0000 Subject: SUSE-SU-2026:21237-1: important: Security update for the Linux Kernel Message-ID: <177686112512.329.14405071833996074576@d4c6dfb45de4> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21237-1 Release Date: 2026-04-20T15:11:07Z Rating: important References: * bsc#1191256 * bsc#1191270 * bsc#1194778 * bsc#1207184 * bsc#1217845 * bsc#1222768 * bsc#1243208 * bsc#1252073 * bsc#1253129 * bsc#1254214 * bsc#1254306 * bsc#1254307 * bsc#1255084 * bsc#1255687 * bsc#1256647 * bsc#1257183 * bsc#1257511 * bsc#1257708 * bsc#1257773 * bsc#1257777 * bsc#1258175 * bsc#1258280 * bsc#1258293 * bsc#1258301 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258340 * bsc#1258414 * bsc#1258447 * bsc#1258476 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259484 * bsc#1259485 * bsc#1259580 * bsc#1259707 * bsc#1259759 * bsc#1259795 * bsc#1259797 * bsc#1259870 * bsc#1259886 * bsc#1259891 * bsc#1259955 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260459 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260490 * bsc#1260497 * bsc#1260500 * bsc#1260522 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260606 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261496 * bsc#1261498 * bsc#1261506 * bsc#1261507 * bsc#1261669 * jsc#PED-11175 * jsc#PED-15042 * jsc#PED-15441 * jsc#PED-15986 Cross-References: * CVE-2025-39998 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71239 * CVE-2026-23072 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23138 * CVE-2026-23140 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23204 * CVE-2026-23215 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23239 * CVE-2026-23240 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23297 * CVE-2026-23304 * CVE-2026-23319 * CVE-2026-23326 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23393 * CVE-2026-23398 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-23425 * CVE-2026-31788 CVSS scores: * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71239 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-71239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-23072 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23072 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23215 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23326 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23326 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23393 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23425 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23425 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves 49 vulnerabilities, contains four features and has 23 fixes can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759). * CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). * CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485). * CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511). * Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)." * Update config files (bsc#1254307). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955). * bpf: crypto: Use the correct destructor kfunc type (bsc#1259955). * btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * drm/amdkfd: Unreserve bo if queue update failed (git-fixes). * drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). * drm/i915/dsc: Add Selective Update register definitions (stable-fixes). * drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). * firmware: microchip: fail auto-update probe if no flash found (git-fixes). * kABI: Include trace recursion bits in kABI tracking (bsc#1258301). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). * nvme: expose active quirks in sysfs (bsc#1243208). * nvme: fix memory leak in quirks_param_set() (bsc#1243208). * powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes). * powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes). * s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214). * s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175). * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: fnic: Add Cisco hardware model names (jsc#PED-15441). * scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441). * scsi: fnic: Add and integrate support for FIP (jsc#PED-15441). * scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441). * scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441). * scsi: fnic: Add stats and related functionality (jsc#PED-15441). * scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441). * scsi: fnic: Code cleanup (jsc#PED-15441). * scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441). * scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441). * scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441). * scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441). * scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441). * scsi: fnic: Increment driver version (jsc#PED-15441). * scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441). * scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441). * scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441). * scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441). * scsi: fnic: Remove extern definition from .c files (jsc#PED-15441). * scsi: fnic: Remove unnecessary debug print (jsc#PED-15441). * scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441). * scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441). * scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441). * scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441). * scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441). * scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441). * scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441). * scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441). * scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441). * scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441). * scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). * scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). * scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042). * selftests/bpf: Use the correct destructor kfunc type (bsc#1259955). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). * tg3: Fix race for querying speed/duplex (bsc#1257183). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-596=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * kernel-macros-6.12.0-160000.28.1 * kernel-devel-6.12.0-160000.28.1 * kernel-source-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le x86_64) * kernel-default-base-6.12.0-160000.27.1.160000.2.8 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.12.0-160000.28.1 * kernel-default-extra-6.12.0-160000.28.1 * kernel-default-devel-6.12.0-160000.28.1 * kernel-default-debugsource-6.12.0-160000.28.1 * kernel-default-extra-debuginfo-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (x86_64) * kernel-rt-devel-debuginfo-6.12.0-160000.28.1 * kernel-rt-livepatch-6.12.0-160000.28.1 * kernel-default-devel-debuginfo-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 nosrc x86_64) * kernel-rt-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 x86_64) * kernel-rt-devel-6.12.0-160000.28.1 * kernel-rt-debugsource-6.12.0-160000.28.1 * kernel-rt-debuginfo-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64) * kernel-64kb-debugsource-6.12.0-160000.28.1 * kernel-64kb-devel-6.12.0-160000.28.1 * kernel-64kb-debuginfo-6.12.0-160000.28.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71239.html * https://www.suse.com/security/cve/CVE-2026-23072.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23138.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23215.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23239.html * https://www.suse.com/security/cve/CVE-2026-23240.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23297.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23326.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23393.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-23425.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1191256 * https://bugzilla.suse.com/show_bug.cgi?id=1191270 * https://bugzilla.suse.com/show_bug.cgi?id=1194778 * https://bugzilla.suse.com/show_bug.cgi?id=1207184 * https://bugzilla.suse.com/show_bug.cgi?id=1217845 * https://bugzilla.suse.com/show_bug.cgi?id=1222768 * https://bugzilla.suse.com/show_bug.cgi?id=1243208 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1254214 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1254307 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1255687 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257511 * https://bugzilla.suse.com/show_bug.cgi?id=1257708 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1258175 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258301 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258476 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259484 * https://bugzilla.suse.com/show_bug.cgi?id=1259485 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259759 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259955 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260459 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260490 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260522 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260606 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261506 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 * https://jira.suse.com/browse/PED-11175 * https://jira.suse.com/browse/PED-15042 * https://jira.suse.com/browse/PED-15441 * https://jira.suse.com/browse/PED-15986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:32:15 -0000 Subject: SUSE-SU-2026:21235-1: important: Security update for qemu Message-ID: <177686113550.329.10810995835130974683@d4c6dfb45de4> # Security update for qemu Announcement ID: SUSE-SU-2026:21235-1 Release Date: 2026-04-20T10:54:30Z Rating: important References: * bsc#1258509 * bsc#1259079 * bsc#1259080 * jsc#PED-13174 Cross-References: * CVE-2026-2243 * CVE-2026-3195 * CVE-2026-3196 CVSS scores: * CVE-2026-2243 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-2243 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-2243 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-3195 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H * CVE-2026-3195 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-3196 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-3196 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for qemu fixes the following issues: Update to version 10.0.9. Security issues fixed: * CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCM_INFO requests sent from the guest (bsc#1259079). * CVE-2026-3195: heap out-of-bounds write when reading input audio in the virtio-snd device input callback (bsc#1259080). * CVE-2026-2243: heap out-of-bounds read and 12-byte information leak when processing specially crafted VMDK files with qemu-img (bsc#1258509). Other updates and bugfixes: * Version 10.0.9: * Full backport list: https://lore.kernel.org/qemu- devel/20260318045608.7E1B513DFF6 at think4mjt.localdomain/ * hyperv/syndbg: check length returned by cpu_physical_memory_map() * fuse: Copy write buffer content before polling * target/loongarch: Avoid recursive PNX exception on CSR_BADI fetch * target/loongarch: Preserve PTE permission bits in LDPTE * hw/net/npcm_gmac: Catch accesses off the end of the register array * linux-user: fix TIOCGSID ioctl * tests/tcg/multiarch/test-mmap: Check mmaps beyond reserved_va * bsd-user: Deal with mmap where start > reserved_va * linux-user: Deal with mmap where start > reserved_va * hw/net/xilinx_ethlite: Check for oversized TX packets * virtio-gpu: Ensure BHs are invoked only from main-loop thread * block/nfs: Do not enter coroutine from CB * block: Never drop BLOCK_IO_ERROR with action=stop for rate limiting * block/throttle-groups: fix deadlock with iolimits and muliple iothreads * mirror: Fix missed dirty bitmap writes during startup * block/curl: fix concurrent completion handling * block/vmdk: fix OOB read in vmdk_read_extent() * hw/net/smc91c111: Don't allow negative-length packets * io: fix cleanup for websock I/O source data on cancellation * io: fix cleanup for TLS I/O source data on cancellation * io: separate freeing of tasks from marking them as complete * target/i386/hvf/x86_mmu: Fix compiler warning * hw/i386/vmmouse: Fix hypercall clobbers * tests/docker: upgrade most non-lcitool debian tests to debian 13 * hw/9pfs: fix missing EOPNOTSUPP on Twstat and Trenameat for fs synth driver * hw/9pfs: fix data race in v9fs_mark_fids_unreclaim() * Add support for AMD-Turn CPUs (jsc#PED-13174) * target/i386: Add support for EPYC-Turin model (jsc#PED-13174) * target/i386: Update EPYC-Genoa for Cache property, perfmon-v2, RAS and SVM feature bits (jsc#PED-13174) * target/i386: Add couple of feature bits in CPUID_Fn80000021_EAX (jsc#PED-13174) * target/i386: Update EPYC-Milan CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) * target/i386: Update EPYC-Rome CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) * target/i386: Update EPYC CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-591=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * qemu-block-ssh-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-vga-10.0.9-160000.1.1 * qemu-hw-display-virtio-vga-debuginfo-10.0.9-160000.1.1 * qemu-audio-spice-10.0.9-160000.1.1 * qemu-tools-10.0.9-160000.1.1 * qemu-ui-opengl-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-debuginfo-10.0.9-160000.1.1 * qemu-guest-agent-debuginfo-10.0.9-160000.1.1 * qemu-pr-helper-debuginfo-10.0.9-160000.1.1 * qemu-debuginfo-10.0.9-160000.1.1 * qemu-ui-spice-core-10.0.9-160000.1.1 * qemu-img-10.0.9-160000.1.1 * qemu-hw-usb-redirect-10.0.9-160000.1.1 * qemu-tools-debuginfo-10.0.9-160000.1.1 * qemu-audio-spice-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-10.0.9-160000.1.1 * qemu-block-iscsi-debuginfo-10.0.9-160000.1.1 * qemu-chardev-spice-debuginfo-10.0.9-160000.1.1 * qemu-img-debuginfo-10.0.9-160000.1.1 * qemu-hw-usb-redirect-debuginfo-10.0.9-160000.1.1 * qemu-ksm-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-pci-10.0.9-160000.1.1 * qemu-hw-display-qxl-10.0.9-160000.1.1 * qemu-ui-spice-core-debuginfo-10.0.9-160000.1.1 * qemu-guest-agent-10.0.9-160000.1.1 * qemu-ui-opengl-10.0.9-160000.1.1 * qemu-block-iscsi-10.0.9-160000.1.1 * qemu-debugsource-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-10.0.9-160000.1.1 * qemu-pr-helper-10.0.9-160000.1.1 * qemu-hw-usb-host-10.0.9-160000.1.1 * qemu-10.0.9-160000.1.1 * qemu-hw-usb-host-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-qxl-debuginfo-10.0.9-160000.1.1 * qemu-block-ssh-10.0.9-160000.1.1 * qemu-chardev-spice-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (noarch) * qemu-seabios-10.0.91.16.3_3_g3d33c746-160000.1.1 * qemu-vgabios-10.0.91.16.3_3_g3d33c746-160000.1.1 * qemu-SLOF-10.0.9-160000.1.1 * qemu-lang-10.0.9-160000.1.1 * qemu-ipxe-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (x86_64) * qemu-x86-10.0.9-160000.1.1 * qemu-vmsr-helper-10.0.9-160000.1.1 * qemu-vmsr-helper-debuginfo-10.0.9-160000.1.1 * qemu-x86-debuginfo-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (aarch64) * qemu-arm-debuginfo-10.0.9-160000.1.1 * qemu-arm-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (ppc64le) * qemu-ppc-debuginfo-10.0.9-160000.1.1 * qemu-ppc-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (s390x) * qemu-s390x-10.0.9-160000.1.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-10.0.9-160000.1.1 * qemu-s390x-debuginfo-10.0.9-160000.1.1 * qemu-hw-s390x-virtio-gpu-ccw-10.0.9-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2243.html * https://www.suse.com/security/cve/CVE-2026-3195.html * https://www.suse.com/security/cve/CVE-2026-3196.html * https://bugzilla.suse.com/show_bug.cgi?id=1258509 * https://bugzilla.suse.com/show_bug.cgi?id=1259079 * https://bugzilla.suse.com/show_bug.cgi?id=1259080 * https://jira.suse.com/browse/PED-13174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:32:31 -0000 Subject: SUSE-SU-2026:21231-1: important: Security update for freeipmi Message-ID: <177686115143.329.7692352869856537174@d4c6dfb45de4> # Security update for freeipmi Announcement ID: SUSE-SU-2026:21231-1 Release Date: 2026-04-17T07:57:36Z Rating: important References: * bsc#1260414 Cross-References: * CVE-2026-33554 CVSS scores: * CVE-2026-33554 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33554 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-33554 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for freeipmi fixes the following issue: * CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses (bsc#1260414). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-579=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 x86_64) * libfreeipmi17-debuginfo-1.6.15-160000.3.1 * freeipmi-debugsource-1.6.15-160000.3.1 * libfreeipmi17-1.6.15-160000.3.1 * freeipmi-debuginfo-1.6.15-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33554.html * https://bugzilla.suse.com/show_bug.cgi?id=1260414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:34:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:34:29 -0000 Subject: SUSE-SU-2026:21230-1: important: Security update for the Linux Kernel Message-ID: <177686126988.329.7426922418892807281@d4c6dfb45de4> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21230-1 Release Date: 2026-04-20T15:09:00Z Rating: important References: * bsc#1191256 * bsc#1191270 * bsc#1194778 * bsc#1207184 * bsc#1217845 * bsc#1222768 * bsc#1243208 * bsc#1252073 * bsc#1253129 * bsc#1254214 * bsc#1254306 * bsc#1254307 * bsc#1255084 * bsc#1255687 * bsc#1256647 * bsc#1257183 * bsc#1257511 * bsc#1257708 * bsc#1257773 * bsc#1257777 * bsc#1258175 * bsc#1258280 * bsc#1258293 * bsc#1258301 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258340 * bsc#1258414 * bsc#1258447 * bsc#1258476 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259484 * bsc#1259485 * bsc#1259580 * bsc#1259707 * bsc#1259759 * bsc#1259795 * bsc#1259797 * bsc#1259870 * bsc#1259886 * bsc#1259891 * bsc#1259955 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260459 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260490 * bsc#1260497 * bsc#1260500 * bsc#1260522 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260606 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261210 * bsc#1261496 * bsc#1261498 * bsc#1261506 * bsc#1261507 * bsc#1261669 * jsc#PED-11175 * jsc#PED-15042 * jsc#PED-15441 * jsc#PED-15986 Cross-References: * CVE-2025-39998 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71239 * CVE-2026-23072 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23138 * CVE-2026-23140 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23204 * CVE-2026-23215 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23239 * CVE-2026-23240 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23297 * CVE-2026-23304 * CVE-2026-23319 * CVE-2026-23326 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23393 * CVE-2026-23398 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-23425 * CVE-2026-31788 * CVE-2026-5201 CVSS scores: * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71239 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-71239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-23072 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23072 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23215 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23326 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23326 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23393 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23425 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23425 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves 50 vulnerabilities, contains four features and has 23 fixes can now be installed. ## Security update for the Linux Kernel ### Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759). * CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). * CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485). * CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511). * Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)." * Update config files (bsc#1254307). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955). * bpf: crypto: Use the correct destructor kfunc type (bsc#1259955). * btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * drm/amdkfd: Unreserve bo if queue update failed (git-fixes). * drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). * drm/i915/dsc: Add Selective Update register definitions (stable-fixes). * drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). * firmware: microchip: fail auto-update probe if no flash found (git-fixes). * kABI: Include trace recursion bits in kABI tracking (bsc#1258301). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). * nvme: expose active quirks in sysfs (bsc#1243208). * nvme: fix memory leak in quirks_param_set() (bsc#1243208). * powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes). * powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes). * s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214). * s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175). * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: fnic: Add Cisco hardware model names (jsc#PED-15441). * scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441). * scsi: fnic: Add and integrate support for FIP (jsc#PED-15441). * scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441). * scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441). * scsi: fnic: Add stats and related functionality (jsc#PED-15441). * scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441). * scsi: fnic: Code cleanup (jsc#PED-15441). * scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441). * scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441). * scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441). * scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441). * scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441). * scsi: fnic: Increment driver version (jsc#PED-15441). * scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441). * scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441). * scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441). * scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441). * scsi: fnic: Remove extern definition from .c files (jsc#PED-15441). * scsi: fnic: Remove unnecessary debug print (jsc#PED-15441). * scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441). * scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441). * scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441). * scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441). * scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441). * scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441). * scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441). * scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441). * scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441). * scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441). * scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). * scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). * scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042). * selftests/bpf: Use the correct destructor kfunc type (bsc#1259955). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). * tg3: Fix race for querying speed/duplex (bsc#1257183). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ## Security update for gdk-pixbuf ### Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-596=1 * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-581=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * kernel-syms-6.12.0-160000.28.1 * kernel-obs-build-6.12.0-160000.28.1 * kernel-obs-build-debugsource-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libgdk_pixbuf-2_0-0-2.42.12-160000.4.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-debugsource-2.42.12-160000.4.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71239.html * https://www.suse.com/security/cve/CVE-2026-23072.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23138.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23215.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23239.html * https://www.suse.com/security/cve/CVE-2026-23240.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23297.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23326.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23393.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-23425.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1191256 * https://bugzilla.suse.com/show_bug.cgi?id=1191270 * https://bugzilla.suse.com/show_bug.cgi?id=1194778 * https://bugzilla.suse.com/show_bug.cgi?id=1207184 * https://bugzilla.suse.com/show_bug.cgi?id=1217845 * https://bugzilla.suse.com/show_bug.cgi?id=1222768 * https://bugzilla.suse.com/show_bug.cgi?id=1243208 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1254214 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1254307 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1255687 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257511 * https://bugzilla.suse.com/show_bug.cgi?id=1257708 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1258175 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258301 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258476 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259484 * https://bugzilla.suse.com/show_bug.cgi?id=1259485 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259759 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259955 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260459 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260490 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260522 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260606 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261210 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261506 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 * https://jira.suse.com/browse/PED-11175 * https://jira.suse.com/browse/PED-15042 * https://jira.suse.com/browse/PED-15441 * https://jira.suse.com/browse/PED-15986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:34:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:34:56 -0000 Subject: SUSE-SU-2026:1537-1: important: Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) Message-ID: <177686129691.329.12185343369816399537@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1537-1 Release Date: 2026-04-21T23:07:11Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1538=1 SUSE-SLE-Live- Patching-12-SP5-2026-1537=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_255-default-16-2.1 * kgraft-patch-4_12_14-122_269-default-10-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:34:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:34:59 -0000 Subject: SUSE-SU-2026:1544-1: moderate: Security update for python-python-multipart Message-ID: <177686129953.329.5382573107614164751@d4c6dfb45de4> # Security update for python-python-multipart Announcement ID: SUSE-SU-2026:1544-1 Release Date: 2026-04-22T07:22:55Z Rating: moderate References: * bsc#1262403 Cross-References: * CVE-2026-40347 CVSS scores: * CVE-2026-40347 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-40347 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-40347 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-python-multipart fixes the following issue: * CVE-2026-40347: crafted `multipart/form-data` can cause a denial of service (bsc#1262403). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1544=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-python-multipart-0.0.9-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40347.html * https://bugzilla.suse.com/show_bug.cgi?id=1262403 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:35:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:35:04 -0000 Subject: SUSE-SU-2026:1541-1: important: Security update for flatpak Message-ID: <177686130453.329.1293567994281902881@d4c6dfb45de4> # Security update for flatpak Announcement ID: SUSE-SU-2026:1541-1 Release Date: 2026-04-22T07:22:36Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: improper processing of app-controlled symlinks by sandbox- expose can lead to sandbox escape, host file access and code execution in the host context (bsc#1261769). * CVE-2026-34079: improper removal of outdated cache files allows for arbitrary file deletion on the host filesystem (bsc#1261770). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1541=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1541=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1541=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1541=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1541=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * openSUSE Leap 15.5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:35:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:35:06 -0000 Subject: SUSE-SU-2026:1540-1: important: Security update for podman Message-ID: <177686130628.329.9037513986245997285@d4c6dfb45de4> # Security update for podman Announcement ID: SUSE-SU-2026:1540-1 Release Date: 2026-04-22T07:22:19Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for podman rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1540=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1540=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1540=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1540=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1540=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1540=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1540=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1540=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1540=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * podman-docker-4.9.5-150500.3.67.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * openSUSE Leap 15.5 (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.67.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * Containers Module 15-SP7 (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * podman-docker-4.9.5-150500.3.67.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:35:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 12:35:10 -0000 Subject: SUSE-SU-2026:1539-1: important: Security update for gdk-pixbuf Message-ID: <177686131037.329.13501445829507266086@d4c6dfb45de4> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:1539-1 Release Date: 2026-04-22T07:20:58Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1539=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1539=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1539=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1539=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1539=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1539=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1539=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1539=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1539=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1539=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1539=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1539=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1539=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1539=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * openSUSE Leap 15.4 (x86_64) * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-32bit-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * openSUSE Leap 15.4 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gdk-pixbuf-devel-64bit-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-64bit-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-64bit-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-64bit-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-64bit-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-64bit-debuginfo-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 16:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 16:30:08 -0000 Subject: SUSE-SU-2026:1550-1: moderate: Security update for openssl-1_1 Message-ID: <177687540896.326.16667430623302929597@a0a563bcf2df> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1550-1 Release Date: 2026-04-22T09:41:29Z Rating: moderate References: * bsc#1261678 Cross-References: * CVE-2026-28390 CVSS scores: * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1550=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1550=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1550=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1550=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1550=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1550=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl-1_1-devel-1.1.1l-150500.17.54.1 * openssl-1_1-debugsource-1.1.1l-150500.17.54.1 * libopenssl1_1-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-1.1.1l-150500.17.54.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-1.1.1l-150500.17.54.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.54.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.54.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.54.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.54.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.54.1 * libopenssl1_1-64bit-1.1.1l-150500.17.54.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.54.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150500.17.54.1 * openssl-1_1-debugsource-1.1.1l-150500.17.54.1 * libopenssl1_1-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-1.1.1l-150500.17.54.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-1.1.1l-150500.17.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libopenssl-1_1-devel-1.1.1l-150500.17.54.1 * openssl-1_1-debugsource-1.1.1l-150500.17.54.1 * libopenssl1_1-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-1.1.1l-150500.17.54.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-1.1.1l-150500.17.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libopenssl-1_1-devel-1.1.1l-150500.17.54.1 * openssl-1_1-debugsource-1.1.1l-150500.17.54.1 * libopenssl1_1-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-1.1.1l-150500.17.54.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-1.1.1l-150500.17.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.54.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150500.17.54.1 * openssl-1_1-debugsource-1.1.1l-150500.17.54.1 * libopenssl1_1-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-1.1.1l-150500.17.54.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-1.1.1l-150500.17.54.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl-1_1-devel-1.1.1l-150500.17.54.1 * openssl-1_1-debugsource-1.1.1l-150500.17.54.1 * libopenssl1_1-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-1.1.1l-150500.17.54.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.54.1 * openssl-1_1-1.1.1l-150500.17.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.54.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.54.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28390.html * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 16:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 16:30:12 -0000 Subject: SUSE-SU-2026:1549-1: moderate: Security update for openssl-1_1 Message-ID: <177687541218.326.15050947841362938532@a0a563bcf2df> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1549-1 Release Date: 2026-04-22T09:41:01Z Rating: moderate References: * bsc#1261678 Cross-References: * CVE-2026-28390 CVSS scores: * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1549=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1549=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.128.1 * libopenssl1_1-hmac-1.1.1d-2.128.1 * libopenssl-1_1-devel-1.1.1d-2.128.1 * libopenssl1_1-debuginfo-1.1.1d-2.128.1 * openssl-1_1-1.1.1d-2.128.1 * libopenssl1_1-1.1.1d-2.128.1 * openssl-1_1-debugsource-1.1.1d-2.128.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-2.128.1 * libopenssl1_1-32bit-1.1.1d-2.128.1 * libopenssl-1_1-devel-32bit-1.1.1d-2.128.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.128.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * openssl-1_1-debuginfo-1.1.1d-2.128.1 * libopenssl1_1-hmac-1.1.1d-2.128.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.128.1 * libopenssl-1_1-devel-1.1.1d-2.128.1 * libopenssl1_1-debuginfo-1.1.1d-2.128.1 * libopenssl-1_1-devel-32bit-1.1.1d-2.128.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.128.1 * openssl-1_1-1.1.1d-2.128.1 * libopenssl1_1-1.1.1d-2.128.1 * openssl-1_1-debugsource-1.1.1d-2.128.1 * libopenssl1_1-32bit-1.1.1d-2.128.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28390.html * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 16:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 22 Apr 2026 16:30:16 -0000 Subject: SUSE-SU-2026:1548-1: important: Security update for kea Message-ID: <177687541673.326.8729972979678289013@a0a563bcf2df> # Security update for kea Announcement ID: SUSE-SU-2026:1548-1 Release Date: 2026-04-22T09:40:51Z Rating: important References: * bsc#1260380 Cross-References: * CVE-2026-3608 CVSS scores: * CVE-2026-3608 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3608 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3608 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for kea fixes the following issues: Update to release 2.6.5. Security issues fixed: * CVE-2026-3608: stack overflow error via specially crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons(bsc#1260380). Other updates and bugfixes: * A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry. * UNIX sockets are now created as group-writable. * Corrected an issue in logging configuration when parsing "syslog:". * Fixed crash when handling misconfigured global reservations. * Support for recent versions of Sphinx has been added. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1548=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1548=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1548=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libkea-log61-2.6.5-150600.13.9.1 * libkea-pgsql71-debuginfo-2.6.5-150600.13.9.1 * libkea-asiodns49-2.6.5-150600.13.9.1 * libkea-pgsql71-2.6.5-150600.13.9.1 * libkea-hooks102-2.6.5-150600.13.9.1 * kea-devel-2.6.5-150600.13.9.1 * kea-hooks-debuginfo-2.6.5-150600.13.9.1 * libkea-cryptolink50-2.6.5-150600.13.9.1 * libkea-cc69-debuginfo-2.6.5-150600.13.9.1 * libkea-http72-2.6.5-150600.13.9.1 * kea-debuginfo-2.6.5-150600.13.9.1 * libkea-d2srv47-2.6.5-150600.13.9.1 * libkea-http72-debuginfo-2.6.5-150600.13.9.1 * libkea-stats41-debuginfo-2.6.5-150600.13.9.1 * libkea-eval69-2.6.5-150600.13.9.1 * libkea-exceptions33-2.6.5-150600.13.9.1 * python3-kea-2.6.5-150600.13.9.1 * libkea-exceptions33-debuginfo-2.6.5-150600.13.9.1 * libkea-asiodns49-debuginfo-2.6.5-150600.13.9.1 * libkea-cfgclient67-2.6.5-150600.13.9.1 * libkea-database62-debuginfo-2.6.5-150600.13.9.1 * libkea-tcp19-debuginfo-2.6.5-150600.13.9.1 * libkea-util87-debuginfo-2.6.5-150600.13.9.1 * libkea-dhcpsrv112-debuginfo-2.6.5-150600.13.9.1 * libkea-hooks102-debuginfo-2.6.5-150600.13.9.1 * libkea-asiolink72-2.6.5-150600.13.9.1 * libkea-dhcp_ddns57-debuginfo-2.6.5-150600.13.9.1 * libkea-util-io0-2.6.5-150600.13.9.1 * libkea-dns++57-debuginfo-2.6.5-150600.13.9.1 * libkea-mysql71-2.6.5-150600.13.9.1 * libkea-mysql71-debuginfo-2.6.5-150600.13.9.1 * kea-2.6.5-150600.13.9.1 * libkea-eval69-debuginfo-2.6.5-150600.13.9.1 * libkea-util-io0-debuginfo-2.6.5-150600.13.9.1 * libkea-database62-2.6.5-150600.13.9.1 * libkea-d2srv47-debuginfo-2.6.5-150600.13.9.1 * libkea-stats41-2.6.5-150600.13.9.1 * libkea-dns++57-2.6.5-150600.13.9.1 * libkea-process76-debuginfo-2.6.5-150600.13.9.1 * libkea-tcp19-2.6.5-150600.13.9.1 * libkea-dhcp_ddns57-2.6.5-150600.13.9.1 * libkea-util87-2.6.5-150600.13.9.1 * libkea-log61-debuginfo-2.6.5-150600.13.9.1 * libkea-cryptolink50-debuginfo-2.6.5-150600.13.9.1 * libkea-asiolink72-debuginfo-2.6.5-150600.13.9.1 * kea-debugsource-2.6.5-150600.13.9.1 * libkea-dhcpsrv112-2.6.5-150600.13.9.1 * libkea-dhcp++92-2.6.5-150600.13.9.1 * kea-hooks-2.6.5-150600.13.9.1 * libkea-cc69-2.6.5-150600.13.9.1 * libkea-cfgclient67-debuginfo-2.6.5-150600.13.9.1 * libkea-process76-2.6.5-150600.13.9.1 * libkea-dhcp++92-debuginfo-2.6.5-150600.13.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * kea-doc-2.6.5-150600.13.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libkea-log61-2.6.5-150600.13.9.1 * libkea-pgsql71-debuginfo-2.6.5-150600.13.9.1 * libkea-asiodns49-2.6.5-150600.13.9.1 * libkea-pgsql71-2.6.5-150600.13.9.1 * libkea-hooks102-2.6.5-150600.13.9.1 * kea-devel-2.6.5-150600.13.9.1 * kea-hooks-debuginfo-2.6.5-150600.13.9.1 * libkea-cryptolink50-2.6.5-150600.13.9.1 * libkea-cc69-debuginfo-2.6.5-150600.13.9.1 * libkea-http72-2.6.5-150600.13.9.1 * kea-debuginfo-2.6.5-150600.13.9.1 * libkea-d2srv47-2.6.5-150600.13.9.1 * libkea-http72-debuginfo-2.6.5-150600.13.9.1 * libkea-stats41-debuginfo-2.6.5-150600.13.9.1 * libkea-eval69-2.6.5-150600.13.9.1 * libkea-exceptions33-2.6.5-150600.13.9.1 * python3-kea-2.6.5-150600.13.9.1 * libkea-exceptions33-debuginfo-2.6.5-150600.13.9.1 * libkea-asiodns49-debuginfo-2.6.5-150600.13.9.1 * libkea-cfgclient67-2.6.5-150600.13.9.1 * libkea-database62-debuginfo-2.6.5-150600.13.9.1 * libkea-tcp19-debuginfo-2.6.5-150600.13.9.1 * libkea-util87-debuginfo-2.6.5-150600.13.9.1 * libkea-dhcpsrv112-debuginfo-2.6.5-150600.13.9.1 * libkea-hooks102-debuginfo-2.6.5-150600.13.9.1 * libkea-asiolink72-2.6.5-150600.13.9.1 * libkea-dhcp_ddns57-debuginfo-2.6.5-150600.13.9.1 * libkea-util-io0-2.6.5-150600.13.9.1 * libkea-dns++57-debuginfo-2.6.5-150600.13.9.1 * libkea-mysql71-2.6.5-150600.13.9.1 * libkea-mysql71-debuginfo-2.6.5-150600.13.9.1 * kea-2.6.5-150600.13.9.1 * libkea-eval69-debuginfo-2.6.5-150600.13.9.1 * libkea-util-io0-debuginfo-2.6.5-150600.13.9.1 * libkea-database62-2.6.5-150600.13.9.1 * libkea-d2srv47-debuginfo-2.6.5-150600.13.9.1 * libkea-stats41-2.6.5-150600.13.9.1 * libkea-dns++57-2.6.5-150600.13.9.1 * libkea-process76-debuginfo-2.6.5-150600.13.9.1 * libkea-tcp19-2.6.5-150600.13.9.1 * libkea-dhcp_ddns57-2.6.5-150600.13.9.1 * libkea-util87-2.6.5-150600.13.9.1 * libkea-log61-debuginfo-2.6.5-150600.13.9.1 * libkea-cryptolink50-debuginfo-2.6.5-150600.13.9.1 * libkea-asiolink72-debuginfo-2.6.5-150600.13.9.1 * kea-debugsource-2.6.5-150600.13.9.1 * libkea-dhcpsrv112-2.6.5-150600.13.9.1 * libkea-dhcp++92-2.6.5-150600.13.9.1 * kea-hooks-2.6.5-150600.13.9.1 * libkea-cc69-2.6.5-150600.13.9.1 * libkea-cfgclient67-debuginfo-2.6.5-150600.13.9.1 * libkea-process76-2.6.5-150600.13.9.1 * libkea-dhcp++92-debuginfo-2.6.5-150600.13.9.1 * openSUSE Leap 15.6 (noarch) * kea-doc-2.6.5-150600.13.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libkea-log61-2.6.5-150600.13.9.1 * libkea-pgsql71-debuginfo-2.6.5-150600.13.9.1 * libkea-asiodns49-2.6.5-150600.13.9.1 * libkea-pgsql71-2.6.5-150600.13.9.1 * libkea-hooks102-2.6.5-150600.13.9.1 * kea-devel-2.6.5-150600.13.9.1 * kea-hooks-debuginfo-2.6.5-150600.13.9.1 * libkea-cryptolink50-2.6.5-150600.13.9.1 * libkea-cc69-debuginfo-2.6.5-150600.13.9.1 * libkea-http72-2.6.5-150600.13.9.1 * kea-debuginfo-2.6.5-150600.13.9.1 * libkea-d2srv47-2.6.5-150600.13.9.1 * libkea-http72-debuginfo-2.6.5-150600.13.9.1 * libkea-stats41-debuginfo-2.6.5-150600.13.9.1 * libkea-eval69-2.6.5-150600.13.9.1 * libkea-exceptions33-2.6.5-150600.13.9.1 * python3-kea-2.6.5-150600.13.9.1 * libkea-exceptions33-debuginfo-2.6.5-150600.13.9.1 * libkea-asiodns49-debuginfo-2.6.5-150600.13.9.1 * libkea-cfgclient67-2.6.5-150600.13.9.1 * libkea-database62-debuginfo-2.6.5-150600.13.9.1 * libkea-tcp19-debuginfo-2.6.5-150600.13.9.1 * libkea-util87-debuginfo-2.6.5-150600.13.9.1 * libkea-dhcpsrv112-debuginfo-2.6.5-150600.13.9.1 * libkea-hooks102-debuginfo-2.6.5-150600.13.9.1 * libkea-asiolink72-2.6.5-150600.13.9.1 * libkea-dhcp_ddns57-debuginfo-2.6.5-150600.13.9.1 * libkea-util-io0-2.6.5-150600.13.9.1 * libkea-dns++57-debuginfo-2.6.5-150600.13.9.1 * libkea-mysql71-2.6.5-150600.13.9.1 * libkea-mysql71-debuginfo-2.6.5-150600.13.9.1 * kea-2.6.5-150600.13.9.1 * libkea-eval69-debuginfo-2.6.5-150600.13.9.1 * libkea-util-io0-debuginfo-2.6.5-150600.13.9.1 * libkea-database62-2.6.5-150600.13.9.1 * libkea-d2srv47-debuginfo-2.6.5-150600.13.9.1 * libkea-stats41-2.6.5-150600.13.9.1 * libkea-dns++57-2.6.5-150600.13.9.1 * libkea-process76-debuginfo-2.6.5-150600.13.9.1 * libkea-tcp19-2.6.5-150600.13.9.1 * libkea-dhcp_ddns57-2.6.5-150600.13.9.1 * libkea-util87-2.6.5-150600.13.9.1 * libkea-log61-debuginfo-2.6.5-150600.13.9.1 * libkea-cryptolink50-debuginfo-2.6.5-150600.13.9.1 * libkea-asiolink72-debuginfo-2.6.5-150600.13.9.1 * kea-debugsource-2.6.5-150600.13.9.1 * libkea-dhcpsrv112-2.6.5-150600.13.9.1 * libkea-dhcp++92-2.6.5-150600.13.9.1 * kea-hooks-2.6.5-150600.13.9.1 * libkea-cc69-2.6.5-150600.13.9.1 * libkea-cfgclient67-debuginfo-2.6.5-150600.13.9.1 * libkea-process76-2.6.5-150600.13.9.1 * libkea-dhcp++92-debuginfo-2.6.5-150600.13.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * kea-doc-2.6.5-150600.13.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3608.html * https://bugzilla.suse.com/show_bug.cgi?id=1260380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 08:30:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 08:30:22 -0000 Subject: SUSE-SU-2026:1558-1: important: Security update for tomcat11 Message-ID: <177693302264.1159.4353310785828607998@d4c6dfb45de4> # Security update for tomcat11 Announcement ID: SUSE-SU-2026:1558-1 Release Date: 2026-04-22T16:24:40Z Rating: important References: * bsc#1258371 * bsc#1261850 * bsc#1261851 * bsc#1261852 * bsc#1261853 * bsc#1261854 * bsc#1261855 * bsc#1261856 * bsc#1261857 Cross-References: * CVE-2025-66614 * CVE-2026-24880 * CVE-2026-25854 * CVE-2026-29129 * CVE-2026-29145 * CVE-2026-29146 * CVE-2026-32990 * CVE-2026-34483 * CVE-2026-34486 * CVE-2026-34487 * CVE-2026-34500 CVSS scores: * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-25854 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29145 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29146 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-32990 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34483 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34500 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for tomcat11 fixes the following issues: Security fixes: * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). * CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371). Other fixes: * Update to Tomcat 11.0.21 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1558=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1558=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1558=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1558=1 ## Package List: * openSUSE Leap 15.6 (noarch) * tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1 * tomcat11-webapps-11.0.21-150600.13.18.1 * tomcat11-embed-11.0.21-150600.13.18.1 * tomcat11-jsvc-11.0.21-150600.13.18.1 * tomcat11-lib-11.0.21-150600.13.18.1 * tomcat11-doc-11.0.21-150600.13.18.1 * tomcat11-11.0.21-150600.13.18.1 * tomcat11-docs-webapp-11.0.21-150600.13.18.1 * tomcat11-admin-webapps-11.0.21-150600.13.18.1 * tomcat11-el-6_0-api-11.0.21-150600.13.18.1 * tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1 * Web and Scripting Module 15-SP7 (noarch) * tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1 * tomcat11-webapps-11.0.21-150600.13.18.1 * tomcat11-lib-11.0.21-150600.13.18.1 * tomcat11-11.0.21-150600.13.18.1 * tomcat11-admin-webapps-11.0.21-150600.13.18.1 * tomcat11-el-6_0-api-11.0.21-150600.13.18.1 * tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1 * tomcat11-webapps-11.0.21-150600.13.18.1 * tomcat11-lib-11.0.21-150600.13.18.1 * tomcat11-11.0.21-150600.13.18.1 * tomcat11-admin-webapps-11.0.21-150600.13.18.1 * tomcat11-el-6_0-api-11.0.21-150600.13.18.1 * tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1 * tomcat11-webapps-11.0.21-150600.13.18.1 * tomcat11-lib-11.0.21-150600.13.18.1 * tomcat11-11.0.21-150600.13.18.1 * tomcat11-admin-webapps-11.0.21-150600.13.18.1 * tomcat11-el-6_0-api-11.0.21-150600.13.18.1 * tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24880.html * https://www.suse.com/security/cve/CVE-2026-25854.html * https://www.suse.com/security/cve/CVE-2026-29129.html * https://www.suse.com/security/cve/CVE-2026-29145.html * https://www.suse.com/security/cve/CVE-2026-29146.html * https://www.suse.com/security/cve/CVE-2026-32990.html * https://www.suse.com/security/cve/CVE-2026-34483.html * https://www.suse.com/security/cve/CVE-2026-34486.html * https://www.suse.com/security/cve/CVE-2026-34487.html * https://www.suse.com/security/cve/CVE-2026-34500.html * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1261850 * https://bugzilla.suse.com/show_bug.cgi?id=1261851 * https://bugzilla.suse.com/show_bug.cgi?id=1261852 * https://bugzilla.suse.com/show_bug.cgi?id=1261853 * https://bugzilla.suse.com/show_bug.cgi?id=1261854 * https://bugzilla.suse.com/show_bug.cgi?id=1261855 * https://bugzilla.suse.com/show_bug.cgi?id=1261856 * https://bugzilla.suse.com/show_bug.cgi?id=1261857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 08:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 08:30:47 -0000 Subject: SUSE-SU-2026:1557-1: important: Security update for the Linux Kernel Message-ID: <177693304710.1159.16645832402201554649@d4c6dfb45de4> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1557-1 Release Date: 2026-04-22T16:24:13Z Rating: important References: * bsc#1246057 * bsc#1256504 * bsc#1256675 * bsc#1257773 * bsc#1259797 * bsc#1260005 * bsc#1260009 Cross-References: * CVE-2025-38234 * CVE-2025-68818 * CVE-2026-23103 * CVE-2026-23243 * CVE-2026-23272 * CVE-2026-23274 CVSS scores: * CVE-2025-38234 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). * CVE-2025-68818: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (bsc#1256675). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). The following non-security bugs were fixed: * watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1557=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1557=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1557=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1557=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.148.1 * kernel-rt-debuginfo-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-source-rt-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.148.1 * kernel-rt-debuginfo-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-source-rt-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.148.1 * kernel-rt-debuginfo-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-source-rt-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.148.1 * kernel-rt-debuginfo-5.14.21-150400.15.148.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-source-rt-5.14.21-150400.15.148.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38234.html * https://www.suse.com/security/cve/CVE-2025-68818.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://bugzilla.suse.com/show_bug.cgi?id=1246057 * https://bugzilla.suse.com/show_bug.cgi?id=1256504 * https://bugzilla.suse.com/show_bug.cgi?id=1256675 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 08:30:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 08:30:57 -0000 Subject: SUSE-SU-2026:1556-1: important: Security update for libraw Message-ID: <177693305797.1159.2765561862106902523@d4c6dfb45de4> # Security update for libraw Announcement ID: SUSE-SU-2026:1556-1 Release Date: 2026-04-22T16:24:03Z Rating: important References: * bsc#1261499 * bsc#1261671 * bsc#1261672 * bsc#1261673 * bsc#1261674 * bsc#1261676 Cross-References: * CVE-2026-20884 * CVE-2026-20889 * CVE-2026-20911 * CVE-2026-21413 * CVE-2026-24660 * CVE-2026-5342 CVSS scores: * CVE-2026-20884 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20884 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20889 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20889 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20911 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20911 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20911 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-21413 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-24660 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5342 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-5342 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-5342 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-5342 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2026-5342: out-of-bounds read via `LibRaw::nikon_load_padded_packed_raw` (bsc#1261499). * CVE-2026-20884: integer overflow and heap buffer overflow via `deflate_dng_load_raw` (bsc#1261671). * CVE-2026-20889: heap-based buffer overflow in `x3f_thumb_loader`(bsc#1261672). * CVE-2026-20911: heap-based buffer overflow in `HuffTable::initval`(bsc#1261673). * CVE-2026-21413: heap-based buffer overflow in `lossless_jpeg_load_raw` (bsc#1261674). * CVE-2026-24660: heap-based buffer overflow in `x3f_load_huffman` (bsc#1261676). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1556=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1556=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1556=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1556=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1556=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1556=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1556=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1556=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1556=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libraw-devel-static-0.20.2-150400.3.21.1 * libraw-tools-debuginfo-0.20.2-150400.3.21.1 * libraw20-0.20.2-150400.3.21.1 * libraw-debugsource-0.20.2-150400.3.21.1 * libraw-devel-0.20.2-150400.3.21.1 * libraw-tools-0.20.2-150400.3.21.1 * libraw20-debuginfo-0.20.2-150400.3.21.1 * openSUSE Leap 15.4 (x86_64) * libraw20-32bit-debuginfo-0.20.2-150400.3.21.1 * libraw20-32bit-0.20.2-150400.3.21.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libraw20-64bit-0.20.2-150400.3.21.1 * libraw20-64bit-debuginfo-0.20.2-150400.3.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libraw20-0.20.2-150400.3.21.1 * libraw20-debuginfo-0.20.2-150400.3.21.1 * libraw-debugsource-0.20.2-150400.3.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libraw20-0.20.2-150400.3.21.1 * libraw20-debuginfo-0.20.2-150400.3.21.1 * libraw-debugsource-0.20.2-150400.3.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libraw20-0.20.2-150400.3.21.1 * libraw20-debuginfo-0.20.2-150400.3.21.1 * libraw-debugsource-0.20.2-150400.3.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libraw20-0.20.2-150400.3.21.1 * libraw20-debuginfo-0.20.2-150400.3.21.1 * libraw-debugsource-0.20.2-150400.3.21.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libraw20-0.20.2-150400.3.21.1 * libraw20-debuginfo-0.20.2-150400.3.21.1 * libraw-debugsource-0.20.2-150400.3.21.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libraw20-0.20.2-150400.3.21.1 * libraw20-debuginfo-0.20.2-150400.3.21.1 * libraw-debugsource-0.20.2-150400.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libraw20-0.20.2-150400.3.21.1 * libraw20-debuginfo-0.20.2-150400.3.21.1 * libraw-debugsource-0.20.2-150400.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libraw20-0.20.2-150400.3.21.1 * libraw20-debuginfo-0.20.2-150400.3.21.1 * libraw-debugsource-0.20.2-150400.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20884.html * https://www.suse.com/security/cve/CVE-2026-20889.html * https://www.suse.com/security/cve/CVE-2026-20911.html * https://www.suse.com/security/cve/CVE-2026-21413.html * https://www.suse.com/security/cve/CVE-2026-24660.html * https://www.suse.com/security/cve/CVE-2026-5342.html * https://bugzilla.suse.com/show_bug.cgi?id=1261499 * https://bugzilla.suse.com/show_bug.cgi?id=1261671 * https://bugzilla.suse.com/show_bug.cgi?id=1261672 * https://bugzilla.suse.com/show_bug.cgi?id=1261673 * https://bugzilla.suse.com/show_bug.cgi?id=1261674 * https://bugzilla.suse.com/show_bug.cgi?id=1261676 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 08:31:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 08:31:09 -0000 Subject: SUSE-SU-2026:1555-1: important: Security update for libraw Message-ID: <177693306989.1159.11991837835756502212@d4c6dfb45de4> # Security update for libraw Announcement ID: SUSE-SU-2026:1555-1 Release Date: 2026-04-22T16:23:21Z Rating: important References: * bsc#1261499 * bsc#1261671 * bsc#1261672 * bsc#1261673 * bsc#1261674 * bsc#1261675 * bsc#1261676 Cross-References: * CVE-2026-20884 * CVE-2026-20889 * CVE-2026-20911 * CVE-2026-21413 * CVE-2026-24450 * CVE-2026-24660 * CVE-2026-5342 CVSS scores: * CVE-2026-20884 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20884 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20889 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20889 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20911 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20911 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20911 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-21413 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24450 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-24450 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-24450 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-24660 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5342 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-5342 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-5342 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-5342 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2026-5342: out-of-bounds read via `LibRaw::nikon_load_padded_packed_raw` (bsc#1261499). * CVE-2026-20884: integer overflow and heap buffer overflow via `deflate_dng_load_raw` (bsc#1261671). * CVE-2026-20889: heap-based buffer overflow in `x3f_thumb_loader`(bsc#1261672). * CVE-2026-20911: heap-based buffer overflow in `HuffTable::initval`(bsc#1261673). * CVE-2026-21413: heap-based buffer overflow in `lossless_jpeg_load_raw` (bsc#1261674). * CVE-2026-24450: integer overflow and heap buffer overflow via `uncompressed_fp_dng_load_raw` (bsc#1261675). * CVE-2026-24660: heap-based buffer overflow in `x3f_load_huffman` (bsc#1261676). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1555=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1555=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1555=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1555=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1555=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1555=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libraw-debugsource-0.21.1-150600.3.10.1 * libraw-tools-0.21.1-150600.3.10.1 * libraw-devel-0.21.1-150600.3.10.1 * libraw23-0.21.1-150600.3.10.1 * libraw23-debuginfo-0.21.1-150600.3.10.1 * libraw-tools-debuginfo-0.21.1-150600.3.10.1 * libraw-devel-static-0.21.1-150600.3.10.1 * openSUSE Leap 15.6 (x86_64) * libraw23-32bit-0.21.1-150600.3.10.1 * libraw23-32bit-debuginfo-0.21.1-150600.3.10.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libraw23-64bit-0.21.1-150600.3.10.1 * libraw23-64bit-debuginfo-0.21.1-150600.3.10.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libraw-debugsource-0.21.1-150600.3.10.1 * libraw23-debuginfo-0.21.1-150600.3.10.1 * libraw23-0.21.1-150600.3.10.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libraw-debugsource-0.21.1-150600.3.10.1 * libraw-tools-0.21.1-150600.3.10.1 * libraw-devel-0.21.1-150600.3.10.1 * libraw-tools-debuginfo-0.21.1-150600.3.10.1 * libraw-devel-static-0.21.1-150600.3.10.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libraw-debugsource-0.21.1-150600.3.10.1 * libraw23-debuginfo-0.21.1-150600.3.10.1 * libraw23-0.21.1-150600.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libraw-debugsource-0.21.1-150600.3.10.1 * libraw23-debuginfo-0.21.1-150600.3.10.1 * libraw23-0.21.1-150600.3.10.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libraw-debugsource-0.21.1-150600.3.10.1 * libraw-devel-0.21.1-150600.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20884.html * https://www.suse.com/security/cve/CVE-2026-20889.html * https://www.suse.com/security/cve/CVE-2026-20911.html * https://www.suse.com/security/cve/CVE-2026-21413.html * https://www.suse.com/security/cve/CVE-2026-24450.html * https://www.suse.com/security/cve/CVE-2026-24660.html * https://www.suse.com/security/cve/CVE-2026-5342.html * https://bugzilla.suse.com/show_bug.cgi?id=1261499 * https://bugzilla.suse.com/show_bug.cgi?id=1261671 * https://bugzilla.suse.com/show_bug.cgi?id=1261672 * https://bugzilla.suse.com/show_bug.cgi?id=1261673 * https://bugzilla.suse.com/show_bug.cgi?id=1261674 * https://bugzilla.suse.com/show_bug.cgi?id=1261675 * https://bugzilla.suse.com/show_bug.cgi?id=1261676 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 12:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 12:30:08 -0000 Subject: SUSE-SU-2026:1560-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) Message-ID: <177694740878.1232.3392942174518107256@4f4cd7bf4343> # Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1560-1 Release Date: 2026-04-23T05:47:33Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.127 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1560=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1560=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_32-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-5-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_32-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-5-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 12:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 12:30:21 -0000 Subject: SUSE-SU-2026:1565-1: moderate: Security update for libssh Message-ID: <177694742115.1232.10436118837148792455@4f4cd7bf4343> # Security update for libssh Announcement ID: SUSE-SU-2026:1565-1 Release Date: 2026-04-23T07:08:39Z Rating: moderate References: * bsc#1258045 * bsc#1258049 * bsc#1258054 * bsc#1258080 * bsc#1258081 * bsc#1259377 Cross-References: * CVE-2026-0964 * CVE-2026-0965 * CVE-2026-0966 * CVE-2026-0967 * CVE-2026-0968 * CVE-2026-3731 CVSS scores: * CVE-2026-0964 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-0964 ( NVD ): 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-0965 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0965 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0966 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-0966 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-0967 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0967 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0967 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0967 ( NVD ): 2.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3731 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3731 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3731 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3731 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3731 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves six vulnerabilities can now be installed. ## Description: This update for libssh fixes the following issues: * CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). * CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). * CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). * CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). * CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). * CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1565=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1565=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1565=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1565=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1565=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1565=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libssh4-debuginfo-0.9.8-150400.3.17.1 * libssh-config-0.9.8-150400.3.17.1 * libssh4-0.9.8-150400.3.17.1 * libssh-devel-0.9.8-150400.3.17.1 * libssh-debugsource-0.9.8-150400.3.17.1 * openSUSE Leap 15.4 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.17.1 * libssh4-32bit-0.9.8-150400.3.17.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libssh4-64bit-debuginfo-0.9.8-150400.3.17.1 * libssh4-64bit-0.9.8-150400.3.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libssh4-debuginfo-0.9.8-150400.3.17.1 * libssh-debugsource-0.9.8-150400.3.17.1 * libssh-config-0.9.8-150400.3.17.1 * libssh4-0.9.8-150400.3.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libssh4-debuginfo-0.9.8-150400.3.17.1 * libssh-debugsource-0.9.8-150400.3.17.1 * libssh-config-0.9.8-150400.3.17.1 * libssh4-0.9.8-150400.3.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libssh4-debuginfo-0.9.8-150400.3.17.1 * libssh-debugsource-0.9.8-150400.3.17.1 * libssh-config-0.9.8-150400.3.17.1 * libssh4-0.9.8-150400.3.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libssh4-debuginfo-0.9.8-150400.3.17.1 * libssh-debugsource-0.9.8-150400.3.17.1 * libssh-config-0.9.8-150400.3.17.1 * libssh4-0.9.8-150400.3.17.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libssh4-debuginfo-0.9.8-150400.3.17.1 * libssh-debugsource-0.9.8-150400.3.17.1 * libssh-config-0.9.8-150400.3.17.1 * libssh4-0.9.8-150400.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0964.html * https://www.suse.com/security/cve/CVE-2026-0965.html * https://www.suse.com/security/cve/CVE-2026-0966.html * https://www.suse.com/security/cve/CVE-2026-0967.html * https://www.suse.com/security/cve/CVE-2026-0968.html * https://www.suse.com/security/cve/CVE-2026-3731.html * https://bugzilla.suse.com/show_bug.cgi?id=1258045 * https://bugzilla.suse.com/show_bug.cgi?id=1258049 * https://bugzilla.suse.com/show_bug.cgi?id=1258054 * https://bugzilla.suse.com/show_bug.cgi?id=1258080 * https://bugzilla.suse.com/show_bug.cgi?id=1258081 * https://bugzilla.suse.com/show_bug.cgi?id=1259377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 12:30:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 12:30:34 -0000 Subject: SUSE-SU-2026:1563-1: important: Security update for the Linux Kernel Message-ID: <177694743483.1232.4053113781278862080@4f4cd7bf4343> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1563-1 Release Date: 2026-04-23T07:08:11Z Rating: important References: * bsc#1246057 * bsc#1256504 * bsc#1256675 * bsc#1257773 * bsc#1259797 * bsc#1260005 * bsc#1260009 Cross-References: * CVE-2025-38234 * CVE-2025-68818 * CVE-2026-23103 * CVE-2026-23243 * CVE-2026-23272 * CVE-2026-23274 CVSS scores: * CVE-2025-38234 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). The following non security issue was fixed: * watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1563=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1563=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1563=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1563=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1563=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-1563=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1563=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1563=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1563=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1563=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1563=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (noarch) * kernel-docs-html-5.14.21-150400.24.200.1 * kernel-macros-5.14.21-150400.24.200.1 * kernel-devel-5.14.21-150400.24.200.1 * kernel-source-vanilla-5.14.21-150400.24.200.1 * kernel-source-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150400.24.200.1 * kernel-default-base-rebuild-5.14.21-150400.24.200.1.150400.24.102.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.200.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.200.1 * kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.200.1 * ocfs2-kmp-default-5.14.21-150400.24.200.1 * kernel-syms-5.14.21-150400.24.200.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.200.1 * kselftests-kmp-default-5.14.21-150400.24.200.1 * dlm-kmp-default-5.14.21-150400.24.200.1 * kernel-default-extra-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-devel-5.14.21-150400.24.200.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.200.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-livepatch-5.14.21-150400.24.200.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.200.1 * cluster-md-kmp-default-5.14.21-150400.24.200.1 * gfs2-kmp-default-5.14.21-150400.24.200.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.200.1 * kernel-obs-build-5.14.21-150400.24.200.1 * kernel-default-optional-5.14.21-150400.24.200.1 * reiserfs-kmp-default-5.14.21-150400.24.200.1 * kernel-obs-build-debugsource-5.14.21-150400.24.200.1 * kernel-obs-qa-5.14.21-150400.24.200.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_200-default-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-1-150400.9.3.1 * kernel-default-livepatch-devel-5.14.21-150400.24.200.1 * kernel-livepatch-SLE15-SP4_Update_50-debugsource-1-150400.9.3.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.200.1 * kernel-zfcpdump-debugsource-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (aarch64) * dtb-altera-5.14.21-150400.24.200.1 * dlm-kmp-64kb-5.14.21-150400.24.200.1 * kernel-64kb-debuginfo-5.14.21-150400.24.200.1 * dtb-amazon-5.14.21-150400.24.200.1 * dtb-nvidia-5.14.21-150400.24.200.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.200.1 * dtb-lg-5.14.21-150400.24.200.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.200.1 * dtb-apple-5.14.21-150400.24.200.1 * gfs2-kmp-64kb-5.14.21-150400.24.200.1 * kernel-64kb-optional-5.14.21-150400.24.200.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.200.1 * dtb-xilinx-5.14.21-150400.24.200.1 * kernel-64kb-devel-5.14.21-150400.24.200.1 * dtb-exynos-5.14.21-150400.24.200.1 * kselftests-kmp-64kb-5.14.21-150400.24.200.1 * kernel-64kb-debugsource-5.14.21-150400.24.200.1 * dtb-freescale-5.14.21-150400.24.200.1 * dtb-socionext-5.14.21-150400.24.200.1 * cluster-md-kmp-64kb-5.14.21-150400.24.200.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.200.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.200.1 * ocfs2-kmp-64kb-5.14.21-150400.24.200.1 * dtb-amd-5.14.21-150400.24.200.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.200.1 * dtb-cavium-5.14.21-150400.24.200.1 * dtb-renesas-5.14.21-150400.24.200.1 * kernel-64kb-extra-5.14.21-150400.24.200.1 * dtb-rockchip-5.14.21-150400.24.200.1 * dtb-broadcom-5.14.21-150400.24.200.1 * dtb-mediatek-5.14.21-150400.24.200.1 * dtb-allwinner-5.14.21-150400.24.200.1 * dtb-marvell-5.14.21-150400.24.200.1 * dtb-amlogic-5.14.21-150400.24.200.1 * dtb-sprd-5.14.21-150400.24.200.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.200.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.200.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.200.1 * dtb-apm-5.14.21-150400.24.200.1 * reiserfs-kmp-64kb-5.14.21-150400.24.200.1 * dtb-arm-5.14.21-150400.24.200.1 * dtb-qcom-5.14.21-150400.24.200.1 * dtb-hisilicon-5.14.21-150400.24.200.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-macros-5.14.21-150400.24.200.1 * kernel-source-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-macros-5.14.21-150400.24.200.1 * kernel-source-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-macros-5.14.21-150400.24.200.1 * kernel-source-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-macros-5.14.21-150400.24.200.1 * kernel-source-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debuginfo-5.14.21-150400.24.200.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.200.1 * ocfs2-kmp-default-5.14.21-150400.24.200.1 * cluster-md-kmp-default-5.14.21-150400.24.200.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.200.1 * dlm-kmp-default-5.14.21-150400.24.200.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.200.1 * gfs2-kmp-default-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150400.24.200.1 * kernel-64kb-debuginfo-5.14.21-150400.24.200.1 * kernel-64kb-devel-5.14.21-150400.24.200.1 * kernel-64kb-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.200.1 * kernel-default-devel-5.14.21-150400.24.200.1 * kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1 * kernel-obs-build-debugsource-5.14.21-150400.24.200.1 * kernel-syms-5.14.21-150400.24.200.1 * reiserfs-kmp-default-5.14.21-150400.24.200.1 * kernel-obs-build-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * kernel-macros-5.14.21-150400.24.200.1 * kernel-devel-5.14.21-150400.24.200.1 * kernel-source-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150400.24.200.1 * kernel-64kb-debuginfo-5.14.21-150400.24.200.1 * kernel-64kb-devel-5.14.21-150400.24.200.1 * kernel-64kb-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.200.1 * kernel-default-devel-5.14.21-150400.24.200.1 * kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1 * kernel-obs-build-debugsource-5.14.21-150400.24.200.1 * kernel-syms-5.14.21-150400.24.200.1 * reiserfs-kmp-default-5.14.21-150400.24.200.1 * kernel-obs-build-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * kernel-macros-5.14.21-150400.24.200.1 * kernel-devel-5.14.21-150400.24.200.1 * kernel-source-5.14.21-150400.24.200.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150400.24.200.1 * kernel-64kb-debuginfo-5.14.21-150400.24.200.1 * kernel-64kb-devel-5.14.21-150400.24.200.1 * kernel-64kb-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.200.1 * kernel-default-devel-5.14.21-150400.24.200.1 * kernel-syms-5.14.21-150400.24.200.1 * kernel-obs-build-debugsource-5.14.21-150400.24.200.1 * reiserfs-kmp-default-5.14.21-150400.24.200.1 * kernel-obs-build-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * kernel-macros-5.14.21-150400.24.200.1 * kernel-devel-5.14.21-150400.24.200.1 * kernel-source-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc) * kernel-docs-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.200.1 * kernel-zfcpdump-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.200.1 * kernel-default-devel-5.14.21-150400.24.200.1 * kernel-default-base-5.14.21-150400.24.200.1.150400.24.102.1 * kernel-obs-build-debugsource-5.14.21-150400.24.200.1 * kernel-syms-5.14.21-150400.24.200.1 * reiserfs-kmp-default-5.14.21-150400.24.200.1 * kernel-obs-build-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * kernel-macros-5.14.21-150400.24.200.1 * kernel-devel-5.14.21-150400.24.200.1 * kernel-source-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.200.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_200-default-1-150400.9.3.1 * kernel-default-debuginfo-5.14.21-150400.24.200.1 * kernel-default-livepatch-5.14.21-150400.24.200.1 * kernel-livepatch-SLE15-SP4_Update_50-debugsource-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-1-150400.9.3.1 * kernel-default-livepatch-devel-5.14.21-150400.24.200.1 * kernel-default-debugsource-5.14.21-150400.24.200.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38234.html * https://www.suse.com/security/cve/CVE-2025-68818.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://bugzilla.suse.com/show_bug.cgi?id=1246057 * https://bugzilla.suse.com/show_bug.cgi?id=1256504 * https://bugzilla.suse.com/show_bug.cgi?id=1256675 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 12:30:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 12:30:38 -0000 Subject: SUSE-SU-2026:1562-1: moderate: Security update for openssl-1_1 Message-ID: <177694743856.1232.9552657490187229224@4f4cd7bf4343> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1562-1 Release Date: 2026-04-23T07:06:13Z Rating: moderate References: * bsc#1261678 Cross-References: * CVE-2026-28390 CVSS scores: * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1562=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1562=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1562=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1562=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1562=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1562=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1562=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1562=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1562=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-1_1-debugsource-1.1.1l-150400.7.93.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-1.1.1l-150400.7.93.1 * openssl-1_1-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-1.1.1l-150400.7.93.1 * libopenssl1_1-1.1.1l-150400.7.93.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1 * libopenssl1_1-32bit-1.1.1l-150400.7.93.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.93.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl1_1-64bit-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-64bit-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-64bit-1.1.1l-150400.7.93.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.93.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-1.1.1l-150400.7.93.1 * openssl-1_1-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-1.1.1l-150400.7.93.1 * libopenssl1_1-1.1.1l-150400.7.93.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.93.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-1.1.1l-150400.7.93.1 * openssl-1_1-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-1.1.1l-150400.7.93.1 * libopenssl1_1-1.1.1l-150400.7.93.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.93.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-1.1.1l-150400.7.93.1 * openssl-1_1-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-1.1.1l-150400.7.93.1 * libopenssl1_1-1.1.1l-150400.7.93.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.93.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-1.1.1l-150400.7.93.1 * openssl-1_1-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-1.1.1l-150400.7.93.1 * libopenssl1_1-1.1.1l-150400.7.93.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.93.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-1.1.1l-150400.7.93.1 * openssl-1_1-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-1.1.1l-150400.7.93.1 * libopenssl1_1-1.1.1l-150400.7.93.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-32bit-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.93.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-1.1.1l-150400.7.93.1 * openssl-1_1-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-1.1.1l-150400.7.93.1 * libopenssl1_1-1.1.1l-150400.7.93.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-32bit-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.93.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-1.1.1l-150400.7.93.1 * openssl-1_1-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-1.1.1l-150400.7.93.1 * libopenssl1_1-1.1.1l-150400.7.93.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-32bit-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.93.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-hmac-1.1.1l-150400.7.93.1 * openssl-1_1-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-1.1.1l-150400.7.93.1 * libopenssl1_1-1.1.1l-150400.7.93.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.93.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.93.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.93.1 * libopenssl1_1-32bit-1.1.1l-150400.7.93.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28390.html * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:30:21 -0000 Subject: SUSE-SU-2026:21265-1: moderate: Security update for kernel-livepatch-MICRO-6-0-RT_Update_19 Message-ID: <177696182128.2126.17801288564059965032@46b3146b979a> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_19 Announcement ID: SUSE-SU-2026:21265-1 Release Date: 2026-04-17T15:23:06Z Rating: moderate References: * bsc#1103203 * bsc#1149841 * bsc#1196281 * bsc#1244337 * bsc#1248108 * bsc#904970 * bsc#907150 * bsc#920615 * bsc#920633 * bsc#930408 * jsc#PED-14811 * jsc#PED-7906 Affected Products: * SUSE Linux Micro 6.1 An update that contains two features and has 10 fixes can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_19 fixes the following issues: * New livepatch SLE Micro 6.0/6.1 kernel update 19 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-343=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-41-rt-debuginfo-1-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_19-debugsource-1-1.1 * kernel-livepatch-6_4_0-41-rt-1-1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1103203 * https://bugzilla.suse.com/show_bug.cgi?id=1149841 * https://bugzilla.suse.com/show_bug.cgi?id=1196281 * https://bugzilla.suse.com/show_bug.cgi?id=1244337 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 * https://bugzilla.suse.com/show_bug.cgi?id=904970 * https://bugzilla.suse.com/show_bug.cgi?id=907150 * https://bugzilla.suse.com/show_bug.cgi?id=920615 * https://bugzilla.suse.com/show_bug.cgi?id=920633 * https://bugzilla.suse.com/show_bug.cgi?id=930408 * https://jira.suse.com/browse/PED-14811 * https://jira.suse.com/browse/PED-7906 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:30:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:30:40 -0000 Subject: SUSE-SU-2026:21263-1: moderate: Security update for libvirt Message-ID: <177696184032.2126.2627856839062289682@46b3146b979a> # Security update for libvirt Announcement ID: SUSE-SU-2026:21263-1 Release Date: 2026-04-21T08:35:50Z Rating: moderate References: * bsc#1235079 * bsc#1253278 * bsc#1253703 * bsc#1258345 Cross-References: * CVE-2025-12748 * CVE-2025-13193 CVSS scores: * CVE-2025-12748 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-12748 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-12748 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13193 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-13193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-13193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for libvirt fixes the following issues: * CVE-2025-12748: Denial of service in XML parsing (bsc#1253278). * CVE-2025-13193: Information disclosure via world-readable VM snapshots (bsc#1253703). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-498=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libvirt-daemon-plugin-lockd-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-network-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-nodedev-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-core-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-disk-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-disk-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-common-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-proxy-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-secret-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-lock-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-client-qemu-10.0.0-slfo.1.1_2.1 * libvirt-daemon-lock-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-mpath-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-config-network-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-mpath-10.0.0-slfo.1.1_2.1 * libvirt-libs-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-nodedev-10.0.0-slfo.1.1_2.1 * libvirt-daemon-log-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-network-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-10.0.0-slfo.1.1_2.1 * libvirt-nss-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-common-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-qemu-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-iscsi-10.0.0-slfo.1.1_2.1 * libvirt-libs-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-nwfilter-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-nwfilter-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-logical-10.0.0-slfo.1.1_2.1 * libvirt-daemon-qemu-10.0.0-slfo.1.1_2.1 * libvirt-nss-10.0.0-slfo.1.1_2.1 * libvirt-client-10.0.0-slfo.1.1_2.1 * libvirt-debugsource-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-iscsi-direct-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-secret-10.0.0-slfo.1.1_2.1 * libvirt-daemon-hooks-10.0.0-slfo.1.1_2.1 * libvirt-daemon-plugin-lockd-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-core-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-scsi-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-qemu-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-client-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-scsi-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-proxy-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-logical-debuginfo-10.0.0-slfo.1.1_2.1 * libvirt-daemon-log-debuginfo-10.0.0-slfo.1.1_2.1 * SUSE Linux Micro 6.1 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-10.0.0-slfo.1.1_2.1 * libvirt-daemon-driver-storage-rbd-debuginfo-10.0.0-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12748.html * https://www.suse.com/security/cve/CVE-2025-13193.html * https://bugzilla.suse.com/show_bug.cgi?id=1235079 * https://bugzilla.suse.com/show_bug.cgi?id=1253278 * https://bugzilla.suse.com/show_bug.cgi?id=1253703 * https://bugzilla.suse.com/show_bug.cgi?id=1258345 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:30:47 -0000 Subject: SUSE-SU-2026:21262-1: moderate: Security update for libpng16 Message-ID: <177696184701.2126.8008075073844995341@46b3146b979a> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21262-1 Release Date: 2026-04-21T08:33:03Z Rating: moderate References: * bsc#1261957 Cross-References: * CVE-2026-34757 CVSS scores: * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issue: * CVE-2026-34757: libpng: Information disclosure and data corruption via use- after-free vulnerability (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-499=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libpng16-16-1.6.43-slfo.1.1_5.1 * libpng16-16-debuginfo-1.6.43-slfo.1.1_5.1 * libpng16-debugsource-1.6.43-slfo.1.1_5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1261957 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:30:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:30:51 -0000 Subject: SUSE-SU-2026:21261-1: moderate: Security update for ncurses Message-ID: <177696185182.2126.12001718715472312411@46b3146b979a> # Security update for ncurses Announcement ID: SUSE-SU-2026:21261-1 Release Date: 2026-04-21T08:29:18Z Rating: moderate References: * bsc#1259924 Cross-References: * CVE-2025-69720 CVSS scores: * CVE-2025-69720 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-69720 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2025-69720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-69720 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2025-69720 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for ncurses fixes the following issue: * CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-500=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * ncurses-utils-6.4.20240224-slfo.1.1_2.1 * terminfo-base-6.4.20240224-slfo.1.1_2.1 * ncurses-debugsource-6.4.20240224-slfo.1.1_2.1 * libncurses6-6.4.20240224-slfo.1.1_2.1 * libncurses6-debuginfo-6.4.20240224-slfo.1.1_2.1 * ncurses-utils-debuginfo-6.4.20240224-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-69720.html * https://bugzilla.suse.com/show_bug.cgi?id=1259924 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:31:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:31:29 -0000 Subject: SUSE-SU-2026:21257-1: important: Security update for libcap Message-ID: <177696188936.2126.17949735891965907567@46b3146b979a> # Security update for libcap Announcement ID: SUSE-SU-2026:21257-1 Release Date: 2026-04-20T17:04:13Z Rating: important References: * bsc#1261809 Cross-References: * CVE-2026-4878 CVSS scores: * CVE-2026-4878 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4878 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4878 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issue: * CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in `cap_set_file()` (bsc#1261809). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-494=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libcap2-2.69-slfo.1.1_2.1 * libcap2-debuginfo-2.69-slfo.1.1_2.1 * libcap-debugsource-2.69-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4878.html * https://bugzilla.suse.com/show_bug.cgi?id=1261809 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:31:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:31:38 -0000 Subject: SUSE-SU-2026:21256-1: important: Security update for cockpit-podman Message-ID: <177696189831.2126.13561412125022873397@46b3146b979a> # Security update for cockpit-podman Announcement ID: SUSE-SU-2026:21256-1 Release Date: 2026-04-17T20:05:33Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-podman fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-492=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * cockpit-podman-91-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:04 -0000 Subject: SUSE-SU-2026:21255-1: important: Security update for the Linux Kernel Message-ID: <177696204464.2126.5910671289343449157@46b3146b979a> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21255-1 Release Date: 2026-04-17T17:38:17Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258447 * bsc#1258524 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71125 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves 59 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Micro (RT) 6.0 and 6.1 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: register hooks last when adding new chain/flowtable (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: export bpf_link_inc_not_zero (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * comedi: Reinit dev-spinlock between attachments to low-level drivers (git- fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: don't use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: use ethtool string helpers (git-fixes). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186 bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669 ltc#212590). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669 ltc#212590). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: don't power off roothub PHYs if phy_set_mode() fails (git-fixes). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-342=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * kernel-devel-rt-6.4.0-41.1 * kernel-source-rt-6.4.0-41.1 * SUSE Linux Micro 6.1 (aarch64 nosrc x86_64) * kernel-rt-6.4.0-41.1 * SUSE Linux Micro 6.1 (aarch64 x86_64) * kernel-rt-devel-6.4.0-41.1 * kernel-rt-debugsource-6.4.0-41.1 * kernel-rt-debuginfo-6.4.0-41.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-rt-devel-debuginfo-6.4.0-41.1 * kernel-rt-livepatch-6.4.0-41.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:13 -0000 Subject: SUSE-SU-2026:21254-1: important: Security update for python311 Message-ID: <177696205374.2126.10765086800197500996@46b3146b979a> # Security update for python311 Announcement ID: SUSE-SU-2026:21254-1 Release Date: 2026-04-16T13:24:01Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-490=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * python311-3.11.15-slfo.1.1_3.1 * python311-curses-3.11.15-slfo.1.1_3.1 * python311-debugsource-3.11.15-slfo.1.1_3.1 * python311-debuginfo-3.11.15-slfo.1.1_3.1 * python311-core-debugsource-3.11.15-slfo.1.1_3.1 * python311-base-debuginfo-3.11.15-slfo.1.1_3.1 * python311-curses-debuginfo-3.11.15-slfo.1.1_3.1 * libpython3_11-1_0-3.11.15-slfo.1.1_3.1 * libpython3_11-1_0-debuginfo-3.11.15-slfo.1.1_3.1 * python311-base-3.11.15-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:18 -0000 Subject: SUSE-SU-2026:21253-1: important: Security update for cockpit-machines Message-ID: <177696205862.2126.1130140681886000482@46b3146b979a> # Security update for cockpit-machines Announcement ID: SUSE-SU-2026:21253-1 Release Date: 2026-04-16T13:14:04Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-machines fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-489=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * cockpit-machines-316-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:22 -0000 Subject: SUSE-SU-2026:21252-1: important: Security update for sudo Message-ID: <177696206204.2126.1066335127273163367@46b3146b979a> # Security update for sudo Announcement ID: SUSE-SU-2026:21252-1 Release Date: 2026-04-16T12:53:36Z Rating: important References: * bsc#1261420 Cross-References: * CVE-2026-35535 CVSS scores: * CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for sudo fixes the following issues: * CVE-2026-35535: unhandled failure of `setuid`, `setgid` or `setgroups` calls during a mailer privilege drop allows for local privilege escalation (bsc#1261420). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-491=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * sudo-debugsource-1.9.15p5-slfo.1.1_3.1 * sudo-1.9.15p5-slfo.1.1_3.1 * sudo-debuginfo-1.9.15p5-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35535.html * https://bugzilla.suse.com/show_bug.cgi?id=1261420 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:25 -0000 Subject: SUSE-SU-2026:21251-1: moderate: Security update for libpng16 Message-ID: <177696206535.2126.1171133932200873679@46b3146b979a> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21251-1 Release Date: 2026-04-21T08:57:43Z Rating: moderate References: * bsc#1261957 Cross-References: * CVE-2026-34757 CVSS scores: * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issue: * CVE-2026-34757: libpng: Information disclosure and data corruption via use- after-free vulnerability (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-680=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libpng16-debugsource-1.6.43-5.1 * libpng16-16-debuginfo-1.6.43-5.1 * libpng16-16-1.6.43-5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1261957 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:28 -0000 Subject: SUSE-SU-2026:21250-1: moderate: Security update for openvswitch Message-ID: <177696206824.2126.12581145254348413583@46b3146b979a> # Security update for openvswitch Announcement ID: SUSE-SU-2026:21250-1 Release Date: 2026-04-21T08:57:43Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issue: * CVE-2026-34956: Invalid memory access in conntrack FTP alg (bsc#1261273). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-678=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * openvswitch-debugsource-3.1.7-5.1 * openvswitch-debuginfo-3.1.7-5.1 * libopenvswitch-3_1-0-debuginfo-3.1.7-5.1 * openvswitch-3.1.7-5.1 * libopenvswitch-3_1-0-3.1.7-5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:45 -0000 Subject: SUSE-SU-2026:21247-1: moderate: Security update for ncurses Message-ID: <177696208530.2126.14091763454095481606@46b3146b979a> # Security update for ncurses Announcement ID: SUSE-SU-2026:21247-1 Release Date: 2026-04-21T08:52:32Z Rating: moderate References: * bsc#1259924 Cross-References: * CVE-2025-69720 CVSS scores: * CVE-2025-69720 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-69720 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2025-69720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-69720 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2025-69720 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for ncurses fixes the following issue: * CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-681=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libncurses6-debuginfo-6.4.20240224-11.1 * ncurses-debugsource-6.4.20240224-11.1 * ncurses-utils-6.4.20240224-11.1 * libncurses6-6.4.20240224-11.1 * terminfo-base-6.4.20240224-11.1 * ncurses-utils-debuginfo-6.4.20240224-11.1 ## References: * https://www.suse.com/security/cve/CVE-2025-69720.html * https://bugzilla.suse.com/show_bug.cgi?id=1259924 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:49 -0000 Subject: SUSE-SU-2026:21246-1: important: Security update for cockpit-machines Message-ID: <177696208973.2126.7051972200224018281@46b3146b979a> # Security update for cockpit-machines Announcement ID: SUSE-SU-2026:21246-1 Release Date: 2026-04-20T13:06:17Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-machines fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-670=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * cockpit-machines-305-4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:56 -0000 Subject: SUSE-SU-2026:21245-1: important: Security update for cockpit-tukit Message-ID: <177696209626.2126.749785541373841018@46b3146b979a> # Security update for cockpit-tukit Announcement ID: SUSE-SU-2026:21245-1 Release Date: 2026-04-20T13:05:43Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-tukit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-673=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * cockpit-tukit-0.1.2~git0.647b3e3-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:34:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:34:59 -0000 Subject: SUSE-SU-2026:21244-1: moderate: Security update for openssl-3 Message-ID: <177696209924.2126.3718267661200089649@46b3146b979a> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:21244-1 Release Date: 2026-04-20T13:01:14Z Rating: moderate References: * bsc#1261678 Cross-References: * CVE-2026-28390 CVSS scores: * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-672=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libopenssl3-debuginfo-3.1.4-13.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-13.1 * openssl-3-3.1.4-13.1 * openssl-3-debugsource-3.1.4-13.1 * libopenssl-3-fips-provider-3.1.4-13.1 * openssl-3-debuginfo-3.1.4-13.1 * libopenssl3-3.1.4-13.1 * libopenssl-3-devel-3.1.4-13.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28390.html * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:35:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:35:02 -0000 Subject: SUSE-SU-2026:21243-1: important: Security update for libcap Message-ID: <177696210251.2126.846861143724258758@46b3146b979a> # Security update for libcap Announcement ID: SUSE-SU-2026:21243-1 Release Date: 2026-04-20T12:44:49Z Rating: important References: * bsc#1261809 Cross-References: * CVE-2026-4878 CVSS scores: * CVE-2026-4878 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4878 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4878 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issues: * CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in `cap_set_file()` (bsc#1261809). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-675=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libcap2-2.69-3.1 * libcap2-debuginfo-2.69-3.1 * libcap-debugsource-2.69-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4878.html * https://bugzilla.suse.com/show_bug.cgi?id=1261809 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:35:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:35:19 -0000 Subject: SUSE-SU-2026:21242-1: moderate: Security update for kernel-livepatch-MICRO-6-0-RT_Update_19 Message-ID: <177696211962.2126.14954964856916112617@46b3146b979a> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_19 Announcement ID: SUSE-SU-2026:21242-1 Release Date: 2026-04-17T15:23:06Z Rating: moderate References: * bsc#1103203 * bsc#1149841 * bsc#1196281 * bsc#1244337 * bsc#1248108 * bsc#904970 * bsc#907150 * bsc#920615 * bsc#920633 * bsc#930408 * jsc#PED-14811 * jsc#PED-7906 Affected Products: * SUSE Linux Micro 6.0 An update that contains two features and has 10 fixes can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_19 fixes the following issues: * New livepatch SLE Micro 6.0/6.1 kernel update 19 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-343=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-41-rt-debuginfo-1-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_19-debugsource-1-1.1 * kernel-livepatch-6_4_0-41-rt-1-1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1103203 * https://bugzilla.suse.com/show_bug.cgi?id=1149841 * https://bugzilla.suse.com/show_bug.cgi?id=1196281 * https://bugzilla.suse.com/show_bug.cgi?id=1244337 * https://bugzilla.suse.com/show_bug.cgi?id=1248108 * https://bugzilla.suse.com/show_bug.cgi?id=904970 * https://bugzilla.suse.com/show_bug.cgi?id=907150 * https://bugzilla.suse.com/show_bug.cgi?id=920615 * https://bugzilla.suse.com/show_bug.cgi?id=920633 * https://bugzilla.suse.com/show_bug.cgi?id=930408 * https://jira.suse.com/browse/PED-14811 * https://jira.suse.com/browse/PED-7906 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 16:37:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 16:37:40 -0000 Subject: SUSE-SU-2026:21241-1: important: Security update for the Linux Kernel Message-ID: <177696226039.2126.10247419134626570944@46b3146b979a> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21241-1 Release Date: 2026-04-17T15:22:13Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257836 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258447 * bsc#1258524 * bsc#1258641 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71125 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-25547 * CVE-2026-26996 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.0 An update that solves 61 vulnerabilities and has 21 fixes can now be installed. ## Security update for the Linux Kernel ### Description: The SUSE Linux Micro (RT) 6.0 and 6.1 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: register hooks last when adding new chain/flowtable (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: export bpf_link_inc_not_zero (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * comedi: Reinit dev-spinlock between attachments to low-level drivers (git- fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: don't use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: use ethtool string helpers (git-fixes). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186 bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669 ltc#212590). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669 ltc#212590). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: don't power off roothub PHYs if phy_set_mode() fails (git-fixes). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Security update for cockpit ### Description: This update for cockpit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Security update for the Linux Kernel ### Description: The SUSE Linux Micro (RT) 6.0 and 6.1 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: register hooks last when adding new chain/flowtable (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: export bpf_link_inc_not_zero (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * comedi: Reinit dev-spinlock between attachments to low-level drivers (git- fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: don't use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: use ethtool string helpers (git-fixes). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186 bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669 ltc#212590). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669 ltc#212590). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: don't power off roothub PHYs if phy_set_mode() fails (git-fixes). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-kernel-342=1 * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-342=1 * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-488=1 ## Package List: * SUSE Linux Micro Extras 6.0 (nosrc) * kernel-rt-6.4.0-41.1 * SUSE Linux Micro Extras 6.0 (x86_64) * kernel-rt-devel-6.4.0-41.1 * kernel-rt-debugsource-6.4.0-41.1 * kernel-rt-devel-debuginfo-6.4.0-41.1 * SUSE Linux Micro 6.0 (noarch) * kernel-devel-rt-6.4.0-41.1 * kernel-source-rt-6.4.0-41.1 * SUSE Linux Micro 6.0 (nosrc x86_64) * kernel-rt-6.4.0-41.1 * SUSE Linux Micro 6.0 (x86_64) * kernel-rt-livepatch-6.4.0-41.1 * kernel-rt-debugsource-6.4.0-41.1 * kernel-rt-debuginfo-6.4.0-41.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * cockpit-debuginfo-322-slfo.1.1_3.1 * cockpit-ws-322-slfo.1.1_3.1 * cockpit-322-slfo.1.1_3.1 * cockpit-bridge-322-slfo.1.1_3.1 * cockpit-ws-debuginfo-322-slfo.1.1_3.1 * cockpit-bridge-debuginfo-322-slfo.1.1_3.1 * cockpit-debugsource-322-slfo.1.1_3.1 * SUSE Linux Micro 6.1 (noarch) * cockpit-networkmanager-322-slfo.1.1_3.1 * cockpit-system-322-slfo.1.1_3.1 * cockpit-storaged-322-slfo.1.1_3.1 * cockpit-selinux-322-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 20:31:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 20:31:27 -0000 Subject: SUSE-SU-2026:1573-1: important: Security update for the Linux Kernel Message-ID: <177697628792.1901.5649885914007842644@a0a563bcf2df> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1573-1 Release Date: 2026-04-23T15:52:41Z Rating: important References: * bsc#1226591 * bsc#1243208 * bsc#1245728 * bsc#1251135 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1252803 * bsc#1253049 * bsc#1253129 * bsc#1255687 * bsc#1256504 * bsc#1256647 * bsc#1256690 * bsc#1257466 * bsc#1257472 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257773 * bsc#1257777 * bsc#1258280 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258476 * bsc#1259188 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259866 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260500 * bsc#1260562 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261496 * bsc#1261498 * jsc#PED-15582 Cross-References: * CVE-2024-38542 * CVE-2025-39998 * CVE-2025-68794 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23215 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23259 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23386 * CVE-2026-23398 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23259 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23259 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Real Time Module 15-SP7 An update that solves 40 vulnerabilities, contains one feature and has 17 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23259: io_uring/rw: free potentially allocated iovec on cache put failure (bsc#1259866). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: boards: fix unmet dependency on PINCTRL (git-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: cs42l43: Report insert for exotic peripherals (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: ISO: Fix defer tests being unstable (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (git-fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req (git- fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Bluetooth: qca: fix ROM version reading on WCN3998 chips (git-fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans)" changes (bsc#1257506). * Revert "drm/i915/display: Add quirk to skip retraining of dp link" (bsc#1253129). * Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug" (git-fixes). * USB: add QUIRK_NO_BOS for video capture several devices (stable-fixes). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * cifs: Fix locking usage for tcon fields (git-fixes). * cifs: force interface update before a fresh session setup (git-fixes). * cifs: make default value of retrans as zero (git-fixes). * cifs: some missing initializations on replay (git-fixes). * comedi: Reinit dev->spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * cpufreq/amd-pstate: Remove the redundant verify() function (bsc#1252803). * cpufreq/amd-pstate: Set the initial min_freq to lowest_nonlinear_freq (bsc#1252803). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Do not skip unrelated mode changes in DSC validation (git- fixes). * drm/amd/display: Fallback to boot snapshot for dispclk (stable-fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END} (git-fixes). * drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v14 (git-fixes). * drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x (stable-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amd: fix dcn 2.01 check (git-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub4.1.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/vcn5: Add SMU dpm interface type (stable-fixes). * drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB (git-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix kernel-doc comments for some LUT properties (git-fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: fix gpu idle power consumption issue for gfx v12 (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/amdgpu: prevent immediate PASID reuse case (stable-fixes). * drm/amdkfd: Unreserve bo if queue update failed (git-fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/exynos/vidi: Remove redundant error handling in vidi_get_modes() (stable-fixes). * drm/exynos: vidi: fix to avoid directly dereferencing user pointer (stable- fixes). * drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free (stable-fixes). * drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/dp_tunnel: Fix error handling when clearing stream BW in atomic state (git-fixes). * drm/i915/dsc: Add Selective Update register definitions (stable-fixes). * drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). * drm/i915/dsi: Do not do DSC horizontal timing adjustments in command mode (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/imagination: Fix deadlock in soft reset sequence (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/msm: Fix dma_free_attrs() buffer size (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/ttm/tests: Fix build failure on PREEMPT_RT (stable-fixes). * drm/xe/oa: Allow reading after disabling OA stream (git-fixes). * drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). * drm/xe: Do not preempt fence signaling CS instructions (git-fixes). * drm/xe: Open-code GGTT MMIO access protection (git-fixes). * drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment (git-fixes). * mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations (stable-fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mana: Null service_wq on setup error to prevent double destroy (git- fixes). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). * nvme: expose active quirks in sysfs (bsc#1243208). Refresh: * nvme: fix memory leak in quirks_param_set() (bsc#1243208). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * s390/debug: Pass in and enforce output buffer size for format handlers (jsc#PED-15582). * scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). * scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * smb: client: add proper locking around ses->iface_last_update (git-fixes). * smb: client: fix broken multichannel with krb5+signing (git-fixes). * smb: client: fix cifs_pick_channel when channels are equally loaded (git- fixes). * smb: client: fix in-place encryption corruption in SMB2_write() (git-fixes). * smb: client: fix krb5 mount with username option (git-fixes). * smb: client: prevent races in ->query_interfaces() (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: core: new quirk to handle devices with zero configurations (stable- fixes). * usb: core: phy: avoid double use of 'usb3-phy' (git-fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * vhost: fix caching attributes of MMIO regions by setting them explicitly (git-fixes). * vmw_vsock: bypass false-positive Wnonnull warning with gcc-16 (git-fixes). * watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504). * wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session (git-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). * xenbus: Use .freeze/.thaw to handle xenbus devices (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1573=1 * SUSE Real Time Module 15-SP7 zypper in -t patch SUSE-SLE-Module-RT-15-SP7-2026-1573=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_11-debugsource-1-150700.1.3.1 * kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1 * kernel-livepatch-6_4_0-150700_7_37-rt-debuginfo-1-150700.1.3.1 * SUSE Real Time Module 15-SP7 (x86_64) * dlm-kmp-rt-6.4.0-150700.7.37.2 * dlm-kmp-rt-debuginfo-6.4.0-150700.7.37.2 * kernel-syms-rt-6.4.0-150700.7.37.1 * cluster-md-kmp-rt-debuginfo-6.4.0-150700.7.37.2 * kernel-rt-devel-debuginfo-6.4.0-150700.7.37.2 * kernel-rt-devel-6.4.0-150700.7.37.2 * ocfs2-kmp-rt-6.4.0-150700.7.37.2 * kernel-rt-debugsource-6.4.0-150700.7.37.2 * ocfs2-kmp-rt-debuginfo-6.4.0-150700.7.37.2 * cluster-md-kmp-rt-6.4.0-150700.7.37.2 * gfs2-kmp-rt-6.4.0-150700.7.37.2 * kernel-rt-debuginfo-6.4.0-150700.7.37.2 * gfs2-kmp-rt-debuginfo-6.4.0-150700.7.37.2 * SUSE Real Time Module 15-SP7 (noarch) * kernel-devel-rt-6.4.0-150700.7.37.2 * kernel-source-rt-6.4.0-150700.7.37.2 * SUSE Real Time Module 15-SP7 (nosrc x86_64) * kernel-rt-6.4.0-150700.7.37.2 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23215.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23259.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1243208 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1252803 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1255687 * https://bugzilla.suse.com/show_bug.cgi?id=1256504 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258476 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259866 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://jira.suse.com/browse/PED-15582 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 20:31:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 20:31:37 -0000 Subject: SUSE-SU-2026:1577-1: important: Security update for openssl-1_1 Message-ID: <177697629760.1901.17699598788376569013@a0a563bcf2df> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1577-1 Release Date: 2026-04-23T15:53:50Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1261678 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-28390 * CVE-2026-31789 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28387 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31789 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1577=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1577=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1577=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * openssl-1_1-debugsource-1.1.1w-150600.5.26.2 * libopenssl1_1-1.1.1w-150600.5.26.2 * openssl-1_1-1.1.1w-150600.5.26.2 * libopenssl-1_1-devel-1.1.1w-150600.5.26.2 * openssl-1_1-debuginfo-1.1.1w-150600.5.26.2 * libopenssl1_1-debuginfo-1.1.1w-150600.5.26.2 * openSUSE Leap 15.6 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.26.2 * libopenssl-1_1-devel-32bit-1.1.1w-150600.5.26.2 * libopenssl1_1-32bit-1.1.1w-150600.5.26.2 * openSUSE Leap 15.6 (noarch) * openssl-1_1-doc-1.1.1w-150600.5.26.2 * openSUSE Leap 15.6 (aarch64_ilp32) * libopenssl-1_1-devel-64bit-1.1.1w-150600.5.26.2 * libopenssl1_1-64bit-debuginfo-1.1.1w-150600.5.26.2 * libopenssl1_1-64bit-1.1.1w-150600.5.26.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1w-150600.5.26.2 * libopenssl1_1-1.1.1w-150600.5.26.2 * openssl-1_1-1.1.1w-150600.5.26.2 * libopenssl-1_1-devel-1.1.1w-150600.5.26.2 * openssl-1_1-debuginfo-1.1.1w-150600.5.26.2 * libopenssl1_1-debuginfo-1.1.1w-150600.5.26.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.26.2 * libopenssl1_1-32bit-1.1.1w-150600.5.26.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * openssl-1_1-debugsource-1.1.1w-150600.5.26.2 * libopenssl1_1-1.1.1w-150600.5.26.2 * openssl-1_1-1.1.1w-150600.5.26.2 * libopenssl-1_1-devel-1.1.1w-150600.5.26.2 * openssl-1_1-debuginfo-1.1.1w-150600.5.26.2 * libopenssl1_1-debuginfo-1.1.1w-150600.5.26.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.26.2 * libopenssl1_1-32bit-1.1.1w-150600.5.26.2 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 20:31:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 20:31:40 -0000 Subject: SUSE-SU-2026:1576-1: important: Security update for gdk-pixbuf Message-ID: <177697630082.1901.17807801388442566031@a0a563bcf2df> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:1576-1 Release Date: 2026-04-23T15:53:32Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1576=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1576=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1576=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1576=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libgdk_pixbuf-2_0-0-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-debugsource-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-2.42.12-150600.3.11.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.11.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-2.42.12-150600.3.11.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-thumbnailer-2.42.12-150600.3.11.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.11.1 * Basesystem Module 15-SP7 (noarch) * gdk-pixbuf-lang-2.42.12-150600.3.11.1 * Basesystem Module 15-SP7 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.11.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.11.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libgdk_pixbuf-2_0-0-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-debugsource-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-2.42.12-150600.3.11.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.11.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-2.42.12-150600.3.11.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-thumbnailer-2.42.12-150600.3.11.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.11.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * gdk-pixbuf-lang-2.42.12-150600.3.11.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.11.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libgdk_pixbuf-2_0-0-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-debugsource-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-2.42.12-150600.3.11.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.11.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-2.42.12-150600.3.11.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-thumbnailer-2.42.12-150600.3.11.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * gdk-pixbuf-lang-2.42.12-150600.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.11.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.11.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libgdk_pixbuf-2_0-0-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-debugsource-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-2.42.12-150600.3.11.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150600.3.11.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-2.42.12-150600.3.11.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-thumbnailer-2.42.12-150600.3.11.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150600.3.11.1 * openSUSE Leap 15.6 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-32bit-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-32bit-debuginfo-2.42.12-150600.3.11.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150600.3.11.1 * openSUSE Leap 15.6 (noarch) * gdk-pixbuf-lang-2.42.12-150600.3.11.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libgdk_pixbuf-2_0-0-64bit-2.42.12-150600.3.11.1 * libgdk_pixbuf-2_0-0-64bit-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-64bit-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-64bit-2.42.12-150600.3.11.1 * gdk-pixbuf-devel-64bit-debuginfo-2.42.12-150600.3.11.1 * gdk-pixbuf-query-loaders-64bit-debuginfo-2.42.12-150600.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 20:31:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 20:31:52 -0000 Subject: SUSE-SU-2026:1575-1: important: Security update for the Linux Kernel Message-ID: <177697631203.1901.3529214655085781936@a0a563bcf2df> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1575-1 Release Date: 2026-04-23T15:53:10Z Rating: important References: * bsc#1246057 * bsc#1257773 * bsc#1259797 * bsc#1260005 * bsc#1260009 * bsc#1260486 * bsc#1260730 Cross-References: * CVE-2025-38234 * CVE-2026-23103 * CVE-2026-23243 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23293 * CVE-2026-23398 CVSS scores: * CVE-2025-38234 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves seven vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1575=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1575=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.241.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.241.1 * kernel-rt-debugsource-5.3.18-150300.241.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-source-rt-5.3.18-150300.241.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.241.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.241.1 * kernel-rt-debugsource-5.3.18-150300.241.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-source-rt-5.3.18-150300.241.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38234.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://bugzilla.suse.com/show_bug.cgi?id=1246057 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 20:32:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 20:32:07 -0000 Subject: SUSE-SU-2026:1574-1: important: Security update for the Linux Kernel Message-ID: <177697632773.1901.2720649154114252045@a0a563bcf2df> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1574-1 Release Date: 2026-04-23T15:52:59Z Rating: important References: * bsc#1215492 * bsc#1246057 * bsc#1256675 * bsc#1257773 * bsc#1259797 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260562 Cross-References: * CVE-2025-38234 * CVE-2025-68818 * CVE-2026-23103 * CVE-2026-23243 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23317 CVSS scores: * CVE-2025-38234 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves seven vulnerabilities and has two security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). * CVE-2025-68818: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (bsc#1256675). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). The following non-security bugs were fixed: * PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). * PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). * PCI: Fix pci_slot_trylock() error handling (git-fixes). * PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). * PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). * nvme-fc: use ctrl state getter (git-fixes bsc#1215492). * nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). * nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1574=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1574=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.127.1 * kernel-devel-rt-5.14.21-150500.13.127.1 * openSUSE Leap 15.5 (x86_64) * dlm-kmp-rt-5.14.21-150500.13.127.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.127.1 * kernel-rt-devel-5.14.21-150500.13.127.1 * kernel-rt-optional-5.14.21-150500.13.127.1 * reiserfs-kmp-rt-5.14.21-150500.13.127.1 * kernel-rt_debug-vdso-5.14.21-150500.13.127.1 * kernel-rt-extra-5.14.21-150500.13.127.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.127.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.127.1 * ocfs2-kmp-rt-5.14.21-150500.13.127.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.127.1 * gfs2-kmp-rt-5.14.21-150500.13.127.1 * kernel-rt-debugsource-5.14.21-150500.13.127.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.127.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.127.1 * kernel-syms-rt-5.14.21-150500.13.127.1 * kernel-rt-livepatch-5.14.21-150500.13.127.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.127.1 * kernel-rt-debuginfo-5.14.21-150500.13.127.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.127.1 * kselftests-kmp-rt-5.14.21-150500.13.127.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.127.1 * cluster-md-kmp-rt-5.14.21-150500.13.127.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.127.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.127.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.127.1 * kernel-rt-vdso-5.14.21-150500.13.127.1 * kernel-rt_debug-devel-5.14.21-150500.13.127.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.127.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.127.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.127.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.127.1 * kernel-rt_debug-5.14.21-150500.13.127.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-source-rt-5.14.21-150500.13.127.1 * kernel-devel-rt-5.14.21-150500.13.127.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.127.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.127.1 * kernel-rt-debugsource-5.14.21-150500.13.127.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38234.html * https://www.suse.com/security/cve/CVE-2025-68818.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://bugzilla.suse.com/show_bug.cgi?id=1215492 * https://bugzilla.suse.com/show_bug.cgi?id=1246057 * https://bugzilla.suse.com/show_bug.cgi?id=1256675 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 20:32:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 20:32:22 -0000 Subject: SUSE-SU-2026:1572-1: important: Security update for tomcat Message-ID: <177697634280.1901.14671800085593093978@a0a563bcf2df> # Security update for tomcat Announcement ID: SUSE-SU-2026:1572-1 Release Date: 2026-04-23T15:52:28Z Rating: important References: * bsc#1258371 * bsc#1261850 * bsc#1261851 * bsc#1261852 * bsc#1261853 * bsc#1261854 * bsc#1261855 * bsc#1261856 * bsc#1261857 Cross-References: * CVE-2025-66614 * CVE-2026-24880 * CVE-2026-25854 * CVE-2026-29129 * CVE-2026-29145 * CVE-2026-29146 * CVE-2026-32990 * CVE-2026-34483 * CVE-2026-34486 * CVE-2026-34487 * CVE-2026-34500 CVSS scores: * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-25854 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29145 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29146 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-32990 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34483 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34500 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: Security fixes: * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). * CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371). Other fixes: * Update to Tomcat 9.0.117 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1572=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1572=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * tomcat-javadoc-9.0.117-3.163.2 * tomcat-el-3_0-api-9.0.117-3.163.2 * tomcat-docs-webapp-9.0.117-3.163.2 * tomcat-lib-9.0.117-3.163.2 * tomcat-9.0.117-3.163.2 * tomcat-servlet-4_0-api-9.0.117-3.163.2 * tomcat-jsp-2_3-api-9.0.117-3.163.2 * tomcat-admin-webapps-9.0.117-3.163.2 * tomcat-webapps-9.0.117-3.163.2 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * tomcat-javadoc-9.0.117-3.163.2 * tomcat-el-3_0-api-9.0.117-3.163.2 * tomcat-docs-webapp-9.0.117-3.163.2 * tomcat-lib-9.0.117-3.163.2 * tomcat-9.0.117-3.163.2 * tomcat-servlet-4_0-api-9.0.117-3.163.2 * tomcat-jsp-2_3-api-9.0.117-3.163.2 * tomcat-admin-webapps-9.0.117-3.163.2 * tomcat-webapps-9.0.117-3.163.2 ## References: * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24880.html * https://www.suse.com/security/cve/CVE-2026-25854.html * https://www.suse.com/security/cve/CVE-2026-29129.html * https://www.suse.com/security/cve/CVE-2026-29145.html * https://www.suse.com/security/cve/CVE-2026-29146.html * https://www.suse.com/security/cve/CVE-2026-32990.html * https://www.suse.com/security/cve/CVE-2026-34483.html * https://www.suse.com/security/cve/CVE-2026-34486.html * https://www.suse.com/security/cve/CVE-2026-34487.html * https://www.suse.com/security/cve/CVE-2026-34500.html * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1261850 * https://bugzilla.suse.com/show_bug.cgi?id=1261851 * https://bugzilla.suse.com/show_bug.cgi?id=1261852 * https://bugzilla.suse.com/show_bug.cgi?id=1261853 * https://bugzilla.suse.com/show_bug.cgi?id=1261854 * https://bugzilla.suse.com/show_bug.cgi?id=1261855 * https://bugzilla.suse.com/show_bug.cgi?id=1261856 * https://bugzilla.suse.com/show_bug.cgi?id=1261857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 20:32:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 20:32:25 -0000 Subject: SUSE-SU-2026:1571-1: important: Security update for ntfs-3g_ntfsprogs Message-ID: <177697634578.1901.17630230977439704135@a0a563bcf2df> # Security update for ntfs-3g_ntfsprogs Announcement ID: SUSE-SU-2026:1571-1 Release Date: 2026-04-23T15:52:10Z Rating: important References: * bsc#1262216 Cross-References: * CVE-2026-40706 CVSS scores: * CVE-2026-40706 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40706 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40706 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ntfs-3g_ntfsprogs fixes the following issue: * CVE-2026-40706: heap buffer overflow in ntfs_build_permissions_posix() in acls.c (bsc#1262216). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1571=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1571=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1571=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1571=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * ntfs-3g-debuginfo-2022.5.17-150000.3.24.1 * ntfsprogs-2022.5.17-150000.3.24.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.24.1 * ntfs-3g-2022.5.17-150000.3.24.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.24.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.24.1 * libntfs-3g-devel-2022.5.17-150000.3.24.1 * libntfs-3g87-debuginfo-2022.5.17-150000.3.24.1 * libntfs-3g87-2022.5.17-150000.3.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * ntfs-3g-debuginfo-2022.5.17-150000.3.24.1 * ntfsprogs-2022.5.17-150000.3.24.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.24.1 * ntfs-3g-2022.5.17-150000.3.24.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.24.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.24.1 * libntfs-3g-devel-2022.5.17-150000.3.24.1 * libntfs-3g87-debuginfo-2022.5.17-150000.3.24.1 * libntfs-3g87-2022.5.17-150000.3.24.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ntfs-3g-debuginfo-2022.5.17-150000.3.24.1 * ntfsprogs-2022.5.17-150000.3.24.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.24.1 * ntfs-3g-2022.5.17-150000.3.24.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.24.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.24.1 * libntfs-3g87-debuginfo-2022.5.17-150000.3.24.1 * libntfs-3g87-2022.5.17-150000.3.24.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libntfs-3g-devel-2022.5.17-150000.3.24.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.24.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40706.html * https://bugzilla.suse.com/show_bug.cgi?id=1262216 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 20:32:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 20:32:35 -0000 Subject: SUSE-SU-2026:1568-1: moderate: Security update for haproxy Message-ID: <177697635525.1901.18085101333219481420@a0a563bcf2df> # Security update for haproxy Announcement ID: SUSE-SU-2026:1568-1 Release Date: 2026-04-23T12:11:11Z Rating: moderate References: * bsc#1262103 Cross-References: * CVE-2026-33555 CVSS scores: * CVE-2026-33555 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N * CVE-2026-33555 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-33555 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for haproxy fixes the following issue: * CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization (bsc#1262103). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1568=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1568=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-1568=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * haproxy-2.8.11+git0.01c1056a4-150600.3.12.1 * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.12.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * haproxy-2.8.11+git0.01c1056a4-150600.3.12.1 * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.12.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * haproxy-2.8.11+git0.01c1056a4-150600.3.12.1 * haproxy-debugsource-2.8.11+git0.01c1056a4-150600.3.12.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-150600.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33555.html * https://bugzilla.suse.com/show_bug.cgi?id=1262103 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 23 20:32:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 23 Apr 2026 20:32:38 -0000 Subject: SUSE-SU-2026:1567-1: critical: Security update for perl Message-ID: <177697635848.1901.12720421261114108096@a0a563bcf2df> # Security update for perl Announcement ID: SUSE-SU-2026:1567-1 Release Date: 2026-04-23T12:10:59Z Rating: critical References: * bsc#1262486 Cross-References: * CVE-2017-20230 CVSS scores: * CVE-2017-20230 ( SUSE ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2017-20230 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for perl fixes the following issue: * CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow (bsc#1262486). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1567=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1567=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * perl-5.18.2-12.32.1 * perl-debuginfo-5.18.2-12.32.1 * perl-base-debuginfo-5.18.2-12.32.1 * perl-debugsource-5.18.2-12.32.1 * perl-base-5.18.2-12.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * perl-doc-5.18.2-12.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * perl-debuginfo-32bit-5.18.2-12.32.1 * perl-32bit-5.18.2-12.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * perl-5.18.2-12.32.1 * perl-debuginfo-5.18.2-12.32.1 * perl-base-debuginfo-5.18.2-12.32.1 * perl-debuginfo-32bit-5.18.2-12.32.1 * perl-debugsource-5.18.2-12.32.1 * perl-base-5.18.2-12.32.1 * perl-32bit-5.18.2-12.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * perl-doc-5.18.2-12.32.1 ## References: * https://www.suse.com/security/cve/CVE-2017-20230.html * https://bugzilla.suse.com/show_bug.cgi?id=1262486 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 08:31:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 08:31:29 -0000 Subject: SUSE-SU-2026:1583-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) Message-ID: <177701948964.2597.14187086281997195936@a0a563bcf2df> # Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1583-1 Release Date: 2026-04-23T17:04:03Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1583=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1583=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_17-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-4-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-4-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_17-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_78-default-4-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-4-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_17-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_78-default-4-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_17-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-4-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 08:32:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 08:32:54 -0000 Subject: SUSE-SU-2026:1578-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4) Message-ID: <177701957432.2576.9732924854850768843@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1578-1 Release Date: 2026-04-23T16:06:07Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.158 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1578=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1578=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_158-default-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_38-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-17-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_158-default-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_38-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-17-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 08:33:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 08:33:07 -0000 Subject: SUSE-SU-2026:1582-1: low: Security update for python-pyOpenSSL Message-ID: <177701958724.2576.8298666609619787967@d4c6dfb45de4> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:1582-1 Release Date: 2026-04-23T16:48:47Z Rating: low References: * bsc#1259804 Cross-References: * CVE-2026-27448 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issue: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1582=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python3-pyOpenSSL-17.1.0-4.32.1 * python-pyOpenSSL-17.1.0-4.32.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 08:33:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 08:33:23 -0000 Subject: SUSE-SU-2026:1581-1: important: Security update for go1.25-openssl Message-ID: <177701960378.2576.15905709218787059515@d4c6dfb45de4> # Security update for go1.25-openssl Announcement ID: SUSE-SU-2026:1581-1 Release Date: 2026-04-23T16:39:20Z Rating: important References: * bsc#1244485 * bsc#1261653 * bsc#1261654 * bsc#1261655 * bsc#1261656 * bsc#1261657 * bsc#1261658 * bsc#1261659 * bsc#1261660 * bsc#1261661 * jsc#SLE-18320 Cross-References: * CVE-2026-27140 * CVE-2026-27143 * CVE-2026-27144 * CVE-2026-32280 * CVE-2026-32281 * CVE-2026-32282 * CVE-2026-32283 * CVE-2026-32288 * CVE-2026-32289 CVSS scores: * CVE-2026-27140 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32280 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves nine vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for go1.25-openssl fixes the following issues: * Update to go1.25.9 (bsc#1244485). * CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). * CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). * CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). * CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). * CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). * CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). * CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1581=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1581=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1581=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1581=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1581=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1581=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1581=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1581=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.25-openssl-debuginfo-1.25.9-150000.1.21.1 * go1.25-openssl-race-1.25.9-150000.1.21.1 * go1.25-openssl-1.25.9-150000.1.21.1 * go1.25-openssl-doc-1.25.9-150000.1.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.25-openssl-debuginfo-1.25.9-150000.1.21.1 * go1.25-openssl-race-1.25.9-150000.1.21.1 * go1.25-openssl-1.25.9-150000.1.21.1 * go1.25-openssl-doc-1.25.9-150000.1.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.25-openssl-debuginfo-1.25.9-150000.1.21.1 * go1.25-openssl-race-1.25.9-150000.1.21.1 * go1.25-openssl-1.25.9-150000.1.21.1 * go1.25-openssl-doc-1.25.9-150000.1.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.25-openssl-debuginfo-1.25.9-150000.1.21.1 * go1.25-openssl-race-1.25.9-150000.1.21.1 * go1.25-openssl-1.25.9-150000.1.21.1 * go1.25-openssl-doc-1.25.9-150000.1.21.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-openssl-debuginfo-1.25.9-150000.1.21.1 * go1.25-openssl-race-1.25.9-150000.1.21.1 * go1.25-openssl-1.25.9-150000.1.21.1 * go1.25-openssl-doc-1.25.9-150000.1.21.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-openssl-debuginfo-1.25.9-150000.1.21.1 * go1.25-openssl-race-1.25.9-150000.1.21.1 * go1.25-openssl-1.25.9-150000.1.21.1 * go1.25-openssl-doc-1.25.9-150000.1.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.25-openssl-debuginfo-1.25.9-150000.1.21.1 * go1.25-openssl-race-1.25.9-150000.1.21.1 * go1.25-openssl-1.25.9-150000.1.21.1 * go1.25-openssl-doc-1.25.9-150000.1.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.25-openssl-debuginfo-1.25.9-150000.1.21.1 * go1.25-openssl-race-1.25.9-150000.1.21.1 * go1.25-openssl-1.25.9-150000.1.21.1 * go1.25-openssl-doc-1.25.9-150000.1.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27140.html * https://www.suse.com/security/cve/CVE-2026-27143.html * https://www.suse.com/security/cve/CVE-2026-27144.html * https://www.suse.com/security/cve/CVE-2026-32280.html * https://www.suse.com/security/cve/CVE-2026-32281.html * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32283.html * https://www.suse.com/security/cve/CVE-2026-32288.html * https://www.suse.com/security/cve/CVE-2026-32289.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1261653 * https://bugzilla.suse.com/show_bug.cgi?id=1261654 * https://bugzilla.suse.com/show_bug.cgi?id=1261655 * https://bugzilla.suse.com/show_bug.cgi?id=1261656 * https://bugzilla.suse.com/show_bug.cgi?id=1261657 * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1261659 * https://bugzilla.suse.com/show_bug.cgi?id=1261660 * https://bugzilla.suse.com/show_bug.cgi?id=1261661 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 08:35:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 08:35:02 -0000 Subject: SUSE-SU-2026:1580-1: important: Security update for go1.26-openssl Message-ID: <177701970227.2576.7577741085751308135@d4c6dfb45de4> # Security update for go1.26-openssl Announcement ID: SUSE-SU-2026:1580-1 Release Date: 2026-04-23T16:38:36Z Rating: important References: * bsc#1255111 * bsc#1261653 * bsc#1261654 * bsc#1261655 * bsc#1261656 * bsc#1261657 * bsc#1261658 * bsc#1261659 * bsc#1261660 * bsc#1261661 * bsc#1261662 * jsc#SLE-18320 Cross-References: * CVE-2026-27140 * CVE-2026-27143 * CVE-2026-27144 * CVE-2026-32280 * CVE-2026-32281 * CVE-2026-32282 * CVE-2026-32283 * CVE-2026-32288 * CVE-2026-32289 * CVE-2026-33810 CVSS scores: * CVE-2026-27140 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32280 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-33810 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33810 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 10 vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for go1.26-openssl fixes the following issues: * Update to go1.26.2 (bsc#1255111). * CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). * CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). * CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). * CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). * CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). * CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). * CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). * CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains (bsc#1261662). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1580=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1580=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1580=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1580=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1580=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1580=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1580=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1580=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.26-openssl-doc-1.26.2-150000.1.6.1 * go1.26-openssl-1.26.2-150000.1.6.1 * go1.26-openssl-race-1.26.2-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.26-openssl-doc-1.26.2-150000.1.6.1 * go1.26-openssl-1.26.2-150000.1.6.1 * go1.26-openssl-race-1.26.2-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.26-openssl-doc-1.26.2-150000.1.6.1 * go1.26-openssl-1.26.2-150000.1.6.1 * go1.26-openssl-race-1.26.2-150000.1.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.26-openssl-doc-1.26.2-150000.1.6.1 * go1.26-openssl-1.26.2-150000.1.6.1 * go1.26-openssl-race-1.26.2-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-openssl-doc-1.26.2-150000.1.6.1 * go1.26-openssl-1.26.2-150000.1.6.1 * go1.26-openssl-race-1.26.2-150000.1.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-openssl-doc-1.26.2-150000.1.6.1 * go1.26-openssl-1.26.2-150000.1.6.1 * go1.26-openssl-race-1.26.2-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.26-openssl-doc-1.26.2-150000.1.6.1 * go1.26-openssl-1.26.2-150000.1.6.1 * go1.26-openssl-race-1.26.2-150000.1.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.26-openssl-doc-1.26.2-150000.1.6.1 * go1.26-openssl-1.26.2-150000.1.6.1 * go1.26-openssl-race-1.26.2-150000.1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27140.html * https://www.suse.com/security/cve/CVE-2026-27143.html * https://www.suse.com/security/cve/CVE-2026-27144.html * https://www.suse.com/security/cve/CVE-2026-32280.html * https://www.suse.com/security/cve/CVE-2026-32281.html * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32283.html * https://www.suse.com/security/cve/CVE-2026-32288.html * https://www.suse.com/security/cve/CVE-2026-32289.html * https://www.suse.com/security/cve/CVE-2026-33810.html * https://bugzilla.suse.com/show_bug.cgi?id=1255111 * https://bugzilla.suse.com/show_bug.cgi?id=1261653 * https://bugzilla.suse.com/show_bug.cgi?id=1261654 * https://bugzilla.suse.com/show_bug.cgi?id=1261655 * https://bugzilla.suse.com/show_bug.cgi?id=1261656 * https://bugzilla.suse.com/show_bug.cgi?id=1261657 * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1261659 * https://bugzilla.suse.com/show_bug.cgi?id=1261660 * https://bugzilla.suse.com/show_bug.cgi?id=1261661 * https://bugzilla.suse.com/show_bug.cgi?id=1261662 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 12:30:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 12:30:07 -0000 Subject: SUSE-SU-2026:1584-1: important: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) Message-ID: <177703380729.2667.11773943848281660908@4f4cd7bf4343> # Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1584-1 Release Date: 2026-04-24T06:34:01Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1584=1 SUSE-SLE-Live- Patching-12-SP5-2026-1585=1 SUSE-SLE-Live-Patching-12-SP5-2026-1586=1 SUSE-SLE- Live-Patching-12-SP5-2026-1587=1 SUSE-SLE-Live-Patching-12-SP5-2026-1588=1 SUSE- SLE-Live-Patching-12-SP5-2026-1589=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1591=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1591=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_290-default-5-2.1 * kgraft-patch-4_12_14-122_275-default-7-2.1 * kgraft-patch-4_12_14-122_283-default-5-2.1 * kgraft-patch-4_12_14-122_293-default-4-2.1 * kgraft-patch-4_12_14-122_272-default-9-2.1 * kgraft-patch-4_12_14-122_280-default-5-2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_47-debugsource-5-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-5-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_47-debugsource-5-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:30:05 -0000 Subject: SUSE-SU-2026:1592-1: important: Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise 15 SP4) Message-ID: <177704820554.3109.11111770750269756994@a0a563bcf2df> # Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1592-1 Release Date: 2026-04-24T09:04:09Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.194 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1592=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1592=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_48-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-3-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_48-debugsource-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-3-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-3-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:30:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:30:10 -0000 Subject: SUSE-SU-2026:1608-1: moderate: Security update for python-ecdsa Message-ID: <177704821017.3109.13147977835179473618@a0a563bcf2df> # Security update for python-ecdsa Announcement ID: SUSE-SU-2026:1608-1 Release Date: 2026-04-24T11:51:39Z Rating: moderate References: * bsc#1261009 Cross-References: * CVE-2026-33936 CVSS scores: * CVE-2026-33936 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33936 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33936 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-ecdsa fixes the following issues: * CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions (bsc#1261009). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1608=1 ## Package List: * Basesystem Module 15-SP7 (noarch) * python3-ecdsa-0.13.3-150000.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33936.html * https://bugzilla.suse.com/show_bug.cgi?id=1261009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:30:16 -0000 Subject: SUSE-SU-2026:1607-1: important: Security update for vim Message-ID: <177704821636.3109.12199664674257764862@a0a563bcf2df> # Security update for vim Announcement ID: SUSE-SU-2026:1607-1 Release Date: 2026-04-24T11:51:19Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Update to version 9.2.0280. * CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). * CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). * CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1607=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1607=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1607=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1607=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1607=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1607=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1607=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1607=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1607=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1607=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1607=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * vim-small-9.2.0280-150500.20.46.1 * gvim-debuginfo-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-9.2.0280-150500.20.46.1 * gvim-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * openSUSE Leap 15.5 (noarch) * vim-data-9.2.0280-150500.20.46.1 * vim-data-common-9.2.0280-150500.20.46.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * vim-small-9.2.0280-150500.20.46.1 * gvim-debuginfo-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-9.2.0280-150500.20.46.1 * gvim-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * openSUSE Leap 15.6 (noarch) * vim-data-9.2.0280-150500.20.46.1 * vim-data-common-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * vim-data-common-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-small-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * vim-small-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * Basesystem Module 15-SP7 (noarch) * vim-data-9.2.0280-150500.20.46.1 * vim-data-common-9.2.0280-150500.20.46.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * gvim-9.2.0280-150500.20.46.1 * gvim-debuginfo-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * vim-small-9.2.0280-150500.20.46.1 * gvim-debuginfo-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-9.2.0280-150500.20.46.1 * gvim-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * vim-data-9.2.0280-150500.20.46.1 * vim-data-common-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * vim-small-9.2.0280-150500.20.46.1 * gvim-debuginfo-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-9.2.0280-150500.20.46.1 * gvim-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * vim-data-9.2.0280-150500.20.46.1 * vim-data-common-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * vim-small-9.2.0280-150500.20.46.1 * gvim-debuginfo-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-9.2.0280-150500.20.46.1 * gvim-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * vim-data-9.2.0280-150500.20.46.1 * vim-data-common-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * vim-small-9.2.0280-150500.20.46.1 * gvim-debuginfo-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-9.2.0280-150500.20.46.1 * gvim-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * vim-data-9.2.0280-150500.20.46.1 * vim-data-common-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * vim-small-9.2.0280-150500.20.46.1 * gvim-debuginfo-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-9.2.0280-150500.20.46.1 * gvim-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * vim-data-9.2.0280-150500.20.46.1 * vim-data-common-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * vim-small-9.2.0280-150500.20.46.1 * gvim-debuginfo-9.2.0280-150500.20.46.1 * vim-debuginfo-9.2.0280-150500.20.46.1 * vim-small-debuginfo-9.2.0280-150500.20.46.1 * vim-9.2.0280-150500.20.46.1 * gvim-9.2.0280-150500.20.46.1 * vim-debugsource-9.2.0280-150500.20.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * vim-data-9.2.0280-150500.20.46.1 * vim-data-common-9.2.0280-150500.20.46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:30:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:30:32 -0000 Subject: SUSE-SU-2026:1606-1: important: Security update for the Linux Kernel Message-ID: <177704823201.3109.1601644783462734619@a0a563bcf2df> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1606-1 Release Date: 2026-04-24T11:50:26Z Rating: important References: * bsc#1215492 * bsc#1246057 * bsc#1256675 * bsc#1257773 * bsc#1259797 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260562 Cross-References: * CVE-2025-38234 * CVE-2025-68818 * CVE-2026-23103 * CVE-2026-23243 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23317 CVSS scores: * CVE-2025-38234 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities and has two security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). The following non security issues were fixed: * nvme-fc: use ctrl state getter (git-fixes bsc#1215492). * nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). * nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). * PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). * PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). * PCI: Fix pci_slot_trylock() error handling (git-fixes). * PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). * PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1606=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1606=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1606=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1606=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1606=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1606=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.144.1.150500.6.71.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.144.1 * kernel-default-debuginfo-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-macros-5.14.21-150500.55.144.1 * kernel-source-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.144.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.144.1 * dlm-kmp-default-5.14.21-150500.55.144.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.144.1 * kernel-obs-build-debugsource-5.14.21-150500.55.144.1 * ocfs2-kmp-default-5.14.21-150500.55.144.1 * gfs2-kmp-default-5.14.21-150500.55.144.1 * kernel-default-debugsource-5.14.21-150500.55.144.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.144.1 * kernel-syms-5.14.21-150500.55.144.1 * kernel-default-base-5.14.21-150500.55.144.1.150500.6.71.1 * cluster-md-kmp-default-5.14.21-150500.55.144.1 * kernel-obs-build-5.14.21-150500.55.144.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.144.1 * kernel-default-debuginfo-5.14.21-150500.55.144.1 * kernel-default-devel-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.144.1 * kernel-64kb-devel-5.14.21-150500.55.144.1 * kernel-64kb-debuginfo-5.14.21-150500.55.144.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * kernel-macros-5.14.21-150500.55.144.1 * kernel-devel-5.14.21-150500.55.144.1 * kernel-source-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.144.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.144.1 * dlm-kmp-default-5.14.21-150500.55.144.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.144.1 * kernel-obs-build-debugsource-5.14.21-150500.55.144.1 * ocfs2-kmp-default-5.14.21-150500.55.144.1 * gfs2-kmp-default-5.14.21-150500.55.144.1 * kernel-default-debugsource-5.14.21-150500.55.144.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.144.1 * kernel-syms-5.14.21-150500.55.144.1 * kernel-default-base-5.14.21-150500.55.144.1.150500.6.71.1 * cluster-md-kmp-default-5.14.21-150500.55.144.1 * kernel-obs-build-5.14.21-150500.55.144.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.144.1 * kernel-default-debuginfo-5.14.21-150500.55.144.1 * kernel-default-devel-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.144.1 * kernel-64kb-devel-5.14.21-150500.55.144.1 * kernel-64kb-debuginfo-5.14.21-150500.55.144.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * kernel-macros-5.14.21-150500.55.144.1 * kernel-devel-5.14.21-150500.55.144.1 * kernel-source-5.14.21-150500.55.144.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.144.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.144.1 * dlm-kmp-default-5.14.21-150500.55.144.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.144.1 * kernel-obs-build-debugsource-5.14.21-150500.55.144.1 * ocfs2-kmp-default-5.14.21-150500.55.144.1 * gfs2-kmp-default-5.14.21-150500.55.144.1 * kernel-default-debugsource-5.14.21-150500.55.144.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.144.1 * kernel-syms-5.14.21-150500.55.144.1 * cluster-md-kmp-default-5.14.21-150500.55.144.1 * reiserfs-kmp-default-5.14.21-150500.55.144.1 * kernel-obs-build-5.14.21-150500.55.144.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.144.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.144.1 * kernel-default-debuginfo-5.14.21-150500.55.144.1 * kernel-default-devel-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.144.1 * kernel-64kb-devel-5.14.21-150500.55.144.1 * kernel-64kb-debuginfo-5.14.21-150500.55.144.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.144.1.150500.6.71.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * kernel-macros-5.14.21-150500.55.144.1 * kernel-devel-5.14.21-150500.55.144.1 * kernel-source-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch nosrc) * kernel-docs-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.144.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.144.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.144.1 * dlm-kmp-default-5.14.21-150500.55.144.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.144.1 * kernel-obs-build-debugsource-5.14.21-150500.55.144.1 * ocfs2-kmp-default-5.14.21-150500.55.144.1 * gfs2-kmp-default-5.14.21-150500.55.144.1 * kernel-default-debugsource-5.14.21-150500.55.144.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.144.1 * kernel-syms-5.14.21-150500.55.144.1 * kernel-default-base-5.14.21-150500.55.144.1.150500.6.71.1 * cluster-md-kmp-default-5.14.21-150500.55.144.1 * reiserfs-kmp-default-5.14.21-150500.55.144.1 * kernel-obs-build-5.14.21-150500.55.144.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.144.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.144.1 * kernel-default-debuginfo-5.14.21-150500.55.144.1 * kernel-default-devel-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * kernel-macros-5.14.21-150500.55.144.1 * kernel-devel-5.14.21-150500.55.144.1 * kernel-source-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.144.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.144.1 * kernel-default-livepatch-devel-5.14.21-150500.55.144.1 * kernel-livepatch-SLE15-SP5_Update_37-debugsource-1-150500.11.3.1 * kernel-default-livepatch-5.14.21-150500.55.144.1 * kernel-livepatch-5_14_21-150500_55_144-default-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_144-default-debuginfo-1-150500.11.3.1 * kernel-default-debuginfo-5.14.21-150500.55.144.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38234.html * https://www.suse.com/security/cve/CVE-2025-68818.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://bugzilla.suse.com/show_bug.cgi?id=1215492 * https://bugzilla.suse.com/show_bug.cgi?id=1246057 * https://bugzilla.suse.com/show_bug.cgi?id=1256675 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:30:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:30:35 -0000 Subject: SUSE-SU-2026:1605-1: moderate: Security update for openssl-3 Message-ID: <177704823514.3109.1506384830676732075@a0a563bcf2df> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1605-1 Release Date: 2026-04-24T11:48:58Z Rating: moderate References: * bsc#1261678 * jsc#PED-15724 Cross-References: * CVE-2026-28390 CVSS scores: * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for openssl-3 fixes the following issue: Security issues fixed: * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). Other updates and bugfixes: * Enable MD2 in legacy provider (jsc#PED-15724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1605=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1605=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1605=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * openssl-3-3.1.4-150600.5.50.1 * openssl-3-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-3.1.4-150600.5.50.1 * libopenssl-3-devel-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-debuginfo-3.1.4-150600.5.50.1 * openssl-3-debugsource-3.1.4-150600.5.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-32bit-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-32bit-3.1.4-150600.5.50.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-3.1.4-150600.5.50.1 * openssl-3-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-3.1.4-150600.5.50.1 * libopenssl-3-devel-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-debuginfo-3.1.4-150600.5.50.1 * openssl-3-debugsource-3.1.4-150600.5.50.1 * openSUSE Leap 15.6 (x86_64) * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.50.1 * libopenssl3-32bit-debuginfo-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-32bit-3.1.4-150600.5.50.1 * libopenssl-3-devel-32bit-3.1.4-150600.5.50.1 * openSUSE Leap 15.6 (noarch) * openssl-3-doc-3.1.4-150600.5.50.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libopenssl-3-fips-provider-64bit-3.1.4-150600.5.50.1 * libopenssl-3-devel-64bit-3.1.4-150600.5.50.1 * libopenssl3-64bit-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-64bit-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-64bit-debuginfo-3.1.4-150600.5.50.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * openssl-3-3.1.4-150600.5.50.1 * openssl-3-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-3.1.4-150600.5.50.1 * libopenssl-3-devel-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-debuginfo-3.1.4-150600.5.50.1 * openssl-3-debugsource-3.1.4-150600.5.50.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.50.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-32bit-debuginfo-3.1.4-150600.5.50.1 * libopenssl3-32bit-3.1.4-150600.5.50.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28390.html * https://bugzilla.suse.com/show_bug.cgi?id=1261678 * https://jira.suse.com/browse/PED-15724 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:30:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:30:50 -0000 Subject: SUSE-SU-2026:1604-1: important: Security update for tomcat Message-ID: <177704825009.3109.6741535276201356490@a0a563bcf2df> # Security update for tomcat Announcement ID: SUSE-SU-2026:1604-1 Release Date: 2026-04-24T11:48:46Z Rating: important References: * bsc#1258371 * bsc#1261850 * bsc#1261851 * bsc#1261852 * bsc#1261853 * bsc#1261854 * bsc#1261855 * bsc#1261856 * bsc#1261857 Cross-References: * CVE-2025-66614 * CVE-2026-24880 * CVE-2026-25854 * CVE-2026-29129 * CVE-2026-29145 * CVE-2026-29146 * CVE-2026-32990 * CVE-2026-34483 * CVE-2026-34486 * CVE-2026-34487 * CVE-2026-34500 CVSS scores: * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-25854 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29145 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29146 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-32990 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34483 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34500 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: Security fixes: * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). * CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371). Other fixes: * Update to Tomcat 9.0.117 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1604=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1604=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1604=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1604=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1604=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1604=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1604=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1604=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1604=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1604=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1604=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * Web and Scripting Module 15-SP7 (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * tomcat-webapps-9.0.117-150200.105.1 * tomcat-servlet-4_0-api-9.0.117-150200.105.1 * tomcat-el-3_0-api-9.0.117-150200.105.1 * tomcat-jsp-2_3-api-9.0.117-150200.105.1 * tomcat-9.0.117-150200.105.1 * tomcat-admin-webapps-9.0.117-150200.105.1 * tomcat-lib-9.0.117-150200.105.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24880.html * https://www.suse.com/security/cve/CVE-2026-25854.html * https://www.suse.com/security/cve/CVE-2026-29129.html * https://www.suse.com/security/cve/CVE-2026-29145.html * https://www.suse.com/security/cve/CVE-2026-29146.html * https://www.suse.com/security/cve/CVE-2026-32990.html * https://www.suse.com/security/cve/CVE-2026-34483.html * https://www.suse.com/security/cve/CVE-2026-34486.html * https://www.suse.com/security/cve/CVE-2026-34487.html * https://www.suse.com/security/cve/CVE-2026-34500.html * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1261850 * https://bugzilla.suse.com/show_bug.cgi?id=1261851 * https://bugzilla.suse.com/show_bug.cgi?id=1261852 * https://bugzilla.suse.com/show_bug.cgi?id=1261853 * https://bugzilla.suse.com/show_bug.cgi?id=1261854 * https://bugzilla.suse.com/show_bug.cgi?id=1261855 * https://bugzilla.suse.com/show_bug.cgi?id=1261856 * https://bugzilla.suse.com/show_bug.cgi?id=1261857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:31:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:31:04 -0000 Subject: SUSE-SU-2026:1603-1: important: Security update for tomcat10 Message-ID: <177704826427.3109.12526336468169228085@a0a563bcf2df> # Security update for tomcat10 Announcement ID: SUSE-SU-2026:1603-1 Release Date: 2026-04-24T11:47:21Z Rating: important References: * bsc#1258371 * bsc#1261850 * bsc#1261851 * bsc#1261852 * bsc#1261853 * bsc#1261854 * bsc#1261855 * bsc#1261856 * bsc#1261857 Cross-References: * CVE-2025-66614 * CVE-2026-24880 * CVE-2026-25854 * CVE-2026-29129 * CVE-2026-29145 * CVE-2026-29146 * CVE-2026-32990 * CVE-2026-34483 * CVE-2026-34486 * CVE-2026-34487 * CVE-2026-34500 CVSS scores: * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-25854 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29145 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29146 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-32990 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34483 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34500 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for tomcat10 fixes the following issues: Security fixes: * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). * CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371). Other fixes: * Update to Tomcat 10.1.54 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1603=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1603=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1603=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1603=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1603=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1603=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1603=1 ## Package List: * Web and Scripting Module 15-SP7 (noarch) * tomcat10-10.1.54-150200.5.64.1 * tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1 * tomcat10-admin-webapps-10.1.54-150200.5.64.1 * tomcat10-el-5_0-api-10.1.54-150200.5.64.1 * tomcat10-lib-10.1.54-150200.5.64.1 * tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1 * tomcat10-webapps-10.1.54-150200.5.64.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * tomcat10-10.1.54-150200.5.64.1 * tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1 * tomcat10-admin-webapps-10.1.54-150200.5.64.1 * tomcat10-el-5_0-api-10.1.54-150200.5.64.1 * tomcat10-lib-10.1.54-150200.5.64.1 * tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1 * tomcat10-webapps-10.1.54-150200.5.64.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tomcat10-10.1.54-150200.5.64.1 * tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1 * tomcat10-admin-webapps-10.1.54-150200.5.64.1 * tomcat10-el-5_0-api-10.1.54-150200.5.64.1 * tomcat10-lib-10.1.54-150200.5.64.1 * tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1 * tomcat10-webapps-10.1.54-150200.5.64.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tomcat10-10.1.54-150200.5.64.1 * tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1 * tomcat10-admin-webapps-10.1.54-150200.5.64.1 * tomcat10-el-5_0-api-10.1.54-150200.5.64.1 * tomcat10-lib-10.1.54-150200.5.64.1 * tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1 * tomcat10-webapps-10.1.54-150200.5.64.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tomcat10-10.1.54-150200.5.64.1 * tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1 * tomcat10-admin-webapps-10.1.54-150200.5.64.1 * tomcat10-el-5_0-api-10.1.54-150200.5.64.1 * tomcat10-lib-10.1.54-150200.5.64.1 * tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1 * tomcat10-webapps-10.1.54-150200.5.64.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * tomcat10-10.1.54-150200.5.64.1 * tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1 * tomcat10-admin-webapps-10.1.54-150200.5.64.1 * tomcat10-el-5_0-api-10.1.54-150200.5.64.1 * tomcat10-lib-10.1.54-150200.5.64.1 * tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1 * tomcat10-webapps-10.1.54-150200.5.64.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tomcat10-10.1.54-150200.5.64.1 * tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1 * tomcat10-admin-webapps-10.1.54-150200.5.64.1 * tomcat10-el-5_0-api-10.1.54-150200.5.64.1 * tomcat10-lib-10.1.54-150200.5.64.1 * tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1 * tomcat10-webapps-10.1.54-150200.5.64.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24880.html * https://www.suse.com/security/cve/CVE-2026-25854.html * https://www.suse.com/security/cve/CVE-2026-29129.html * https://www.suse.com/security/cve/CVE-2026-29145.html * https://www.suse.com/security/cve/CVE-2026-29146.html * https://www.suse.com/security/cve/CVE-2026-32990.html * https://www.suse.com/security/cve/CVE-2026-34483.html * https://www.suse.com/security/cve/CVE-2026-34486.html * https://www.suse.com/security/cve/CVE-2026-34487.html * https://www.suse.com/security/cve/CVE-2026-34500.html * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1261850 * https://bugzilla.suse.com/show_bug.cgi?id=1261851 * https://bugzilla.suse.com/show_bug.cgi?id=1261852 * https://bugzilla.suse.com/show_bug.cgi?id=1261853 * https://bugzilla.suse.com/show_bug.cgi?id=1261854 * https://bugzilla.suse.com/show_bug.cgi?id=1261855 * https://bugzilla.suse.com/show_bug.cgi?id=1261856 * https://bugzilla.suse.com/show_bug.cgi?id=1261857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:31:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:31:07 -0000 Subject: SUSE-SU-2026:1602-1: moderate: Security update for libpng16 Message-ID: <177704826714.3109.18425015531227091171@a0a563bcf2df> # Security update for libpng16 Announcement ID: SUSE-SU-2026:1602-1 Release Date: 2026-04-24T11:46:32Z Rating: moderate References: * bsc#1261957 Cross-References: * CVE-2026-34757 CVSS scores: * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issue: * CVE-2026-34757: information disclosure and data corruption due to use-after- free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1602=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1602=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libpng16-compat-devel-1.6.40-150600.3.20.1 * libpng16-tools-debuginfo-1.6.40-150600.3.20.1 * libpng16-devel-1.6.40-150600.3.20.1 * libpng16-16-1.6.40-150600.3.20.1 * libpng16-tools-1.6.40-150600.3.20.1 * libpng16-debugsource-1.6.40-150600.3.20.1 * libpng16-16-debuginfo-1.6.40-150600.3.20.1 * openSUSE Leap 15.6 (x86_64) * libpng16-16-32bit-1.6.40-150600.3.20.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.20.1 * libpng16-devel-32bit-1.6.40-150600.3.20.1 * libpng16-compat-devel-32bit-1.6.40-150600.3.20.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpng16-compat-devel-64bit-1.6.40-150600.3.20.1 * libpng16-16-64bit-1.6.40-150600.3.20.1 * libpng16-16-64bit-debuginfo-1.6.40-150600.3.20.1 * libpng16-devel-64bit-1.6.40-150600.3.20.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.40-150600.3.20.1 * libpng16-devel-1.6.40-150600.3.20.1 * libpng16-16-1.6.40-150600.3.20.1 * libpng16-debugsource-1.6.40-150600.3.20.1 * libpng16-16-debuginfo-1.6.40-150600.3.20.1 * Basesystem Module 15-SP7 (x86_64) * libpng16-16-32bit-1.6.40-150600.3.20.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1261957 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:31:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:31:10 -0000 Subject: SUSE-SU-2026:1601-1: moderate: Security update for libpng16 Message-ID: <177704827073.3109.14503403586932603163@a0a563bcf2df> # Security update for libpng16 Announcement ID: SUSE-SU-2026:1601-1 Release Date: 2026-04-24T11:46:17Z Rating: moderate References: * bsc#1261957 Cross-References: * CVE-2026-34757 CVSS scores: * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issue: * CVE-2026-34757: information disclosure and data corruption due to use-after- free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1601=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng16-devel-1.6.8-15.24.1 * libpng16-16-1.6.8-15.24.1 * libpng16-16-32bit-1.6.8-15.24.1 * libpng16-16-debuginfo-32bit-1.6.8-15.24.1 * libpng16-debugsource-1.6.8-15.24.1 * libpng16-16-debuginfo-1.6.8-15.24.1 * libpng16-compat-devel-1.6.8-15.24.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1261957 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:31:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:31:15 -0000 Subject: SUSE-SU-2026:1600-1: important: Security update for flatpak Message-ID: <177704827504.3109.12095860398391762038@a0a563bcf2df> # Security update for flatpak Announcement ID: SUSE-SU-2026:1600-1 Release Date: 2026-04-24T11:46:10Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox- expose options (bsc#1261769). * CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation (bsc#1261770). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1600=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1600=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1600=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1600=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * Desktop Applications Module 15-SP7 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:31:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:31:18 -0000 Subject: SUSE-SU-2026:1599-1: important: Security update for librsvg Message-ID: <177704827849.3109.8217473494378452576@a0a563bcf2df> # Security update for librsvg Announcement ID: SUSE-SU-2026:1599-1 Release Date: 2026-04-24T11:45:53Z Rating: important References: * bsc#1257922 Cross-References: * CVE-2026-25727 CVSS scores: * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for librsvg fixes the following issue: * CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1599=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1599=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1599=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1599=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1599=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1599=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1599=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1599=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1599=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1599=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1599=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1599=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1599=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1599=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-devel-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-devel-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-devel-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-devel-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-devel-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-devel-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-devel-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-devel-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * rsvg-convert-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-devel-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * openSUSE Leap 15.4 (noarch) * rsvg-thumbnailer-2.52.12-150400.3.12.1 * openSUSE Leap 15.4 (aarch64_ilp32) * librsvg-2-2-64bit-debuginfo-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-64bit-2.52.12-150400.3.12.1 * librsvg-2-2-64bit-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-64bit-debuginfo-2.52.12-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.12.1 * librsvg-2-2-2.52.12-150400.3.12.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.12.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.12.1 * librsvg-debugsource-2.52.12-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25727.html * https://bugzilla.suse.com/show_bug.cgi?id=1257922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:31:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:31:36 -0000 Subject: SUSE-SU-2026:1598-1: important: Security update for ImageMagick Message-ID: <177704829653.3109.16239491017496899559@a0a563bcf2df> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1598-1 Release Date: 2026-04-24T11:44:47Z Rating: important References: * bsc#1262097 * bsc#1262145 * bsc#1262146 * bsc#1262147 * bsc#1262148 * bsc#1262149 * bsc#1262150 * bsc#1262152 * bsc#1262153 * bsc#1262154 * bsc#1262155 * bsc#1262156 Cross-References: * CVE-2026-33899 * CVE-2026-33900 * CVE-2026-33901 * CVE-2026-33902 * CVE-2026-33905 * CVE-2026-33908 * CVE-2026-34238 * CVE-2026-40169 * CVE-2026-40183 * CVE-2026-40310 * CVE-2026-40311 * CVE-2026-40312 CVSS scores: * CVE-2026-33899 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33899 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33899 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33900 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33900 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33900 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33901 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33901 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33901 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33902 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33902 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33905 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-33905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33908 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33908 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34238 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34238 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-34238 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34238 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40169 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40169 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40169 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40169 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40183 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40310 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40310 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40311 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40312 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40312 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40312 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40312 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing (bsc#1262154). * CVE-2026-33900: Denial of Service via integer truncation in viff encoder (bsc#1262156). * CVE-2026-33901: Denial of Service due to heap buffer overflow in MVG decoder (bsc#1262155). * CVE-2026-33902: Denial of Service via deeply nested expression in FX parser (bsc#1262153). * CVE-2026-33905: Denial of service via out-of-bounds read in -sample operation (bsc#1262097). * CVE-2026-33908: Denial of Service via deeply nested XML file processing (bsc#1262152). * CVE-2026-34238: Denial of Service via integer overflow in despeckle operation (bsc#1262147). * CVE-2026-40169: Denial of Service via crafted image leading to out-of-bounds write (bsc#1262150). * CVE-2026-40183: Denial of Service via heap write overflow in JXL encoder (bsc#1262145). * CVE-2026-40310: Denial of service via heap out-of-bounds write in JP2 encoder (bsc#1262148). * CVE-2026-40311: Denial of Service via heap use-after-free in XMP profile processing (bsc#1262146). * CVE-2026-40312: Denial of Service via malicious MSL file processing (bsc#1262149). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1598=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1598=1 ## Package List: * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-secure-7.1.1.43-150700.3.47.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.43-150700.3.47.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.47.1 * ImageMagick-debugsource-7.1.1.43-150700.3.47.1 * libMagick++-devel-7.1.1.43-150700.3.47.1 * ImageMagick-config-7-SUSE-7.1.1.43-150700.3.47.1 * ImageMagick-config-7-upstream-websafe-7.1.1.43-150700.3.47.1 * ImageMagick-7.1.1.43-150700.3.47.1 * ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.47.1 * libMagick++-7_Q16HDRI5-7.1.1.43-150700.3.47.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.47.1 * ImageMagick-devel-7.1.1.43-150700.3.47.1 * libMagickCore-7_Q16HDRI10-7.1.1.43-150700.3.47.1 * ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.47.1 * libMagickWand-7_Q16HDRI10-7.1.1.43-150700.3.47.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.47.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-7.1.1.43-150700.3.47.1 * ImageMagick-debugsource-7.1.1.43-150700.3.47.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.47.1 * perl-PerlMagick-debuginfo-7.1.1.43-150700.3.47.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33899.html * https://www.suse.com/security/cve/CVE-2026-33900.html * https://www.suse.com/security/cve/CVE-2026-33901.html * https://www.suse.com/security/cve/CVE-2026-33902.html * https://www.suse.com/security/cve/CVE-2026-33905.html * https://www.suse.com/security/cve/CVE-2026-33908.html * https://www.suse.com/security/cve/CVE-2026-34238.html * https://www.suse.com/security/cve/CVE-2026-40169.html * https://www.suse.com/security/cve/CVE-2026-40183.html * https://www.suse.com/security/cve/CVE-2026-40310.html * https://www.suse.com/security/cve/CVE-2026-40311.html * https://www.suse.com/security/cve/CVE-2026-40312.html * https://bugzilla.suse.com/show_bug.cgi?id=1262097 * https://bugzilla.suse.com/show_bug.cgi?id=1262145 * https://bugzilla.suse.com/show_bug.cgi?id=1262146 * https://bugzilla.suse.com/show_bug.cgi?id=1262147 * https://bugzilla.suse.com/show_bug.cgi?id=1262148 * https://bugzilla.suse.com/show_bug.cgi?id=1262149 * https://bugzilla.suse.com/show_bug.cgi?id=1262150 * https://bugzilla.suse.com/show_bug.cgi?id=1262152 * https://bugzilla.suse.com/show_bug.cgi?id=1262153 * https://bugzilla.suse.com/show_bug.cgi?id=1262154 * https://bugzilla.suse.com/show_bug.cgi?id=1262155 * https://bugzilla.suse.com/show_bug.cgi?id=1262156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:31:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:31:54 -0000 Subject: SUSE-SU-2026:1597-1: important: Security update for ImageMagick Message-ID: <177704831414.3109.11218546339164080693@a0a563bcf2df> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1597-1 Release Date: 2026-04-24T11:44:19Z Rating: important References: * bsc#1262097 * bsc#1262145 * bsc#1262146 * bsc#1262147 * bsc#1262148 * bsc#1262149 * bsc#1262150 * bsc#1262152 * bsc#1262154 * bsc#1262155 * bsc#1262156 Cross-References: * CVE-2026-33899 * CVE-2026-33900 * CVE-2026-33901 * CVE-2026-33905 * CVE-2026-33908 * CVE-2026-34238 * CVE-2026-40169 * CVE-2026-40183 * CVE-2026-40310 * CVE-2026-40311 * CVE-2026-40312 CVSS scores: * CVE-2026-33899 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33899 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33899 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33900 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33900 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33900 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33901 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33901 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33901 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33905 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33905 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-33908 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33908 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34238 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34238 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-34238 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34238 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40169 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40169 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40169 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40169 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40183 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40310 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40310 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40311 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40312 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40312 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40312 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40312 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing (bsc#1262154). * CVE-2026-33900: Denial of Service via integer truncation in viff encoder (bsc#1262156). * CVE-2026-33901: Denial of Service due to heap buffer overflow in MVG decoder (bsc#1262155). * CVE-2026-33905: Denial of service via out-of-bounds read in -sample operation (bsc#1262097). * CVE-2026-33908: Denial of Service via deeply nested XML file processing (bsc#1262152). * CVE-2026-34238: Denial of Service via integer overflow in despeckle operation (bsc#1262147). * CVE-2026-40169: Denial of Service via crafted image leading to out-of-bounds write (bsc#1262150). * CVE-2026-40183: Denial of Service via heap write overflow in JXL encoder (bsc#1262145). * CVE-2026-40310: Denial of service via heap out-of-bounds write in JP2 encoder (bsc#1262148). * CVE-2026-40311: Denial of Service via heap use-after-free in XMP profile processing (bsc#1262146). * CVE-2026-40312: Denial of Service via malicious MSL file processing (bsc#1262149). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1597=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1597=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1597=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.55.1 * ImageMagick-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.55.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-debugsource-7.1.1.21-150600.3.55.1 * ImageMagick-extra-7.1.1.21-150600.3.55.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.55.1 * libMagick++-devel-7.1.1.21-150600.3.55.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.55.1 * ImageMagick-extra-debuginfo-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.55.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-devel-7.1.1.21-150600.3.55.1 * perl-PerlMagick-7.1.1.21-150600.3.55.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.55.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.55.1 * openSUSE Leap 15.6 (x86_64) * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.55.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.55.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.55.1 * libMagick++-devel-32bit-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.55.1 * libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.55.1 * ImageMagick-devel-32bit-7.1.1.21-150600.3.55.1 * openSUSE Leap 15.6 (noarch) * ImageMagick-doc-7.1.1.21-150600.3.55.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.55.1 * libMagick++-devel-64bit-7.1.1.21-150600.3.55.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.55.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.55.1 * libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.55.1 * ImageMagick-devel-64bit-7.1.1.21-150600.3.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.55.1 * ImageMagick-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.55.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-debugsource-7.1.1.21-150600.3.55.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.55.1 * libMagick++-devel-7.1.1.21-150600.3.55.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1 * perl-PerlMagick-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.55.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-devel-7.1.1.21-150600.3.55.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.55.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.55.1 * ImageMagick-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.55.1 * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-debugsource-7.1.1.21-150600.3.55.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.55.1 * libMagick++-devel-7.1.1.21-150600.3.55.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.55.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1 * perl-PerlMagick-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.55.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-devel-7.1.1.21-150600.3.55.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.55.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.55.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.55.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33899.html * https://www.suse.com/security/cve/CVE-2026-33900.html * https://www.suse.com/security/cve/CVE-2026-33901.html * https://www.suse.com/security/cve/CVE-2026-33905.html * https://www.suse.com/security/cve/CVE-2026-33908.html * https://www.suse.com/security/cve/CVE-2026-34238.html * https://www.suse.com/security/cve/CVE-2026-40169.html * https://www.suse.com/security/cve/CVE-2026-40183.html * https://www.suse.com/security/cve/CVE-2026-40310.html * https://www.suse.com/security/cve/CVE-2026-40311.html * https://www.suse.com/security/cve/CVE-2026-40312.html * https://bugzilla.suse.com/show_bug.cgi?id=1262097 * https://bugzilla.suse.com/show_bug.cgi?id=1262145 * https://bugzilla.suse.com/show_bug.cgi?id=1262146 * https://bugzilla.suse.com/show_bug.cgi?id=1262147 * https://bugzilla.suse.com/show_bug.cgi?id=1262148 * https://bugzilla.suse.com/show_bug.cgi?id=1262149 * https://bugzilla.suse.com/show_bug.cgi?id=1262150 * https://bugzilla.suse.com/show_bug.cgi?id=1262152 * https://bugzilla.suse.com/show_bug.cgi?id=1262154 * https://bugzilla.suse.com/show_bug.cgi?id=1262155 * https://bugzilla.suse.com/show_bug.cgi?id=1262156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 16:32:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 16:32:04 -0000 Subject: SUSE-SU-2026:1596-1: important: Security update for ImageMagick Message-ID: <177704832468.3109.2388066687615325204@a0a563bcf2df> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1596-1 Release Date: 2026-04-24T11:44:09Z Rating: important References: * bsc#1262097 * bsc#1262146 * bsc#1262147 * bsc#1262152 * bsc#1262154 * bsc#1262156 Cross-References: * CVE-2026-33899 * CVE-2026-33900 * CVE-2026-33905 * CVE-2026-33908 * CVE-2026-34238 * CVE-2026-40311 CVSS scores: * CVE-2026-33899 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33899 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33899 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33900 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33900 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33900 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33905 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33905 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-33908 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33908 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34238 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34238 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-34238 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34238 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40311 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing (bsc#1262154). * CVE-2026-33900: Denial of Service via integer truncation in viff encoder (bsc#1262156). * CVE-2026-33905: Denial of service via out-of-bounds read in -sample operation (bsc#1262097). * CVE-2026-33908: Denial of Service via deeply nested XML file processing (bsc#1262152). * CVE-2026-34238: Denial of Service via integer overflow in despeckle operation (bsc#1262147). * CVE-2026-40311: Denial of Service via heap use-after-free in XMP profile processing (bsc#1262146). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1596=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1596=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-6.8.8.1-71.241.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.241.1 * libMagick++-devel-6.8.8.1-71.241.1 * ImageMagick-devel-6.8.8.1-71.241.1 * libMagickCore-6_Q16-1-6.8.8.1-71.241.1 * libMagickWand-6_Q16-1-6.8.8.1-71.241.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.241.1 * ImageMagick-debugsource-6.8.8.1-71.241.1 * ImageMagick-config-6-upstream-6.8.8.1-71.241.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.241.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * ImageMagick-debuginfo-6.8.8.1-71.241.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.241.1 * libMagick++-devel-6.8.8.1-71.241.1 * ImageMagick-devel-6.8.8.1-71.241.1 * libMagickCore-6_Q16-1-6.8.8.1-71.241.1 * libMagickWand-6_Q16-1-6.8.8.1-71.241.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.241.1 * ImageMagick-debugsource-6.8.8.1-71.241.1 * ImageMagick-config-6-upstream-6.8.8.1-71.241.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.241.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33899.html * https://www.suse.com/security/cve/CVE-2026-33900.html * https://www.suse.com/security/cve/CVE-2026-33905.html * https://www.suse.com/security/cve/CVE-2026-33908.html * https://www.suse.com/security/cve/CVE-2026-34238.html * https://www.suse.com/security/cve/CVE-2026-40311.html * https://bugzilla.suse.com/show_bug.cgi?id=1262097 * https://bugzilla.suse.com/show_bug.cgi?id=1262146 * https://bugzilla.suse.com/show_bug.cgi?id=1262147 * https://bugzilla.suse.com/show_bug.cgi?id=1262152 * https://bugzilla.suse.com/show_bug.cgi?id=1262154 * https://bugzilla.suse.com/show_bug.cgi?id=1262156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:05 -0000 Subject: SUSE-SU-2026:21282-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16) Message-ID: <177706260585.3111.18259538771949925747@4f4cd7bf4343> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21282-1 Release Date: 2026-04-23T08:22:01Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-634=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_27-default-debuginfo-2-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-2-160000.1.1 * kernel-livepatch-SLE16_Update_6-debugsource-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:10 -0000 Subject: SUSE-SU-2026:21281-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177706261015.3111.4769834896873507511@4f4cd7bf4343> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21281-1 Release Date: 2026-04-23T08:20:31Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-633=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_8-default-5-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-5-160000.1.1 * kernel-livepatch-SLE16_Update_3-debugsource-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:15 -0000 Subject: SUSE-SU-2026:21280-1: moderate: Security update for haproxy Message-ID: <177706261550.3111.4396876514543442998@4f4cd7bf4343> # Security update for haproxy Announcement ID: SUSE-SU-2026:21280-1 Release Date: 2026-04-23T08:15:56Z Rating: moderate References: * bsc#1261626 * bsc#1262103 Cross-References: * CVE-2026-33555 CVSS scores: * CVE-2026-33555 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N * CVE-2026-33555 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-33555 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for haproxy fixes the following issues: Security issue: * CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization (bsc#1262103). * bug in SLZ compression (bsc#1261626). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-632=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-3.2.15+git64.0fc44b458-160000.2.1 * haproxy-debuginfo-3.2.15+git64.0fc44b458-160000.2.1 * haproxy-3.2.15+git64.0fc44b458-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33555.html * https://bugzilla.suse.com/show_bug.cgi?id=1261626 * https://bugzilla.suse.com/show_bug.cgi?id=1262103 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:19 -0000 Subject: SUSE-SU-2026:21279-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177706261982.3111.15505115368952203950@4f4cd7bf4343> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21279-1 Release Date: 2026-04-23T06:52:59Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-631=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_6-default-8-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-8-160000.1.1 * kernel-livepatch-SLE16_Update_1-debugsource-8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:24 -0000 Subject: SUSE-SU-2026:21278-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177706262420.3111.13548946994470993635@4f4cd7bf4343> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21278-1 Release Date: 2026-04-22T23:22:40Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-630=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-10-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-10-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-10-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:26 -0000 Subject: SUSE-SU-2026:21277-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16) Message-ID: <177706262699.3111.4389155828342492165@4f4cd7bf4343> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21277-1 Release Date: 2026-04-22T21:44:23Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-628=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_27-rt-2-160000.1.1 * kernel-livepatch-6_12_0-160000_27-rt-debuginfo-2-160000.1.1 * kernel-livepatch-SLE16-RT_Update_6-debugsource-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:30 -0000 Subject: SUSE-SU-2026:21275-1: important: Security update for librsvg Message-ID: <177706263089.3111.4974369807555085975@4f4cd7bf4343> # Security update for librsvg Announcement ID: SUSE-SU-2026:21275-1 Release Date: 2026-04-22T10:52:22Z Rating: important References: * bsc#1257922 Cross-References: * CVE-2026-25727 CVSS scores: * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for librsvg fixes the following issue: * CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-622=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * librsvg-2-2-2.60.2-160000.2.1 * gdk-pixbuf-loader-rsvg-2.60.2-160000.2.1 * librsvg-2-2-debuginfo-2.60.2-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25727.html * https://bugzilla.suse.com/show_bug.cgi?id=1257922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:33 -0000 Subject: SUSE-SU-2026:21274-1: important: Security update for libcap Message-ID: <177706263357.3111.13419512949218205760@4f4cd7bf4343> # Security update for libcap Announcement ID: SUSE-SU-2026:21274-1 Release Date: 2026-04-22T10:21:26Z Rating: important References: * bsc#1261809 Cross-References: * CVE-2026-4878 CVSS scores: * CVE-2026-4878 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4878 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4878 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issues: * CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in `cap_set_file()` (bsc#1261809). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-625=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libcap2-2.73-160000.3.1 * libcap-debugsource-2.73-160000.3.1 * libcap2-debuginfo-2.73-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4878.html * https://bugzilla.suse.com/show_bug.cgi?id=1261809 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:36 -0000 Subject: SUSE-SU-2026:21273-1: important: Security update for sudo Message-ID: <177706263660.3111.9078331234608208220@4f4cd7bf4343> # Security update for sudo Announcement ID: SUSE-SU-2026:21273-1 Release Date: 2026-04-22T09:58:25Z Rating: important References: * bsc#1261420 Cross-References: * CVE-2026-35535 CVSS scores: * CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for sudo fixes the following issues: * CVE-2026-35535: unhandled failure of `setuid`, `setgid` or `setgroups` calls during a mailer privilege drop allows for local privilege escalation (bsc#1261420). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-616=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * sudo-debugsource-1.9.17p1-160000.3.1 * sudo-debuginfo-1.9.17p1-160000.3.1 * sudo-1.9.17p1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35535.html * https://bugzilla.suse.com/show_bug.cgi?id=1261420 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:39 -0000 Subject: SUSE-SU-2026:21272-1: important: Security update for ignition Message-ID: <177706263936.3111.2455184240095065452@4f4cd7bf4343> # Security update for ignition Announcement ID: SUSE-SU-2026:21272-1 Release Date: 2026-04-22T09:58:25Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header (bsc#1260251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-615=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * ignition-debuginfo-2.21.0-160000.3.1 * ignition-2.21.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:42 -0000 Subject: SUSE-SU-2026:21271-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177706264208.3111.15001471412038407823@4f4cd7bf4343> # Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21271-1 Release Date: 2026-04-22T08:19:45Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-613=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_8-rt-4-160000.1.1 * kernel-livepatch-SLE16-RT_Update_3-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-rt-debuginfo-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:47 -0000 Subject: SUSE-SU-2026:21270-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177706264751.3111.10970905732794825993@4f4cd7bf4343> # Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21270-1 Release Date: 2026-04-21T18:19:42Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-610=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_6-rt-7-160000.1.1 * kernel-livepatch-SLE16-RT_Update_1-debugsource-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-rt-debuginfo-7-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:52 -0000 Subject: SUSE-SU-2026:21269-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177706265292.3111.10518013597759858340@4f4cd7bf4343> # Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21269-1 Release Date: 2026-04-21T15:51:23Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-609=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-SLE16-RT_Update_0-debugsource-8-160000.3.4 * kernel-livepatch-6_12_0-160000_5-rt-debuginfo-8-160000.3.4 * kernel-livepatch-6_12_0-160000_5-rt-8-160000.3.4 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:56 -0000 Subject: SUSE-SU-2026:21268-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177706265690.3111.17157862005086786942@4f4cd7bf4343> # Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21268-1 Release Date: 2026-04-21T15:49:23Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-608=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-SLE16-RT_Update_2-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-rt-debuginfo-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-rt-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:30:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:30:59 -0000 Subject: SUSE-SU-2026:21267-1: important: Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177706265996.3111.2873345304788374412@4f4cd7bf4343> # Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21267-1 Release Date: 2026-04-21T15:23:02Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-607=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_9-rt-4-160000.1.1 * kernel-livepatch-SLE16-RT_Update_4-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_9-rt-debuginfo-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:31:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:31:02 -0000 Subject: SUSE-SU-2026:21266-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177706266269.3111.16077628966400311716@4f4cd7bf4343> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21266-1 Release Date: 2026-04-21T15:04:19Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-606=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_26-rt-debuginfo-3-160000.1.1 * kernel-livepatch-6_12_0-160000_26-rt-3-160000.1.1 * kernel-livepatch-SLE16-RT_Update_5-debugsource-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:31:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:31:06 -0000 Subject: SUSE-SU-2026:1611-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5) Message-ID: <177706266692.3111.13306408727638488843@4f4cd7bf4343> # Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1611-1 Release Date: 2026-04-24T14:06:13Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1611=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1612=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1612=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1614=1 SUSE-2026-1615=1 SUSE-2026-1616=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1614=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1615=1 SUSE-SLE-Module-Live- Patching-15-SP5-2026-1616=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_261-default-13-2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_46-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-5-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_46-debugsource-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-5-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-5-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_116-default-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-8-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-8-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_34-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-8-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_29-debugsource-13-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_116-default-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-8-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-8-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_34-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-8-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x) * kernel-livepatch-SLE15-SP5_Update_29-debugsource-13-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:31:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:31:14 -0000 Subject: SUSE-SU-2026:1613-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6) Message-ID: <177706267443.3111.6978470810159877591@4f4cd7bf4343> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1613-1 Release Date: 2026-04-24T13:34:09Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.50 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1613=1 SUSE-2026-1610=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1613=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1610=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_10-debugsource-16-150600.2.2 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-16-150600.2.2 * kernel-livepatch-6_4_0-150600_23_47-default-16-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-15-150600.2.2 * kernel-livepatch-6_4_0-150600_23_50-default-15-150600.2.2 * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-15-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_10-debugsource-16-150600.2.2 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-16-150600.2.2 * kernel-livepatch-6_4_0-150600_23_47-default-16-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-15-150600.2.2 * kernel-livepatch-6_4_0-150600_23_50-default-15-150600.2.2 * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-15-150600.2.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:31:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:31:17 -0000 Subject: SUSE-SU-2026:1619-1: moderate: Security update for PackageKit Message-ID: <177706267722.3111.6518877302273481406@4f4cd7bf4343> # Security update for PackageKit Announcement ID: SUSE-SU-2026:1619-1 Release Date: 2026-04-24T14:34:25Z Rating: moderate References: * bsc#1262220 Cross-References: * CVE-2026-41651 CVSS scores: * CVE-2026-41651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41651 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for PackageKit fixes the following issue: * CVE-2026-41651: Do not allow re-invoking methods on non-new transactions (bsc#1262220). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1619=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-PackageKitGlib-1_0-1.2.4-150500.6.5.1 * PackageKit-backend-dnf-1.2.4-150500.6.5.1 * PackageKit-1.2.4-150500.6.5.1 * PackageKit-debugsource-1.2.4-150500.6.5.1 * PackageKit-gtk3-module-1.2.4-150500.6.5.1 * libpackagekit-glib2-18-1.2.4-150500.6.5.1 * libpackagekit-glib2-devel-1.2.4-150500.6.5.1 * PackageKit-gtk3-module-debuginfo-1.2.4-150500.6.5.1 * PackageKit-devel-debuginfo-1.2.4-150500.6.5.1 * PackageKit-debuginfo-1.2.4-150500.6.5.1 * libpackagekit-glib2-18-debuginfo-1.2.4-150500.6.5.1 * PackageKit-backend-zypp-debuginfo-1.2.4-150500.6.5.1 * PackageKit-backend-zypp-1.2.4-150500.6.5.1 * PackageKit-backend-dnf-debuginfo-1.2.4-150500.6.5.1 * PackageKit-gstreamer-plugin-1.2.4-150500.6.5.1 * PackageKit-gstreamer-plugin-debuginfo-1.2.4-150500.6.5.1 * PackageKit-devel-1.2.4-150500.6.5.1 * openSUSE Leap 15.5 (noarch) * PackageKit-branding-upstream-1.2.4-150500.6.5.1 * PackageKit-lang-1.2.4-150500.6.5.1 * openSUSE Leap 15.5 (x86_64) * libpackagekit-glib2-18-32bit-1.2.4-150500.6.5.1 * libpackagekit-glib2-18-32bit-debuginfo-1.2.4-150500.6.5.1 * libpackagekit-glib2-devel-32bit-1.2.4-150500.6.5.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libpackagekit-glib2-18-64bit-debuginfo-1.2.4-150500.6.5.1 * libpackagekit-glib2-18-64bit-1.2.4-150500.6.5.1 * libpackagekit-glib2-devel-64bit-1.2.4-150500.6.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41651.html * https://bugzilla.suse.com/show_bug.cgi?id=1262220 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:31:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:31:30 -0000 Subject: SUSE-SU-2026:1618-1: moderate: Security update for dnsdist Message-ID: <177706269050.3111.8613707282960406266@4f4cd7bf4343> # Security update for dnsdist Announcement ID: SUSE-SU-2026:1618-1 Release Date: 2026-04-24T14:25:54Z Rating: moderate References: * bsc#1261236 * bsc#1261237 * bsc#1261238 * bsc#1261239 * bsc#1261240 * bsc#1261241 * bsc#1261243 Cross-References: * CVE-2026-0396 * CVE-2026-0397 * CVE-2026-24028 * CVE-2026-24029 * CVE-2026-24030 * CVE-2026-27853 * CVE-2026-27854 CVSS scores: * CVE-2026-0396 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-0396 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-0396 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-0396 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-0397 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-0397 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-0397 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-0397 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-24028 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-24028 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24028 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24028 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-24029 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24029 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24029 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24029 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24030 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-24030 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24030 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24030 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27853 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27853 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27853 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27853 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-27854 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-27854 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for dnsdist fixes the following issues: Update to version 1.9.12. * https://www.dnsdist.org/changelog.html#change-1.9.12 Security issues fixed: * CVE-2026-0396: crafted DNS queries triggering domain-based dynamic rules can lead to HTML injection in the web dashboard (bsc#1261236). * CVE-2026-0397: misconfiguration of the CORS policy can lead to information disclosure (bsc#1261237). * CVE-2026-24028: crafted DNS packet parsed by Lua code using `newDNSPacketOverlay` can lead to an out-of-bounds read (bsc#1261238). * CVE-2026-24029: disabled option on a DNS over HTTPS nghttp2 frontend allows clients to bypass ACLs and send DoH queries (bsc#1261239). * CVE-2026-24030: crafted DoQ and DoH3 queries can lead to unbounded memory allocation and DoS (bsc#1261240). * CVE-2026-27853: crafted DNS responses sent to a DNSdist using certain methods in custom Lua code (`changeName`) can lead to an out-of-bounds write (bsc#1261243). * CVE-2026-27854: crafted DNS queries sent to a DNSdist using the `DNSQuestion:getEDNSOptions` method in custom Lua code can lead to a use- after-free (bsc#1261241). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1618=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * dnsdist-debugsource-1.9.12-150700.3.9.1 * dnsdist-debuginfo-1.9.12-150700.3.9.1 * dnsdist-1.9.12-150700.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0396.html * https://www.suse.com/security/cve/CVE-2026-0397.html * https://www.suse.com/security/cve/CVE-2026-24028.html * https://www.suse.com/security/cve/CVE-2026-24029.html * https://www.suse.com/security/cve/CVE-2026-24030.html * https://www.suse.com/security/cve/CVE-2026-27853.html * https://www.suse.com/security/cve/CVE-2026-27854.html * https://bugzilla.suse.com/show_bug.cgi?id=1261236 * https://bugzilla.suse.com/show_bug.cgi?id=1261237 * https://bugzilla.suse.com/show_bug.cgi?id=1261238 * https://bugzilla.suse.com/show_bug.cgi?id=1261239 * https://bugzilla.suse.com/show_bug.cgi?id=1261240 * https://bugzilla.suse.com/show_bug.cgi?id=1261241 * https://bugzilla.suse.com/show_bug.cgi?id=1261243 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 24 20:31:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 24 Apr 2026 20:31:34 -0000 Subject: SUSE-SU-2026:1617-1: important: Security update for cups Message-ID: <177706269454.3111.13306250627955780595@4f4cd7bf4343> # Security update for cups Announcement ID: SUSE-SU-2026:1617-1 Release Date: 2026-04-24T14:25:18Z Rating: important References: * bsc#1261568 * bsc#1261569 Cross-References: * CVE-2026-34980 * CVE-2026-34990 CVSS scores: * CVE-2026-34980 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2026-34980 ( NVD ): 6.1 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34980 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34990 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34990 ( NVD ): 5.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34990 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for cups fixes the following issues: * CVE-2026-34980: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network (bsc#1261569). * CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1617=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1617=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cups-client-1.7.5-20.62.1 * cups-1.7.5-20.62.1 * cups-client-debuginfo-1.7.5-20.62.1 * cups-libs-debuginfo-1.7.5-20.62.1 * cups-devel-1.7.5-20.62.1 * cups-libs-1.7.5-20.62.1 * cups-debuginfo-1.7.5-20.62.1 * cups-debugsource-1.7.5-20.62.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * cups-libs-debuginfo-32bit-1.7.5-20.62.1 * cups-libs-32bit-1.7.5-20.62.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * cups-client-1.7.5-20.62.1 * cups-1.7.5-20.62.1 * cups-client-debuginfo-1.7.5-20.62.1 * cups-libs-debuginfo-1.7.5-20.62.1 * cups-devel-1.7.5-20.62.1 * cups-libs-1.7.5-20.62.1 * cups-debuginfo-1.7.5-20.62.1 * cups-libs-debuginfo-32bit-1.7.5-20.62.1 * cups-debugsource-1.7.5-20.62.1 * cups-libs-32bit-1.7.5-20.62.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34980.html * https://www.suse.com/security/cve/CVE-2026-34990.html * https://bugzilla.suse.com/show_bug.cgi?id=1261568 * https://bugzilla.suse.com/show_bug.cgi?id=1261569 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:11 -0000 Subject: SUSE-SU-2026:1629-1: important: Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5) Message-ID: <177727861175.5974.60990555614726302@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1629-1 Release Date: 2026-04-25T08:33:50Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.266 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1629=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_266-default-13-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:15 -0000 Subject: SUSE-SU-2026:21345-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727861534.5974.16351423703524605453@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21345-1 Release Date: 2026-04-22T17:23:57Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-367=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_17-debugsource-2-1.1 * kernel-livepatch-6_4_0-40-default-2-1.1 * kernel-livepatch-6_4_0-40-default-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:18 -0000 Subject: SUSE-SU-2026:21344-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727861840.5974.4272233603430322084@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21344-1 Release Date: 2026-04-22T17:23:57Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-365=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_14-debugsource-4-1.2 * kernel-livepatch-6_4_0-38-default-4-1.2 * kernel-livepatch-6_4_0-38-default-debuginfo-4-1.2 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:24 -0000 Subject: SUSE-SU-2026:21343-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727862435.5974.8533079381884372991@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21343-1 Release Date: 2026-04-22T17:23:57Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-363=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-29-default-16-1.2 * kernel-livepatch-6_4_0-29-default-debuginfo-16-1.2 * kernel-livepatch-MICRO-6-0_Update_7-debugsource-16-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:27 -0000 Subject: SUSE-SU-2026:21342-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727862785.5974.16596001661691748502@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21342-1 Release Date: 2026-04-22T17:20:27Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-366=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_16-debugsource-3-1.1 * kernel-livepatch-6_4_0-39-default-3-1.1 * kernel-livepatch-6_4_0-39-default-debuginfo-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:32 -0000 Subject: SUSE-SU-2026:21341-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727863246.5974.5326347647920521750@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21341-1 Release Date: 2026-04-22T17:20:27Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-364=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-36-default-debuginfo-6-1.1 * kernel-livepatch-6_4_0-36-default-6-1.1 * kernel-livepatch-MICRO-6-0_Update_13-debugsource-6-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:40 -0000 Subject: SUSE-SU-2026:21340-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727864022.5974.1408663947796483447@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21340-1 Release Date: 2026-04-22T17:16:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-362=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-35-default-debuginfo-8-1.1 * kernel-livepatch-MICRO-6-0_Update_12-debugsource-8-1.1 * kernel-livepatch-6_4_0-35-default-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:44 -0000 Subject: SUSE-SU-2026:21339-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727864489.5974.10728263156728679318@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21339-1 Release Date: 2026-04-22T17:16:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-361=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_11-debugsource-8-1.1 * kernel-livepatch-6_4_0-34-default-8-1.1 * kernel-livepatch-6_4_0-34-default-debuginfo-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:49 -0000 Subject: SUSE-SU-2026:21338-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727864934.5974.9659219885839332343@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21338-1 Release Date: 2026-04-22T17:16:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-360=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-32-default-debuginfo-9-1.1 * kernel-livepatch-MICRO-6-0_Update_10-debugsource-9-1.1 * kernel-livepatch-6_4_0-32-default-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:53 -0000 Subject: SUSE-SU-2026:21337-1: important: Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727865378.5974.13942456639745553775@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21337-1 Release Date: 2026-04-22T17:16:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-357=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-38-rt-debuginfo-4-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_14-debugsource-4-1.1 * kernel-livepatch-6_4_0-38-rt-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:30:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:30:58 -0000 Subject: SUSE-SU-2026:21336-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727865812.5974.4327258600384442959@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21336-1 Release Date: 2026-04-22T17:14:02Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-359=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-31-default-15-1.2 * kernel-livepatch-MICRO-6-0_Update_9-debugsource-15-1.2 * kernel-livepatch-6_4_0-31-default-debuginfo-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:03 -0000 Subject: SUSE-SU-2026:21335-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727866325.5974.2864433066549828815@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21335-1 Release Date: 2026-04-22T17:14:02Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-358=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-15-1.2 * kernel-livepatch-6_4_0-30-default-debuginfo-15-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:08 -0000 Subject: SUSE-SU-2026:21334-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727866871.5974.7475488443282140349@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21334-1 Release Date: 2026-04-22T17:07:51Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-356=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_6-debugsource-17-3.1 * kernel-livepatch-6_4_0-28-default-17-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-17-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:13 -0000 Subject: SUSE-SU-2026:21333-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727867317.5974.11819010572445919077@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21333-1 Release Date: 2026-04-22T16:59:48Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-355=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-25-default-19-1.2 * kernel-livepatch-6_4_0-25-default-debuginfo-19-1.2 * kernel-livepatch-MICRO-6-0_Update_5-debugsource-19-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:16 -0000 Subject: SUSE-SU-2026:21332-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727867660.5974.18204585590136546299@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21332-1 Release Date: 2026-04-22T16:59:48Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-353=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-39-rt-debuginfo-3-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_15-debugsource-3-1.1 * kernel-livepatch-6_4_0-39-rt-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:20 -0000 Subject: SUSE-SU-2026:21331-1: important: Security update for the Linux Kernel RT (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727868033.5974.8843850020938989355@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21331-1 Release Date: 2026-04-22T16:59:00Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-354=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_18-debugsource-2-1.1 * kernel-livepatch-6_4_0-40-rt-debuginfo-2-1.1 * kernel-livepatch-6_4_0-40-rt-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:25 -0000 Subject: SUSE-SU-2026:21330-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727868553.5974.3112102284677314431@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21330-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-37.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-352=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-37-rt-4-1.1 * kernel-livepatch-6_4_0-37-rt-debuginfo-4-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_13-debugsource-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:30 -0000 Subject: SUSE-SU-2026:21329-1: important: Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727869068.5974.17991613889618812854@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21329-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-351=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-36-rt-8-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_12-debugsource-8-1.1 * kernel-livepatch-6_4_0-36-rt-debuginfo-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:36 -0000 Subject: SUSE-SU-2026:21328-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727869607.5974.16345583701256422760@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21328-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-350=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-35-rt-9-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-9-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:41 -0000 Subject: SUSE-SU-2026:21327-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727870121.5974.16932559414462386398@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21327-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-348=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-33-rt-debuginfo-13-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-13-1.2 * kernel-livepatch-6_4_0-33-rt-13-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:48 -0000 Subject: SUSE-SU-2026:21326-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727870814.5974.8060435550907996217@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21326-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-347=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-31-rt-15-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-15-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:53 -0000 Subject: SUSE-SU-2026:21325-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727871360.5974.8354553787134273824@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21325-1 Release Date: 2026-04-22T16:53:25Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-349=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_10-debugsource-13-1.1 * kernel-livepatch-6_4_0-34-rt-13-1.1 * kernel-livepatch-6_4_0-34-rt-debuginfo-13-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:31:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:31:59 -0000 Subject: SUSE-SU-2026:21324-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727871981.5974.10480118703673228976@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21324-1 Release Date: 2026-04-22T16:51:39Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-346=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-16-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-16-1.3 * kernel-livepatch-6_4_0-30-rt-16-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:32:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:32:05 -0000 Subject: SUSE-SU-2026:21323-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727872599.5974.17031804932785375659@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21323-1 Release Date: 2026-04-22T16:51:39Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-345=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-16-3.1 * kernel-livepatch-6_4_0-28-rt-debuginfo-16-3.1 * kernel-livepatch-6_4_0-28-rt-16-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:32:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:32:12 -0000 Subject: SUSE-SU-2026:21322-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727873284.5974.14413557786520607267@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21322-1 Release Date: 2026-04-22T16:44:31Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-344=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-25-rt-debuginfo-18-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_5-debugsource-18-1.1 * kernel-livepatch-6_4_0-25-rt-18-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:32:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:32:19 -0000 Subject: SUSE-SU-2026:21321-1: important: Security update for cockpit-podman Message-ID: <177727873969.5974.1720636204202565930@d4c6dfb45de4> # Security update for cockpit-podman Announcement ID: SUSE-SU-2026:21321-1 Release Date: 2026-04-22T12:47:47Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-podman fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-685=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * cockpit-podman-83-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:32:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:32:30 -0000 Subject: SUSE-SU-2026:21320-1: low: Security update for opensc Message-ID: <177727875039.5974.14491272895170913469@d4c6dfb45de4> # Security update for opensc Announcement ID: SUSE-SU-2026:21320-1 Release Date: 2026-04-22T12:37:56Z Rating: low References: * bsc#1261214 * bsc#1261218 * bsc#1261219 * bsc#1261220 Cross-References: * CVE-2025-49010 * CVE-2025-66037 * CVE-2025-66038 * CVE-2025-66215 CVSS scores: * CVE-2025-49010 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-49010 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66037 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66037 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66037 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66037 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66038 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66215 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66215 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses (bsc#1261214). * CVE-2025-66037: crafted input can cause an out-of-bounds read (bsc#1261218). * CVE-2025-66038: improper compact-TLV length validation can lead to crash or unexpected behavior (bsc#1261219). * CVE-2025-66215: crafted smart card or USB device can cause a stack-buffer- overflow write (bsc#1261220). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-684=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * opensc-debuginfo-0.24.0-5.1 * opensc-0.24.0-5.1 * opensc-debugsource-0.24.0-5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49010.html * https://www.suse.com/security/cve/CVE-2025-66037.html * https://www.suse.com/security/cve/CVE-2025-66038.html * https://www.suse.com/security/cve/CVE-2025-66215.html * https://bugzilla.suse.com/show_bug.cgi?id=1261214 * https://bugzilla.suse.com/show_bug.cgi?id=1261218 * https://bugzilla.suse.com/show_bug.cgi?id=1261219 * https://bugzilla.suse.com/show_bug.cgi?id=1261220 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:32:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:32:45 -0000 Subject: SUSE-SU-2026:21319-1: important: Security update for google-guest-agent Message-ID: <177727876584.5974.3691064070655589560@d4c6dfb45de4> # Security update for google-guest-agent Announcement ID: SUSE-SU-2026:21319-1 Release Date: 2026-04-22T11:13:19Z Rating: important References: * bsc#1234563 * bsc#1236533 * bsc#1239763 * bsc#1239866 * bsc#1243254 * bsc#1243505 Cross-References: * CVE-2023-45288 * CVE-2024-45337 CVSS scores: * CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-45288 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities and has four fixes can now be installed. ## Description: This update for google-guest-agent fixes the following issues: Update to version 20250506.01 (bsc#1243254, bsc#1243505). Security issues fixed: * CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to authorization bypass in applications (bsc#1234563). * CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533). Other updates and bugfixes: * Version 20250506.01: * Make sure agent added connections are activated by NM (#534) * Version 20250506.00: * Wrap NSS cache refresh in a goroutine (#533) * Version 20250502.01: * Wicked: Only reload interfaces for which configurations are written or changed. (#524) * Version 20250502.00: * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Version 20250418.00: * Re-enable disabled services if the core plugin was enabled (#521) * Version 20250414.00: * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Version 20250327.01 (bsc#1239763, bsc#1239866): * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Version 20250327.00: * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Version 20250326.00: * Re-enable disabled services if the core plugin was enabled (#521) * Version 20250324.00: * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250317.00: * Revert "Revert bundling new binaries in the package (#509)" (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250312.00: * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250305.00: * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250304.01: * Fix typo in windows build script (#501) * Version 20250214.01: * Include core plugin binary for all packages (#500) * Version 20250212.00: * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * Version 20250211.00: * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250207.00: * vlan: toggle vlan configuration in debian packaging (#495) * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Include interfaces in lists even if it has an invalid MAC. (#489) * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) * Version 20250204.02: * force concourse to move version forward. * Version 20250204.01: * vlan: toggle vlan configuration in debian packaging (#495) * Version 20250204.00: * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Version 20250203.01: * Include interfaces in lists even if it has an invalid MAC. (#489) * Version 20250203.00: * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) * Version 20250122.00: * networkd(vlan): remove the interface in addition to config (#468) * Implement support for vlan dynamic removal, update dhclient to remove only if configured (#465) * Update logging library (#479) * Remove Pat from owners file. (#478) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-682=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * google-guest-agent-20250506.01-1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2024-45337.html * https://bugzilla.suse.com/show_bug.cgi?id=1234563 * https://bugzilla.suse.com/show_bug.cgi?id=1236533 * https://bugzilla.suse.com/show_bug.cgi?id=1239763 * https://bugzilla.suse.com/show_bug.cgi?id=1239866 * https://bugzilla.suse.com/show_bug.cgi?id=1243254 * https://bugzilla.suse.com/show_bug.cgi?id=1243505 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:32:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:32:51 -0000 Subject: SUSE-SU-2026:21318-1: moderate: Security update for haproxy Message-ID: <177727877128.5974.11543202029234121015@d4c6dfb45de4> # Security update for haproxy Announcement ID: SUSE-SU-2026:21318-1 Release Date: 2026-04-22T10:53:44Z Rating: moderate References: * bsc#1262103 Cross-References: * CVE-2026-33555 CVSS scores: * CVE-2026-33555 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N * CVE-2026-33555 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-33555 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for haproxy fixes the following issue: * CVE-2026-33555: improper validation when matching a received body length to a previously announced `Content-Length` can lead to request smuggling due to HTTP/3 parser desynchronization (bsc#1262103). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-683=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * haproxy-debuginfo-2.8.11+git0.01c1056a4-3.1 * haproxy-debugsource-2.8.11+git0.01c1056a4-3.1 * haproxy-2.8.11+git0.01c1056a4-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33555.html * https://bugzilla.suse.com/show_bug.cgi?id=1262103 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:32:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:32:57 -0000 Subject: SUSE-SU-2026:21317-1: moderate: Security update for glibc-livepatches Message-ID: <177727877747.5974.10570853211648769268@d4c6dfb45de4> # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:21317-1 Release Date: 2026-04-23T12:23:23Z Rating: moderate References: * bsc#1261209 Cross-References: * CVE-2026-4046 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for glibc-livepatches fixes the following issues: * CVE-2026-4046: Fixed assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209) * Add support for live-patching the gconv modules sitting in glibc-locale-base or glibc-gconv-modules-extra packages. * Update json files for current glibc variants that support livepatching. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-507=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * glibc-livepatches-debugsource-0.4-slfo.1.1_1.1 * glibc-livepatches-0.4-slfo.1.1_1.1 * glibc-livepatches-debuginfo-0.4-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://bugzilla.suse.com/show_bug.cgi?id=1261209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:33:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:33:05 -0000 Subject: SUSE-SU-2026:21316-1: important: Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727878522.5974.828586120507619454@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21316-1 Release Date: 2026-04-22T17:16:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-357=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-38-rt-debuginfo-4-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_14-debugsource-4-1.1 * kernel-livepatch-6_4_0-38-rt-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:33:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:33:11 -0000 Subject: SUSE-SU-2026:21315-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727879122.5974.15599978870536692027@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21315-1 Release Date: 2026-04-22T16:59:48Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-353=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-39-rt-debuginfo-3-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_15-debugsource-3-1.1 * kernel-livepatch-6_4_0-39-rt-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:33:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:33:17 -0000 Subject: SUSE-SU-2026:21314-1: important: Security update for the Linux Kernel RT (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727879731.5974.10876648677422928072@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21314-1 Release Date: 2026-04-22T16:59:00Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-354=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_18-debugsource-2-1.1 * kernel-livepatch-6_4_0-40-rt-debuginfo-2-1.1 * kernel-livepatch-6_4_0-40-rt-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:33:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:33:24 -0000 Subject: SUSE-SU-2026:21313-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727880440.5974.16066040302074244901@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21313-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-37.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-352=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-37-rt-4-1.1 * kernel-livepatch-6_4_0-37-rt-debuginfo-4-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_13-debugsource-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:33:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:33:32 -0000 Subject: SUSE-SU-2026:21312-1: important: Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727881232.5974.18223887334950707801@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21312-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-351=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-36-rt-8-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_12-debugsource-8-1.1 * kernel-livepatch-6_4_0-36-rt-debuginfo-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:33:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:33:40 -0000 Subject: SUSE-SU-2026:21311-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727882008.5974.12588502829076355296@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21311-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-350=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-35-rt-9-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-9-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:33:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:33:46 -0000 Subject: SUSE-SU-2026:21310-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727882680.5974.14174736777564246068@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21310-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-348=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-33-rt-debuginfo-13-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-13-1.2 * kernel-livepatch-6_4_0-33-rt-13-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:33:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:33:56 -0000 Subject: SUSE-SU-2026:21309-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727883607.5974.9256947676443159143@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21309-1 Release Date: 2026-04-22T16:54:00Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-347=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-31-rt-15-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-15-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:07 -0000 Subject: SUSE-SU-2026:21308-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727884724.5974.6893969635692846137@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21308-1 Release Date: 2026-04-22T16:53:25Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-349=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_10-debugsource-13-1.1 * kernel-livepatch-6_4_0-34-rt-13-1.1 * kernel-livepatch-6_4_0-34-rt-debuginfo-13-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:13 -0000 Subject: SUSE-SU-2026:21307-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727885382.5974.13299149422934567686@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21307-1 Release Date: 2026-04-22T16:51:39Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-346=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-16-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-16-1.3 * kernel-livepatch-6_4_0-30-rt-16-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:19 -0000 Subject: SUSE-SU-2026:21306-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727885998.5974.10988502826262687690@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21306-1 Release Date: 2026-04-22T16:51:39Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-345=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-16-3.1 * kernel-livepatch-6_4_0-28-rt-debuginfo-16-3.1 * kernel-livepatch-6_4_0-28-rt-16-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:25 -0000 Subject: SUSE-SU-2026:21305-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727886589.5974.15696937632239253377@d4c6dfb45de4> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21305-1 Release Date: 2026-04-22T16:44:31Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-344=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-25-rt-debuginfo-18-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_5-debugsource-18-1.1 * kernel-livepatch-6_4_0-25-rt-18-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:31 -0000 Subject: SUSE-SU-2026:21304-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727887108.5974.7988412368103083366@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21304-1 Release Date: 2026-04-22T17:23:10Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-367=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_17-debugsource-2-1.1 * kernel-livepatch-6_4_0-40-default-2-1.1 * kernel-livepatch-6_4_0-40-default-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:35 -0000 Subject: SUSE-SU-2026:21303-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727887508.5974.6946704599318100185@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21303-1 Release Date: 2026-04-22T17:23:09Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-365=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_14-debugsource-4-1.2 * kernel-livepatch-6_4_0-38-default-4-1.2 * kernel-livepatch-6_4_0-38-default-debuginfo-4-1.2 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:40 -0000 Subject: SUSE-SU-2026:21302-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727888065.5974.14595568838366383449@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21302-1 Release Date: 2026-04-22T17:23:09Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-363=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-29-default-16-1.2 * kernel-livepatch-6_4_0-29-default-debuginfo-16-1.2 * kernel-livepatch-MICRO-6-0_Update_7-debugsource-16-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:43 -0000 Subject: SUSE-SU-2026:21301-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727888376.5974.12162626282059969562@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21301-1 Release Date: 2026-04-22T17:20:12Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-366=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_16-debugsource-3-1.1 * kernel-livepatch-6_4_0-39-default-3-1.1 * kernel-livepatch-6_4_0-39-default-debuginfo-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:48 -0000 Subject: SUSE-SU-2026:21300-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727888816.5974.3762466459956904949@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21300-1 Release Date: 2026-04-22T17:20:12Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-364=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-36-default-debuginfo-6-1.1 * kernel-livepatch-6_4_0-36-default-6-1.1 * kernel-livepatch-MICRO-6-0_Update_13-debugsource-6-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:52 -0000 Subject: SUSE-SU-2026:21299-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727889261.5974.14672286439096686176@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21299-1 Release Date: 2026-04-22T17:17:06Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-362=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-35-default-debuginfo-8-1.1 * kernel-livepatch-MICRO-6-0_Update_12-debugsource-8-1.1 * kernel-livepatch-6_4_0-35-default-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:34:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:34:56 -0000 Subject: SUSE-SU-2026:21298-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727889699.5974.1573239936902082719@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21298-1 Release Date: 2026-04-22T17:16:25Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-361=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_11-debugsource-8-1.1 * kernel-livepatch-6_4_0-34-default-8-1.1 * kernel-livepatch-6_4_0-34-default-debuginfo-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:01 -0000 Subject: SUSE-SU-2026:21297-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727890156.5974.16055594783524418383@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21297-1 Release Date: 2026-04-22T17:16:25Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-360=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-32-default-debuginfo-9-1.1 * kernel-livepatch-MICRO-6-0_Update_10-debugsource-9-1.1 * kernel-livepatch-6_4_0-32-default-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:05 -0000 Subject: SUSE-SU-2026:21296-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727890596.5974.744000691242853780@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21296-1 Release Date: 2026-04-22T17:14:01Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-359=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-31-default-15-1.2 * kernel-livepatch-MICRO-6-0_Update_9-debugsource-15-1.2 * kernel-livepatch-6_4_0-31-default-debuginfo-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:10 -0000 Subject: SUSE-SU-2026:21295-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727891069.5974.15488900456240190521@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21295-1 Release Date: 2026-04-22T17:14:01Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-358=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-15-1.2 * kernel-livepatch-6_4_0-30-default-debuginfo-15-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:15 -0000 Subject: SUSE-SU-2026:21294-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727891543.5974.17904322316967569290@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21294-1 Release Date: 2026-04-22T17:09:05Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-356=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_6-debugsource-17-3.1 * kernel-livepatch-6_4_0-28-default-17-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-17-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:20 -0000 Subject: SUSE-SU-2026:21293-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177727892016.5974.16390233193720999645@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21293-1 Release Date: 2026-04-22T17:00:43Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-355=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-25-default-19-1.2 * kernel-livepatch-6_4_0-25-default-debuginfo-19-1.2 * kernel-livepatch-MICRO-6-0_Update_5-debugsource-19-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:23 -0000 Subject: SUSE-SU-2026:21292-1: moderate: Security update for Mesa Message-ID: <177727892336.5974.1801630738979027000@d4c6dfb45de4> # Security update for Mesa Announcement ID: SUSE-SU-2026:21292-1 Release Date: 2026-04-23T12:57:06Z Rating: moderate References: * bsc#1261998 Cross-References: * CVE-2026-40393 CVSS scores: * CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40393 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for Mesa fixes the following issue: * CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-504=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * Mesa-23.3.4-slfo.1.1_3.1 * Mesa-libEGL1-23.3.4-slfo.1.1_3.1 * Mesa-drivers-debugsource-23.3.4-slfo.1.1_3.1 * Mesa-libGL1-debuginfo-23.3.4-slfo.1.1_3.1 * libgbm1-debuginfo-23.3.4-slfo.1.1_3.1 * Mesa-libglapi0-23.3.4-slfo.1.1_3.1 * Mesa-libGL1-23.3.4-slfo.1.1_3.1 * Mesa-dri-debuginfo-23.3.4-slfo.1.1_3.1 * Mesa-debugsource-23.3.4-slfo.1.1_3.1 * Mesa-libEGL1-debuginfo-23.3.4-slfo.1.1_3.1 * libgbm1-23.3.4-slfo.1.1_3.1 * Mesa-libglapi0-debuginfo-23.3.4-slfo.1.1_3.1 * Mesa-dri-23.3.4-slfo.1.1_3.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le x86_64) * Mesa-gallium-debuginfo-23.3.4-slfo.1.1_3.1 * Mesa-gallium-23.3.4-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40393.html * https://bugzilla.suse.com/show_bug.cgi?id=1261998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:29 -0000 Subject: SUSE-SU-2026:21291-1: important: Security update for podman Message-ID: <177727892931.5974.11803643218748654471@d4c6dfb45de4> # Security update for podman Announcement ID: SUSE-SU-2026:21291-1 Release Date: 2026-04-23T12:24:25Z Rating: important References: * bsc#1252376 * bsc#1253542 * bsc#1253993 Cross-References: * CVE-2025-31133 * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-52565 * CVE-2025-52881 CVSS scores: * CVE-2025-31133 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31133 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-31133 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-52565 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-52565 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-52565 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2025-52881 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-52881 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-52881 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376). * CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542). * CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-506=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * podmansh-5.4.2-slfo.1.1_4.1 * podman-debuginfo-5.4.2-slfo.1.1_4.1 * podman-5.4.2-slfo.1.1_4.1 * podman-remote-5.4.2-slfo.1.1_4.1 * podman-remote-debuginfo-5.4.2-slfo.1.1_4.1 * SUSE Linux Micro 6.1 (noarch) * podman-docker-5.4.2-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-31133.html * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-52565.html * https://www.suse.com/security/cve/CVE-2025-52881.html * https://bugzilla.suse.com/show_bug.cgi?id=1252376 * https://bugzilla.suse.com/show_bug.cgi?id=1253542 * https://bugzilla.suse.com/show_bug.cgi?id=1253993 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:32 -0000 Subject: SUSE-SU-2026:21290-1: important: Security update for gdk-pixbuf Message-ID: <177727893248.5974.8456300773788139045@d4c6dfb45de4> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:21290-1 Release Date: 2026-04-23T12:05:21Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: improper validation of color component counts when processing a specially crafted JPEG image can lead to a heap buffer overflow (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-505=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-slfo.1.1_3.1 * libgdk_pixbuf-2_0-0-2.42.12-slfo.1.1_3.1 * gdk-pixbuf-query-loaders-2.42.12-slfo.1.1_3.1 * gdk-pixbuf-debugsource-2.42.12-slfo.1.1_3.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-slfo.1.1_3.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:35 -0000 Subject: SUSE-SU-2026:21289-1: moderate: Security update for haproxy Message-ID: <177727893536.5974.8913840141293560561@d4c6dfb45de4> # Security update for haproxy Announcement ID: SUSE-SU-2026:21289-1 Release Date: 2026-04-22T17:41:49Z Rating: moderate References: * bsc#1262103 Cross-References: * CVE-2026-33555 CVSS scores: * CVE-2026-33555 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N * CVE-2026-33555 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-33555 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for haproxy fixes the following issue: * CVE-2026-33555: improper validation when matching a received body length to a previously announced `Content-Length` can lead to request smuggling due to HTTP/3 parser desynchronization (bsc#1262103). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-503=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * haproxy-2.8.11+git0.01c1056a4-slfo.1.1_3.1 * haproxy-debugsource-2.8.11+git0.01c1056a4-slfo.1.1_3.1 * haproxy-debuginfo-2.8.11+git0.01c1056a4-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33555.html * https://bugzilla.suse.com/show_bug.cgi?id=1262103 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:42 -0000 Subject: SUSE-SU-2026:21283-1: low: Security update for opensc Message-ID: <177727894266.5974.12100426806569420548@d4c6dfb45de4> # Security update for opensc Announcement ID: SUSE-SU-2026:21283-1 Release Date: 2026-04-22T11:13:04Z Rating: low References: * bsc#1261214 * bsc#1261218 * bsc#1261219 * bsc#1261220 Cross-References: * CVE-2025-49010 * CVE-2025-66037 * CVE-2025-66038 * CVE-2025-66215 CVSS scores: * CVE-2025-49010 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-49010 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66037 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66037 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66037 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66037 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66038 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66215 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66215 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves four vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses (bsc#1261214). * CVE-2025-66037: crafted input can cause an out-of-bounds read (bsc#1261218). * CVE-2025-66038: improper compact-TLV length validation can lead to crash or unexpected behavior (bsc#1261219). * CVE-2025-66215: crafted smart card or USB device can cause a stack-buffer- overflow write (bsc#1261220). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-501=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * opensc-0.24.0-slfo.1.1_3.1 * opensc-debuginfo-0.24.0-slfo.1.1_3.1 * opensc-debugsource-0.24.0-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49010.html * https://www.suse.com/security/cve/CVE-2025-66037.html * https://www.suse.com/security/cve/CVE-2025-66038.html * https://www.suse.com/security/cve/CVE-2025-66215.html * https://bugzilla.suse.com/show_bug.cgi?id=1261214 * https://bugzilla.suse.com/show_bug.cgi?id=1261218 * https://bugzilla.suse.com/show_bug.cgi?id=1261219 * https://bugzilla.suse.com/show_bug.cgi?id=1261220 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:35:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:35:52 -0000 Subject: SUSE-SU-2026:21285-1: important: Security update for corosync Message-ID: <177727895232.5974.1085272094673448679@d4c6dfb45de4> # Security update for corosync Announcement ID: SUSE-SU-2026:21285-1 Release Date: 2026-04-10T11:20:26Z Rating: important References: * bsc#1261299 * bsc#1261300 Cross-References: * CVE-2026-35091 * CVE-2026-35092 CVSS scores: * CVE-2026-35091 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35091 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35091 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35092 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35092 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server High Availability Extension 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for corosync fixes the following issues: * CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet (bsc#1261299). * CVE-2026-35092: Denial of Service via integer overflow in join message validation (bsc#1261300). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server High Availability Extension 16.0 zypper in -t patch SUSE-SLES-HA-16.0-521=1 ## Package List: * SUSE Linux Enterprise Server High Availability Extension 16.0 (ppc64le s390x x86_64) * corosync-devel-3.1.9-160000.3.1 * corosync-debugsource-3.1.9-160000.3.1 * corosync-libs-debuginfo-3.1.9-160000.3.1 * corosync-3.1.9-160000.3.1 * corosync-debuginfo-3.1.9-160000.3.1 * corosync-libs-3.1.9-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35091.html * https://www.suse.com/security/cve/CVE-2026-35092.html * https://bugzilla.suse.com/show_bug.cgi?id=1261299 * https://bugzilla.suse.com/show_bug.cgi?id=1261300 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:40:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:40:52 -0000 Subject: SUSE-SU-2026:21284-1: important: Security update for google-guest-agent Message-ID: <177727925260.5974.6685063043623070337@d4c6dfb45de4> # Security update for google-guest-agent Announcement ID: SUSE-SU-2026:21284-1 Release Date: 2026-04-22T11:14:23Z Rating: important References: * bsc#1234563 * bsc#1234634 * bsc#1239763 * bsc#1239866 * bsc#1243254 * bsc#1243505 * bsc#1249590 * bsc#1250748 * bsc#1251135 * bsc#1251966 * bsc#1251971 * bsc#1252008 * bsc#1252266 * bsc#1252911 * bsc#1252924 * bsc#1253129 * bsc#1253691 * bsc#1254817 * bsc#1254928 * bsc#1255129 * bsc#1255144 * bsc#1255148 * bsc#1255311 * bsc#1255490 * bsc#1255572 * bsc#1255721 * bsc#1255868 * bsc#1256640 * bsc#1256675 * bsc#1256679 * bsc#1256708 * bsc#1256732 * bsc#1256784 * bsc#1256802 * bsc#1256865 * bsc#1256867 * bsc#1257154 * bsc#1257174 * bsc#1257209 * bsc#1257222 * bsc#1257228 * bsc#1257231 * bsc#1257246 * bsc#1257332 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257551 * bsc#1257552 * bsc#1257553 * bsc#1257554 * bsc#1257556 * bsc#1257557 * bsc#1257559 * bsc#1257560 * bsc#1257561 * bsc#1257562 * bsc#1257565 * bsc#1257570 * bsc#1257572 * bsc#1257573 * bsc#1257576 * bsc#1257579 * bsc#1257580 * bsc#1257581 * bsc#1257586 * bsc#1257600 * bsc#1257631 * bsc#1257635 * bsc#1257679 * bsc#1257682 * bsc#1257686 * bsc#1257687 * bsc#1257688 * bsc#1257704 * bsc#1257705 * bsc#1257706 * bsc#1257707 * bsc#1257709 * bsc#1257714 * bsc#1257715 * bsc#1257716 * bsc#1257718 * bsc#1257722 * bsc#1257723 * bsc#1257726 * bsc#1257729 * bsc#1257730 * bsc#1257732 * bsc#1257734 * bsc#1257735 * bsc#1257737 * bsc#1257739 * bsc#1257740 * bsc#1257741 * bsc#1257742 * bsc#1257743 * bsc#1257745 * bsc#1257749 * bsc#1257750 * bsc#1257755 * bsc#1257757 * bsc#1257758 * bsc#1257759 * bsc#1257761 * bsc#1257762 * bsc#1257763 * bsc#1257765 * bsc#1257768 * bsc#1257770 * bsc#1257772 * bsc#1257775 * bsc#1257776 * bsc#1257788 * bsc#1257789 * bsc#1257790 * bsc#1257805 * bsc#1257808 * bsc#1257809 * bsc#1257811 * bsc#1257813 * bsc#1257814 * bsc#1257815 * bsc#1257816 * bsc#1257817 * bsc#1257818 * bsc#1257830 * bsc#1257942 * bsc#1257952 * bsc#1258153 * bsc#1258181 * bsc#1258184 * bsc#1258222 * bsc#1258232 * bsc#1258234 * bsc#1258237 * bsc#1258245 * bsc#1258249 * bsc#1258252 * bsc#1258256 * bsc#1258258 * bsc#1258259 * bsc#1258272 * bsc#1258273 * bsc#1258276 * bsc#1258277 * bsc#1258279 * bsc#1258286 * bsc#1258289 * bsc#1258290 * bsc#1258297 * bsc#1258298 * bsc#1258299 * bsc#1258303 * bsc#1258304 * bsc#1258308 * bsc#1258309 * bsc#1258313 * bsc#1258317 * bsc#1258321 * bsc#1258323 * bsc#1258324 * bsc#1258326 * bsc#1258331 * bsc#1258338 * bsc#1258349 * bsc#1258354 * bsc#1258355 * bsc#1258358 * bsc#1258374 * bsc#1258376 * bsc#1258377 * bsc#1258379 * bsc#1258389 * bsc#1258394 * bsc#1258395 * bsc#1258397 * bsc#1258411 * bsc#1258415 * bsc#1258419 * bsc#1258421 * bsc#1258422 * bsc#1258424 * bsc#1258429 * bsc#1258430 * bsc#1258442 * bsc#1258455 * bsc#1258461 * bsc#1258464 * bsc#1258465 * bsc#1258468 * bsc#1258469 * bsc#1258483 * bsc#1258484 * bsc#1258489 * bsc#1258517 * bsc#1258518 * bsc#1258519 * bsc#1258520 * bsc#1258524 * bsc#1258544 * bsc#1258660 * bsc#1258672 * bsc#1258824 * bsc#1259329 * jsc#PED-11563 * jsc#PED-14156 Cross-References: * CVE-2024-45337 * CVE-2025-39753 * CVE-2025-39964 * CVE-2025-40099 * CVE-2025-40103 * CVE-2025-40230 * CVE-2025-68173 * CVE-2025-68186 * CVE-2025-68292 * CVE-2025-68295 * CVE-2025-68329 * CVE-2025-68371 * CVE-2025-68745 * CVE-2025-68785 * CVE-2025-68810 * CVE-2025-68818 * CVE-2025-71071 * CVE-2025-71104 * CVE-2025-71125 * CVE-2025-71134 * CVE-2025-71161 * CVE-2025-71182 * CVE-2025-71183 * CVE-2025-71184 * CVE-2025-71185 * CVE-2025-71186 * CVE-2025-71188 * CVE-2025-71189 * CVE-2025-71190 * CVE-2025-71191 * CVE-2025-71192 * CVE-2025-71193 * CVE-2025-71194 * CVE-2025-71195 * CVE-2025-71196 * CVE-2025-71197 * CVE-2025-71198 * CVE-2025-71199 * CVE-2025-71200 * CVE-2025-71222 * CVE-2025-71224 * CVE-2025-71225 * CVE-2025-71229 * CVE-2025-71231 * CVE-2025-71232 * CVE-2025-71233 * CVE-2025-71234 * CVE-2025-71235 * CVE-2025-71236 * CVE-2026-22979 * CVE-2026-22980 * CVE-2026-22998 * CVE-2026-23003 * CVE-2026-23004 * CVE-2026-23010 * CVE-2026-23017 * CVE-2026-23018 * CVE-2026-23021 * CVE-2026-23022 * CVE-2026-23023 * CVE-2026-23024 * CVE-2026-23026 * CVE-2026-23030 * CVE-2026-23031 * CVE-2026-23033 * CVE-2026-23035 * CVE-2026-23037 * CVE-2026-23038 * CVE-2026-23042 * CVE-2026-23047 * CVE-2026-23049 * CVE-2026-23050 * CVE-2026-23053 * CVE-2026-23054 * CVE-2026-23055 * CVE-2026-23056 * CVE-2026-23057 * CVE-2026-23058 * CVE-2026-23059 * CVE-2026-23060 * CVE-2026-23061 * CVE-2026-23062 * CVE-2026-23063 * CVE-2026-23064 * CVE-2026-23065 * CVE-2026-23066 * CVE-2026-23068 * CVE-2026-23069 * CVE-2026-23070 * CVE-2026-23071 * CVE-2026-23073 * CVE-2026-23074 * CVE-2026-23076 * CVE-2026-23078 * CVE-2026-23080 * CVE-2026-23082 * CVE-2026-23083 * CVE-2026-23084 * CVE-2026-23085 * CVE-2026-23086 * CVE-2026-23088 * CVE-2026-23089 * CVE-2026-23090 * CVE-2026-23091 * CVE-2026-23094 * CVE-2026-23095 * CVE-2026-23096 * CVE-2026-23097 * CVE-2026-23099 * CVE-2026-23100 * CVE-2026-23101 * CVE-2026-23102 * CVE-2026-23104 * CVE-2026-23105 * CVE-2026-23107 * CVE-2026-23108 * CVE-2026-23110 * CVE-2026-23111 * CVE-2026-23112 * CVE-2026-23116 * CVE-2026-23119 * CVE-2026-23121 * CVE-2026-23123 * CVE-2026-23128 * CVE-2026-23129 * CVE-2026-23131 * CVE-2026-23133 * CVE-2026-23135 * CVE-2026-23136 * CVE-2026-23137 * CVE-2026-23139 * CVE-2026-23141 * CVE-2026-23142 * CVE-2026-23144 * CVE-2026-23145 * CVE-2026-23146 * CVE-2026-23148 * CVE-2026-23150 * CVE-2026-23151 * CVE-2026-23152 * CVE-2026-23154 * CVE-2026-23155 * CVE-2026-23156 * CVE-2026-23157 * CVE-2026-23158 * CVE-2026-23161 * CVE-2026-23163 * CVE-2026-23166 * CVE-2026-23167 * CVE-2026-23169 * CVE-2026-23170 * CVE-2026-23171 * CVE-2026-23172 * CVE-2026-23173 * CVE-2026-23176 * CVE-2026-23177 * CVE-2026-23178 * CVE-2026-23179 * CVE-2026-23182 * CVE-2026-23188 * CVE-2026-23189 * CVE-2026-23190 * CVE-2026-23191 * CVE-2026-23198 * CVE-2026-23202 * CVE-2026-23207 * CVE-2026-23208 * CVE-2026-23209 * CVE-2026-23210 * CVE-2026-23213 * CVE-2026-23214 * CVE-2026-23221 * CVE-2026-23222 * CVE-2026-23223 * CVE-2026-23224 * CVE-2026-23229 * CVE-2026-23230 CVSS scores: * CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-39753 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39964 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39964 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-39964 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40099 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40099 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-40103 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40103 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40230 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68173 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68173 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68186 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68186 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68292 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68295 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68329 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68329 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68371 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68745 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68745 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68785 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68785 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2025-68810 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71071 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-71071 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71104 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-71104 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-71104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71134 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71134 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71161 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71182 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71182 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71184 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71186 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71186 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71186 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71188 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71189 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71189 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71189 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71190 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71190 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71190 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71191 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71191 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71191 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71192 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-71192 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-71193 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71193 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71194 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71195 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71195 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71196 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71196 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71197 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-71198 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71198 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71199 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71199 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71200 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71200 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71222 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71222 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71222 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71224 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71224 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71225 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71225 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-71225 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-71229 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71229 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71229 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71232 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71232 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71233 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71233 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71233 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71234 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71234 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71234 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71235 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71235 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71235 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71236 ( SUSE ): 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71236 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71236 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22979 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22979 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22980 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22980 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22998 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23003 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23003 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23010 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23010 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23017 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23017 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23018 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23018 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23021 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23021 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23022 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23023 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23023 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23023 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23024 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23024 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23026 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23026 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23026 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23031 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23033 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23033 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23035 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23035 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23037 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23037 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23038 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23038 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23042 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23042 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23049 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23049 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23050 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23050 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23053 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23053 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23055 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23056 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23056 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23057 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23057 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23058 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23058 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23059 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23059 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23060 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23060 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23060 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23061 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23061 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23062 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23062 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23062 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23063 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23063 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23063 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23064 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23064 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23065 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23065 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23065 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23066 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23066 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23066 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23068 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23068 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23070 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23070 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23071 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23071 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23073 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23073 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23076 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23076 ( SUSE ): 5.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23076 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23078 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23078 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23078 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23080 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23080 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23082 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23083 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23083 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23083 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23084 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23085 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23086 ( SUSE ): 6.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H * CVE-2026-23086 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23086 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23089 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23089 ( SUSE ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23090 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23090 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23090 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23091 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23091 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23091 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23094 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23094 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23094 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23095 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23095 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23095 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23096 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23097 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23097 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23097 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23099 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23099 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23099 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23100 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23100 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23100 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23101 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23101 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23101 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23102 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23102 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23102 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23104 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23104 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23105 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23105 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23105 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23105 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23107 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23107 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23108 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23108 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23108 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23110 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23110 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23110 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23112 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23112 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23112 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23112 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23116 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23116 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23119 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23119 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23121 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23121 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23121 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23123 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23123 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23123 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23128 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23128 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23128 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23129 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23131 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23131 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23131 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23133 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23133 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23135 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23135 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23135 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23137 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23137 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23137 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23139 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23139 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23139 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23139 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23141 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23141 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23141 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23142 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23142 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23142 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23144 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23144 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23145 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23145 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23145 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23146 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23146 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23148 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23148 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23148 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23150 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23150 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23150 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23151 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23151 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23152 ( SUSE ): 5.9 CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23152 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23152 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23155 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23155 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23156 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-23156 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2026-23156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23158 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23158 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23158 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23161 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23161 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23161 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23161 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H * CVE-2026-23163 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23163 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23166 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23167 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23167 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23167 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23170 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23170 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23170 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23171 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23171 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23172 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23172 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23172 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23173 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23173 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23173 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23176 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23176 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23177 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23177 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23178 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23178 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23179 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23179 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23182 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23182 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23188 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23189 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23189 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23189 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23190 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23190 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23190 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23198 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23198 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23198 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23208 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23210 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23210 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23210 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23213 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23213 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23213 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23214 ( SUSE ): 5.1 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23214 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23214 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23221 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23221 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23222 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-23222 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2026-23222 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23222 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23223 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-23223 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2026-23223 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23224 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23224 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23224 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23224 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23229 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23229 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23229 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23230 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23230 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23230 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23230 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server High Availability Extension 16.0 * SUSE Linux Micro 6.1 An update that solves 177 vulnerabilities, contains two features and has 28 fixes can now be installed. ## Security update for google-guest-agent ### Description: This update for google-guest-agent fixes the following issues: Update to version 20250506.01 (bsc#1243254, bsc#1243505). Security issues fixed: * CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to authorization bypass in applications (bsc#1234563). Other updates and bugfixes: * Version 20250506.01: * Make sure agent added connections are activated by NM (#534) * Version 20250506.00: * Wrap NSS cache refresh in a goroutine (#533) * Version 20250502.01: * Wicked: Only reload interfaces for which configurations are written or changed. (#524) * Version 20250502.00: * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Version 20250418.00: * Re-enable disabled services if the core plugin was enabled (#521) * Version 20250414.00: * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Version 20250327.01 (bsc#1239763, bsc#1239866): * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Version 20250327.00: * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Version 20250326.00: * Re-enable disabled services if the core plugin was enabled (#521) * Version 20250324.00: * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250317.00: * Revert "Revert bundling new binaries in the package (#509)" (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250312.00: * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250305.00: * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250304.01: * Fix typo in windows build script (#501) * Version 20250214.01: * Include core plugin binary for all packages (#500) * Version 20250212.00: * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * Version 20250211.00: * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250207.00: * vlan: toggle vlan configuration in debian packaging (#495) * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Include interfaces in lists even if it has an invalid MAC. (#489) * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) * Version 20250204.02: * force concourse to move version forward. * Version 20250204.01: * vlan: toggle vlan configuration in debian packaging (#495) * Version 20250204.00: * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Version 20250203.01: * Include interfaces in lists even if it has an invalid MAC. (#489) * Version 20250203.00: * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) * Version 20250122.00: * networkd(vlan): remove the interface in addition to config (#468) * Implement support for vlan dynamic removal, update dhclient to remove only if configured (#465) * Update logging library (#479) * Remove Pat from owners file. (#478) ## Security update for the Linux Kernel ### Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues. The following security issues were fixed: * CVE-2025-39753: gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590). * CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966). * CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911). * CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924). * CVE-2025-40230: mm: prevent poison consumption when splitting THP (bsc#1254817). * CVE-2025-68173: ftrace: Fix softlockup in ftrace_module_enable (bsc#1255311). * CVE-2025-68186: ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (bsc#1255144). * CVE-2025-68292: mm/memfd: fix information leak in hugetlb folios (bsc#1255148). * CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129). * CVE-2025-68329: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (bsc#1255490). * CVE-2025-68371: scsi: smartpqi: Fix device resources accessed after device removal (bsc#1255572). * CVE-2025-68745: scsi: qla2xxx: Clear cmds after chip reset (bsc#1255721). * CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640). * CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679). * CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802). * CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71134: mm/page_alloc: change all pageblocks migrate type on coalescing (bsc#1256732). * CVE-2025-71161: dm-verity: disable recursive forward error correction (bsc#1257174). * CVE-2025-71184: btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635). * CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686). * CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411). * CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228). * CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209). * CVE-2026-23003: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1257246). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). * CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332). * CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552). * CVE-2026-23022: idpf: fix memory leak in idpf_vc_core_deinit() (bsc#1257581). * CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556). * CVE-2026-23024: idpf: fix memory leak of flow steer list on rmmod (bsc#1257572). * CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559). * CVE-2026-23042: idpf: fix aux device unplugging when rdma is not supported by vport (bsc#1257705). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718). * CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740). * CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765). * CVE-2026-23066: rxrpc: Fix recvmsg() unconditional requeue (bsc#1257726). * CVE-2026-23068: spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). * CVE-2026-23083: tools: ynl-gen: use big-endian netlink attribute types (bsc#1257745). * CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830). * CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758). * CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808). * CVE-2026-23097: migrate: correct lock ordering for hugetlb file folios (bsc#1257815). * CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816). * CVE-2026-23100: mm/hugetlb: fix hugetlb_pmd_shared() (bsc#1257817). * CVE-2026-23102: arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772). * CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763). * CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775). * CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762). * CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181). * CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184). * CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277). * CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304). * CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377). * CVE-2026-23142: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (bsc#1258289). * CVE-2026-23144: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (bsc#1258290). * CVE-2026-23148: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (bsc#1258258). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23161: mm/shmem, swap: fix race of truncate and swap entry split (bsc#1258355). * CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23171: bonding: fix use-after-free due to enslave fail after slave array update (bsc#1258349). * CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520). * CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394). * CVE-2026-23189: ceph: fix NULL pointer dereference in ceph_mds_auth_match() (bsc#1258308). * CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321). * CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). * CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517). * CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464). * CVE-2026-23223: xfs: fix UAF in xchk_btree_check_block_owner (bsc#1258483). * CVE-2026-23224: erofs: fix UAF issue for file-backed mounts w/ directio option (bsc#1258461). The following non security issues were fixed: * ALSA: usb-audio: Update the number of packets properly at receiving (stable- fixes). * ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). * ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git- fixes). * Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). * HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). * HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). * PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). * PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) * PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) * PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). * Refresh and move upstreamed ath12k patch into sorted section * Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) * add bugnumber to existing mana change (bsc#1252266). * arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) * bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git- fixes). * clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). * clocksource: Print durations for sync check unconditionally (bsc#1257818). * clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). * clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). * dm: Fix deadlock when reloading a multipath table (bsc#1254928). * drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). * ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). * gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). * i3c: master: Update hot-join flag only on success (git-fixes). * ktls, sockmap: Fix missing uncharge operation (bsc#1252008). * media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). * modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * platform/x86/amd: amd_3d_vcache: Add AMD 3D V-Cache optimizer driver (jsc#PED-11563). * sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634). * sched/deadline: Fix race in push_dl_task() (bsc#1234634). * sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634). * sched/fair: Fix pelt clock sync when entering idle (bsc#1234634). * sched/fair: Fix pelt lost idle time detection (bsc#1234634). * staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). * wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server High Availability Extension 16.0 zypper in -t patch SUSE-SLES-HA-16.0-435=1 * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-502=1 ## Package List: * SUSE Linux Enterprise Server High Availability Extension 16.0 (ppc64le s390x x86_64) * kernel-default-debuginfo-6.12.0-160000.27.1 * kernel-default-debugsource-6.12.0-160000.27.1 * cluster-md-kmp-default-debuginfo-6.12.0-160000.27.1 * dlm-kmp-default-6.12.0-160000.27.1 * gfs2-kmp-default-6.12.0-160000.27.1 * dlm-kmp-default-debuginfo-6.12.0-160000.27.1 * gfs2-kmp-default-debuginfo-6.12.0-160000.27.1 * cluster-md-kmp-default-6.12.0-160000.27.1 * SUSE Linux Enterprise Server High Availability Extension 16.0 (nosrc) * kernel-default-6.12.0-160000.27.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * google-guest-agent-20250506.01-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45337.html * https://www.suse.com/security/cve/CVE-2025-39753.html * https://www.suse.com/security/cve/CVE-2025-39964.html * https://www.suse.com/security/cve/CVE-2025-40099.html * https://www.suse.com/security/cve/CVE-2025-40103.html * https://www.suse.com/security/cve/CVE-2025-40230.html * https://www.suse.com/security/cve/CVE-2025-68173.html * https://www.suse.com/security/cve/CVE-2025-68186.html * https://www.suse.com/security/cve/CVE-2025-68292.html * https://www.suse.com/security/cve/CVE-2025-68295.html * https://www.suse.com/security/cve/CVE-2025-68329.html * https://www.suse.com/security/cve/CVE-2025-68371.html * https://www.suse.com/security/cve/CVE-2025-68745.html * https://www.suse.com/security/cve/CVE-2025-68785.html * https://www.suse.com/security/cve/CVE-2025-68810.html * https://www.suse.com/security/cve/CVE-2025-68818.html * https://www.suse.com/security/cve/CVE-2025-71071.html * https://www.suse.com/security/cve/CVE-2025-71104.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71134.html * https://www.suse.com/security/cve/CVE-2025-71161.html * https://www.suse.com/security/cve/CVE-2025-71182.html * https://www.suse.com/security/cve/CVE-2025-71183.html * https://www.suse.com/security/cve/CVE-2025-71184.html * https://www.suse.com/security/cve/CVE-2025-71185.html * https://www.suse.com/security/cve/CVE-2025-71186.html * https://www.suse.com/security/cve/CVE-2025-71188.html * https://www.suse.com/security/cve/CVE-2025-71189.html * https://www.suse.com/security/cve/CVE-2025-71190.html * https://www.suse.com/security/cve/CVE-2025-71191.html * https://www.suse.com/security/cve/CVE-2025-71192.html * https://www.suse.com/security/cve/CVE-2025-71193.html * https://www.suse.com/security/cve/CVE-2025-71194.html * https://www.suse.com/security/cve/CVE-2025-71195.html * https://www.suse.com/security/cve/CVE-2025-71196.html * https://www.suse.com/security/cve/CVE-2025-71197.html * https://www.suse.com/security/cve/CVE-2025-71198.html * https://www.suse.com/security/cve/CVE-2025-71199.html * https://www.suse.com/security/cve/CVE-2025-71200.html * https://www.suse.com/security/cve/CVE-2025-71222.html * https://www.suse.com/security/cve/CVE-2025-71224.html * https://www.suse.com/security/cve/CVE-2025-71225.html * https://www.suse.com/security/cve/CVE-2025-71229.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71232.html * https://www.suse.com/security/cve/CVE-2025-71233.html * https://www.suse.com/security/cve/CVE-2025-71234.html * https://www.suse.com/security/cve/CVE-2025-71235.html * https://www.suse.com/security/cve/CVE-2025-71236.html * https://www.suse.com/security/cve/CVE-2026-22979.html * https://www.suse.com/security/cve/CVE-2026-22980.html * https://www.suse.com/security/cve/CVE-2026-22998.html * https://www.suse.com/security/cve/CVE-2026-23003.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23010.html * https://www.suse.com/security/cve/CVE-2026-23017.html * https://www.suse.com/security/cve/CVE-2026-23018.html * https://www.suse.com/security/cve/CVE-2026-23021.html * https://www.suse.com/security/cve/CVE-2026-23022.html * https://www.suse.com/security/cve/CVE-2026-23023.html * https://www.suse.com/security/cve/CVE-2026-23024.html * https://www.suse.com/security/cve/CVE-2026-23026.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23031.html * https://www.suse.com/security/cve/CVE-2026-23033.html * https://www.suse.com/security/cve/CVE-2026-23035.html * https://www.suse.com/security/cve/CVE-2026-23037.html * https://www.suse.com/security/cve/CVE-2026-23038.html * https://www.suse.com/security/cve/CVE-2026-23042.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23049.html * https://www.suse.com/security/cve/CVE-2026-23050.html * https://www.suse.com/security/cve/CVE-2026-23053.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23055.html * https://www.suse.com/security/cve/CVE-2026-23056.html * https://www.suse.com/security/cve/CVE-2026-23057.html * https://www.suse.com/security/cve/CVE-2026-23058.html * https://www.suse.com/security/cve/CVE-2026-23059.html * https://www.suse.com/security/cve/CVE-2026-23060.html * https://www.suse.com/security/cve/CVE-2026-23061.html * https://www.suse.com/security/cve/CVE-2026-23062.html * https://www.suse.com/security/cve/CVE-2026-23063.html * https://www.suse.com/security/cve/CVE-2026-23064.html * https://www.suse.com/security/cve/CVE-2026-23065.html * https://www.suse.com/security/cve/CVE-2026-23066.html * https://www.suse.com/security/cve/CVE-2026-23068.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23070.html * https://www.suse.com/security/cve/CVE-2026-23071.html * https://www.suse.com/security/cve/CVE-2026-23073.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23076.html * https://www.suse.com/security/cve/CVE-2026-23078.html * https://www.suse.com/security/cve/CVE-2026-23080.html * https://www.suse.com/security/cve/CVE-2026-23082.html * https://www.suse.com/security/cve/CVE-2026-23083.html * https://www.suse.com/security/cve/CVE-2026-23084.html * https://www.suse.com/security/cve/CVE-2026-23085.html * https://www.suse.com/security/cve/CVE-2026-23086.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23089.html * https://www.suse.com/security/cve/CVE-2026-23090.html * https://www.suse.com/security/cve/CVE-2026-23091.html * https://www.suse.com/security/cve/CVE-2026-23094.html * https://www.suse.com/security/cve/CVE-2026-23095.html * https://www.suse.com/security/cve/CVE-2026-23096.html * https://www.suse.com/security/cve/CVE-2026-23097.html * https://www.suse.com/security/cve/CVE-2026-23099.html * https://www.suse.com/security/cve/CVE-2026-23100.html * https://www.suse.com/security/cve/CVE-2026-23101.html * https://www.suse.com/security/cve/CVE-2026-23102.html * https://www.suse.com/security/cve/CVE-2026-23104.html * https://www.suse.com/security/cve/CVE-2026-23105.html * https://www.suse.com/security/cve/CVE-2026-23107.html * https://www.suse.com/security/cve/CVE-2026-23108.html * https://www.suse.com/security/cve/CVE-2026-23110.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23112.html * https://www.suse.com/security/cve/CVE-2026-23116.html * https://www.suse.com/security/cve/CVE-2026-23119.html * https://www.suse.com/security/cve/CVE-2026-23121.html * https://www.suse.com/security/cve/CVE-2026-23123.html * https://www.suse.com/security/cve/CVE-2026-23128.html * https://www.suse.com/security/cve/CVE-2026-23129.html * https://www.suse.com/security/cve/CVE-2026-23131.html * https://www.suse.com/security/cve/CVE-2026-23133.html * https://www.suse.com/security/cve/CVE-2026-23135.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23137.html * https://www.suse.com/security/cve/CVE-2026-23139.html * https://www.suse.com/security/cve/CVE-2026-23141.html * https://www.suse.com/security/cve/CVE-2026-23142.html * https://www.suse.com/security/cve/CVE-2026-23144.html * https://www.suse.com/security/cve/CVE-2026-23145.html * https://www.suse.com/security/cve/CVE-2026-23146.html * https://www.suse.com/security/cve/CVE-2026-23148.html * https://www.suse.com/security/cve/CVE-2026-23150.html * https://www.suse.com/security/cve/CVE-2026-23151.html * https://www.suse.com/security/cve/CVE-2026-23152.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23155.html * https://www.suse.com/security/cve/CVE-2026-23156.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23158.html * https://www.suse.com/security/cve/CVE-2026-23161.html * https://www.suse.com/security/cve/CVE-2026-23163.html * https://www.suse.com/security/cve/CVE-2026-23166.html * https://www.suse.com/security/cve/CVE-2026-23167.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23170.html * https://www.suse.com/security/cve/CVE-2026-23171.html * https://www.suse.com/security/cve/CVE-2026-23172.html * https://www.suse.com/security/cve/CVE-2026-23173.html * https://www.suse.com/security/cve/CVE-2026-23176.html * https://www.suse.com/security/cve/CVE-2026-23177.html * https://www.suse.com/security/cve/CVE-2026-23178.html * https://www.suse.com/security/cve/CVE-2026-23179.html * https://www.suse.com/security/cve/CVE-2026-23182.html * https://www.suse.com/security/cve/CVE-2026-23188.html * https://www.suse.com/security/cve/CVE-2026-23189.html * https://www.suse.com/security/cve/CVE-2026-23190.html * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23198.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23208.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://www.suse.com/security/cve/CVE-2026-23210.html * https://www.suse.com/security/cve/CVE-2026-23213.html * https://www.suse.com/security/cve/CVE-2026-23214.html * https://www.suse.com/security/cve/CVE-2026-23221.html * https://www.suse.com/security/cve/CVE-2026-23222.html * https://www.suse.com/security/cve/CVE-2026-23223.html * https://www.suse.com/security/cve/CVE-2026-23224.html * https://www.suse.com/security/cve/CVE-2026-23229.html * https://www.suse.com/security/cve/CVE-2026-23230.html * https://bugzilla.suse.com/show_bug.cgi?id=1234563 * https://bugzilla.suse.com/show_bug.cgi?id=1234634 * https://bugzilla.suse.com/show_bug.cgi?id=1239763 * https://bugzilla.suse.com/show_bug.cgi?id=1239866 * https://bugzilla.suse.com/show_bug.cgi?id=1243254 * https://bugzilla.suse.com/show_bug.cgi?id=1243505 * https://bugzilla.suse.com/show_bug.cgi?id=1249590 * https://bugzilla.suse.com/show_bug.cgi?id=1250748 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251966 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252008 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1252911 * https://bugzilla.suse.com/show_bug.cgi?id=1252924 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1253691 * https://bugzilla.suse.com/show_bug.cgi?id=1254817 * https://bugzilla.suse.com/show_bug.cgi?id=1254928 * https://bugzilla.suse.com/show_bug.cgi?id=1255129 * https://bugzilla.suse.com/show_bug.cgi?id=1255144 * https://bugzilla.suse.com/show_bug.cgi?id=1255148 * https://bugzilla.suse.com/show_bug.cgi?id=1255311 * https://bugzilla.suse.com/show_bug.cgi?id=1255490 * https://bugzilla.suse.com/show_bug.cgi?id=1255572 * https://bugzilla.suse.com/show_bug.cgi?id=1255721 * https://bugzilla.suse.com/show_bug.cgi?id=1255868 * https://bugzilla.suse.com/show_bug.cgi?id=1256640 * https://bugzilla.suse.com/show_bug.cgi?id=1256675 * https://bugzilla.suse.com/show_bug.cgi?id=1256679 * https://bugzilla.suse.com/show_bug.cgi?id=1256708 * https://bugzilla.suse.com/show_bug.cgi?id=1256732 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1256802 * https://bugzilla.suse.com/show_bug.cgi?id=1256865 * https://bugzilla.suse.com/show_bug.cgi?id=1256867 * https://bugzilla.suse.com/show_bug.cgi?id=1257154 * https://bugzilla.suse.com/show_bug.cgi?id=1257174 * https://bugzilla.suse.com/show_bug.cgi?id=1257209 * https://bugzilla.suse.com/show_bug.cgi?id=1257222 * https://bugzilla.suse.com/show_bug.cgi?id=1257228 * https://bugzilla.suse.com/show_bug.cgi?id=1257231 * https://bugzilla.suse.com/show_bug.cgi?id=1257246 * https://bugzilla.suse.com/show_bug.cgi?id=1257332 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257551 * https://bugzilla.suse.com/show_bug.cgi?id=1257552 * https://bugzilla.suse.com/show_bug.cgi?id=1257553 * https://bugzilla.suse.com/show_bug.cgi?id=1257554 * https://bugzilla.suse.com/show_bug.cgi?id=1257556 * https://bugzilla.suse.com/show_bug.cgi?id=1257557 * https://bugzilla.suse.com/show_bug.cgi?id=1257559 * https://bugzilla.suse.com/show_bug.cgi?id=1257560 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257562 * https://bugzilla.suse.com/show_bug.cgi?id=1257565 * https://bugzilla.suse.com/show_bug.cgi?id=1257570 * https://bugzilla.suse.com/show_bug.cgi?id=1257572 * https://bugzilla.suse.com/show_bug.cgi?id=1257573 * https://bugzilla.suse.com/show_bug.cgi?id=1257576 * https://bugzilla.suse.com/show_bug.cgi?id=1257579 * https://bugzilla.suse.com/show_bug.cgi?id=1257580 * https://bugzilla.suse.com/show_bug.cgi?id=1257581 * https://bugzilla.suse.com/show_bug.cgi?id=1257586 * https://bugzilla.suse.com/show_bug.cgi?id=1257600 * https://bugzilla.suse.com/show_bug.cgi?id=1257631 * https://bugzilla.suse.com/show_bug.cgi?id=1257635 * https://bugzilla.suse.com/show_bug.cgi?id=1257679 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257686 * https://bugzilla.suse.com/show_bug.cgi?id=1257687 * https://bugzilla.suse.com/show_bug.cgi?id=1257688 * https://bugzilla.suse.com/show_bug.cgi?id=1257704 * https://bugzilla.suse.com/show_bug.cgi?id=1257705 * https://bugzilla.suse.com/show_bug.cgi?id=1257706 * https://bugzilla.suse.com/show_bug.cgi?id=1257707 * https://bugzilla.suse.com/show_bug.cgi?id=1257709 * https://bugzilla.suse.com/show_bug.cgi?id=1257714 * https://bugzilla.suse.com/show_bug.cgi?id=1257715 * https://bugzilla.suse.com/show_bug.cgi?id=1257716 * https://bugzilla.suse.com/show_bug.cgi?id=1257718 * https://bugzilla.suse.com/show_bug.cgi?id=1257722 * https://bugzilla.suse.com/show_bug.cgi?id=1257723 * https://bugzilla.suse.com/show_bug.cgi?id=1257726 * https://bugzilla.suse.com/show_bug.cgi?id=1257729 * https://bugzilla.suse.com/show_bug.cgi?id=1257730 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257734 * https://bugzilla.suse.com/show_bug.cgi?id=1257735 * https://bugzilla.suse.com/show_bug.cgi?id=1257737 * https://bugzilla.suse.com/show_bug.cgi?id=1257739 * https://bugzilla.suse.com/show_bug.cgi?id=1257740 * https://bugzilla.suse.com/show_bug.cgi?id=1257741 * https://bugzilla.suse.com/show_bug.cgi?id=1257742 * https://bugzilla.suse.com/show_bug.cgi?id=1257743 * https://bugzilla.suse.com/show_bug.cgi?id=1257745 * https://bugzilla.suse.com/show_bug.cgi?id=1257749 * https://bugzilla.suse.com/show_bug.cgi?id=1257750 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257757 * https://bugzilla.suse.com/show_bug.cgi?id=1257758 * https://bugzilla.suse.com/show_bug.cgi?id=1257759 * https://bugzilla.suse.com/show_bug.cgi?id=1257761 * https://bugzilla.suse.com/show_bug.cgi?id=1257762 * https://bugzilla.suse.com/show_bug.cgi?id=1257763 * https://bugzilla.suse.com/show_bug.cgi?id=1257765 * https://bugzilla.suse.com/show_bug.cgi?id=1257768 * https://bugzilla.suse.com/show_bug.cgi?id=1257770 * https://bugzilla.suse.com/show_bug.cgi?id=1257772 * https://bugzilla.suse.com/show_bug.cgi?id=1257775 * https://bugzilla.suse.com/show_bug.cgi?id=1257776 * https://bugzilla.suse.com/show_bug.cgi?id=1257788 * https://bugzilla.suse.com/show_bug.cgi?id=1257789 * https://bugzilla.suse.com/show_bug.cgi?id=1257790 * https://bugzilla.suse.com/show_bug.cgi?id=1257805 * https://bugzilla.suse.com/show_bug.cgi?id=1257808 * https://bugzilla.suse.com/show_bug.cgi?id=1257809 * https://bugzilla.suse.com/show_bug.cgi?id=1257811 * https://bugzilla.suse.com/show_bug.cgi?id=1257813 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257815 * https://bugzilla.suse.com/show_bug.cgi?id=1257816 * https://bugzilla.suse.com/show_bug.cgi?id=1257817 * https://bugzilla.suse.com/show_bug.cgi?id=1257818 * https://bugzilla.suse.com/show_bug.cgi?id=1257830 * https://bugzilla.suse.com/show_bug.cgi?id=1257942 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258153 * https://bugzilla.suse.com/show_bug.cgi?id=1258181 * https://bugzilla.suse.com/show_bug.cgi?id=1258184 * https://bugzilla.suse.com/show_bug.cgi?id=1258222 * https://bugzilla.suse.com/show_bug.cgi?id=1258232 * https://bugzilla.suse.com/show_bug.cgi?id=1258234 * https://bugzilla.suse.com/show_bug.cgi?id=1258237 * https://bugzilla.suse.com/show_bug.cgi?id=1258245 * https://bugzilla.suse.com/show_bug.cgi?id=1258249 * https://bugzilla.suse.com/show_bug.cgi?id=1258252 * https://bugzilla.suse.com/show_bug.cgi?id=1258256 * https://bugzilla.suse.com/show_bug.cgi?id=1258258 * https://bugzilla.suse.com/show_bug.cgi?id=1258259 * https://bugzilla.suse.com/show_bug.cgi?id=1258272 * https://bugzilla.suse.com/show_bug.cgi?id=1258273 * https://bugzilla.suse.com/show_bug.cgi?id=1258276 * https://bugzilla.suse.com/show_bug.cgi?id=1258277 * https://bugzilla.suse.com/show_bug.cgi?id=1258279 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258289 * https://bugzilla.suse.com/show_bug.cgi?id=1258290 * https://bugzilla.suse.com/show_bug.cgi?id=1258297 * https://bugzilla.suse.com/show_bug.cgi?id=1258298 * https://bugzilla.suse.com/show_bug.cgi?id=1258299 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258304 * https://bugzilla.suse.com/show_bug.cgi?id=1258308 * https://bugzilla.suse.com/show_bug.cgi?id=1258309 * https://bugzilla.suse.com/show_bug.cgi?id=1258313 * https://bugzilla.suse.com/show_bug.cgi?id=1258317 * https://bugzilla.suse.com/show_bug.cgi?id=1258321 * https://bugzilla.suse.com/show_bug.cgi?id=1258323 * https://bugzilla.suse.com/show_bug.cgi?id=1258324 * https://bugzilla.suse.com/show_bug.cgi?id=1258326 * https://bugzilla.suse.com/show_bug.cgi?id=1258331 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258349 * https://bugzilla.suse.com/show_bug.cgi?id=1258354 * https://bugzilla.suse.com/show_bug.cgi?id=1258355 * https://bugzilla.suse.com/show_bug.cgi?id=1258358 * https://bugzilla.suse.com/show_bug.cgi?id=1258374 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258377 * https://bugzilla.suse.com/show_bug.cgi?id=1258379 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258394 * https://bugzilla.suse.com/show_bug.cgi?id=1258395 * https://bugzilla.suse.com/show_bug.cgi?id=1258397 * https://bugzilla.suse.com/show_bug.cgi?id=1258411 * https://bugzilla.suse.com/show_bug.cgi?id=1258415 * https://bugzilla.suse.com/show_bug.cgi?id=1258419 * https://bugzilla.suse.com/show_bug.cgi?id=1258421 * https://bugzilla.suse.com/show_bug.cgi?id=1258422 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258429 * https://bugzilla.suse.com/show_bug.cgi?id=1258430 * https://bugzilla.suse.com/show_bug.cgi?id=1258442 * https://bugzilla.suse.com/show_bug.cgi?id=1258455 * https://bugzilla.suse.com/show_bug.cgi?id=1258461 * https://bugzilla.suse.com/show_bug.cgi?id=1258464 * https://bugzilla.suse.com/show_bug.cgi?id=1258465 * https://bugzilla.suse.com/show_bug.cgi?id=1258468 * https://bugzilla.suse.com/show_bug.cgi?id=1258469 * https://bugzilla.suse.com/show_bug.cgi?id=1258483 * https://bugzilla.suse.com/show_bug.cgi?id=1258484 * https://bugzilla.suse.com/show_bug.cgi?id=1258489 * https://bugzilla.suse.com/show_bug.cgi?id=1258517 * https://bugzilla.suse.com/show_bug.cgi?id=1258518 * https://bugzilla.suse.com/show_bug.cgi?id=1258519 * https://bugzilla.suse.com/show_bug.cgi?id=1258520 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258544 * https://bugzilla.suse.com/show_bug.cgi?id=1258660 * https://bugzilla.suse.com/show_bug.cgi?id=1258672 * https://bugzilla.suse.com/show_bug.cgi?id=1258824 * https://bugzilla.suse.com/show_bug.cgi?id=1259329 * https://jira.suse.com/browse/PED-11563 * https://jira.suse.com/browse/PED-14156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:41:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:41:00 -0000 Subject: SUSE-SU-2026:1622-1: important: Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5) Message-ID: <177727926092.5974.6928242734850332720@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1622-1 Release Date: 2026-04-25T06:33:49Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.110 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1627=1 SUSE-2026-1628=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1627=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1628=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1622=1 SUSE-2026-1623=1 SUSE-2026-1624=1 SUSE-2026-1625=1 SUSE-2026-1626=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1622=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1623=1 SUSE-SLE-Module-Live- Patching-15-SP4-2026-1624=1 SUSE-SLE-Module-Live-Patching-15-SP4-2026-1625=1 SUSE-SLE-Module-Live-Patching-15-SP4-2026-1626=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_27-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-16-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_27-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-16-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_41-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_40-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_44-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_43-debugsource-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_45-debugsource-9-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_41-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_40-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-9-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_44-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_43-debugsource-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_45-debugsource-9-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 08:41:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 08:41:06 -0000 Subject: SUSE-SU-2026:1621-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5) Message-ID: <177727926640.5974.14045548196822665915@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1621-1 Release Date: 2026-04-24T19:04:09Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1620=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1621=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1621=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1620=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-10-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_30-debugsource-10-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-17-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-17-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-10-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_30-debugsource-10-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 16:31:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 16:31:01 -0000 Subject: SUSE-SU-2026:21349-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177730746192.6763.17989691484030589616@a649e7bfc190> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21349-1 Release Date: 2026-04-24T10:08:06Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-641=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-6-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 16:31:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 16:31:09 -0000 Subject: SUSE-SU-2026:21348-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177730746965.6763.8467838094599948444@a649e7bfc190> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21348-1 Release Date: 2026-04-24T10:08:05Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-640=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_4-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-4-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-debuginfo-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 16:31:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 16:31:17 -0000 Subject: SUSE-SU-2026:21347-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177730747739.6763.16510458351156231872@a649e7bfc190> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21347-1 Release Date: 2026-04-24T10:01:55Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-638=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_26-default-debuginfo-3-160000.1.1 * kernel-livepatch-SLE16_Update_5-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 16:31:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 16:31:26 -0000 Subject: SUSE-SU-2026:1631-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7) Message-ID: <177730748669.6763.950559887634361135@a649e7bfc190> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1631-1 Release Date: 2026-04-27T08:04:29Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.11 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1631=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_3-debugsource-9-150700.2.2 * kernel-livepatch-6_4_0-150700_53_11-default-debuginfo-9-150700.2.2 * kernel-livepatch-6_4_0-150700_53_11-default-9-150700.2.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 16:31:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 16:31:34 -0000 Subject: SUSE-SU-2026:1630-1: important: Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5) Message-ID: <177730749464.6763.14950084048596561785@a649e7bfc190> # Security update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1630-1 Release Date: 2026-04-27T08:04:20Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.103 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1630=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1630=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_103-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-17-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_103-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-17-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 20:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 20:30:26 -0000 Subject: SUSE-SU-2026:1635-1: important: Security update for freerdp Message-ID: <177732182670.7394.7884264892106624680@a649e7bfc190> # Security update for freerdp Announcement ID: SUSE-SU-2026:1635-1 Release Date: 2026-04-27T12:06:38Z Rating: important References: * bsc#1258919 * bsc#1258920 * bsc#1258921 * bsc#1258923 * bsc#1258924 * bsc#1258939 * bsc#1258967 * bsc#1258977 * bsc#1258987 * bsc#1259680 * bsc#1259684 * bsc#1259689 * bsc#1259692 * bsc#1259693 * bsc#1261848 Cross-References: * CVE-2026-25941 * CVE-2026-25942 * CVE-2026-25952 * CVE-2026-25953 * CVE-2026-25954 * CVE-2026-25997 * CVE-2026-26986 * CVE-2026-27015 * CVE-2026-27951 * CVE-2026-29774 * CVE-2026-29775 * CVE-2026-29776 * CVE-2026-31884 * CVE-2026-31897 CVSS scores: * CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25942 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25952 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25953 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25953 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25954 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25997 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-26986 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-26986 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26986 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27015 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27015 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27015 ( NVD ): 5.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27951 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27951 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27951 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27951 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29774 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29775 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29776 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31884 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31897 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 14 vulnerabilities and has one security fix can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted `WIRE_TO_SURFACE_2` PDU (bsc#1258919). * CVE-2026-25942: Global-buffer-overflow in `xf_rail_server_execute_result` (bsc#1258920). * CVE-2026-25952: Heap-use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921). * CVE-2026-25953: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923). * CVE-2026-25954: Heap-use-after-free in `xf_rail_server_local_move_size` (bsc#1258924). * CVE-2026-25997: Heap-use-after-free in `xf_clipboard_format_equal` (bsc#1258977). * CVE-2026-26986: Heap-use-after-free in `rail_window_free` (bsc#1258967). * CVE-2026-27015: Smartcard NDR alignment padding triggers reachable `WINPR_ASSERT` abort (bsc#1258987). * CVE-2026-27951: Denial of service via endless blocking loop in `Stream_EnsureCapacity` (bsc#1258939). * CVE-2026-29774: Missing bounds validation can cause a client-side heap buffer overflow (bsc#1259689). * CVE-2026-29775: Malicious server can trigger a client-side heap out-of- bounds access (bsc#1259684). * CVE-2026-29776: Missing length check can lead to an integer underflow (bsc#1259692). * CVE-2026-31897: Missing length check can cause an out-of-bounds read (bsc#1259693). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1635=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1635=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * winpr2-devel-2.1.2-12.68.1 * freerdp-devel-2.1.2-12.68.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * winpr2-devel-2.1.2-12.68.1 * freerdp-devel-2.1.2-12.68.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25941.html * https://www.suse.com/security/cve/CVE-2026-25942.html * https://www.suse.com/security/cve/CVE-2026-25952.html * https://www.suse.com/security/cve/CVE-2026-25953.html * https://www.suse.com/security/cve/CVE-2026-25954.html * https://www.suse.com/security/cve/CVE-2026-25997.html * https://www.suse.com/security/cve/CVE-2026-26986.html * https://www.suse.com/security/cve/CVE-2026-27015.html * https://www.suse.com/security/cve/CVE-2026-27951.html * https://www.suse.com/security/cve/CVE-2026-29774.html * https://www.suse.com/security/cve/CVE-2026-29775.html * https://www.suse.com/security/cve/CVE-2026-29776.html * https://www.suse.com/security/cve/CVE-2026-31884.html * https://www.suse.com/security/cve/CVE-2026-31897.html * https://bugzilla.suse.com/show_bug.cgi?id=1258919 * https://bugzilla.suse.com/show_bug.cgi?id=1258920 * https://bugzilla.suse.com/show_bug.cgi?id=1258921 * https://bugzilla.suse.com/show_bug.cgi?id=1258923 * https://bugzilla.suse.com/show_bug.cgi?id=1258924 * https://bugzilla.suse.com/show_bug.cgi?id=1258939 * https://bugzilla.suse.com/show_bug.cgi?id=1258967 * https://bugzilla.suse.com/show_bug.cgi?id=1258977 * https://bugzilla.suse.com/show_bug.cgi?id=1258987 * https://bugzilla.suse.com/show_bug.cgi?id=1259680 * https://bugzilla.suse.com/show_bug.cgi?id=1259684 * https://bugzilla.suse.com/show_bug.cgi?id=1259689 * https://bugzilla.suse.com/show_bug.cgi?id=1259692 * https://bugzilla.suse.com/show_bug.cgi?id=1259693 * https://bugzilla.suse.com/show_bug.cgi?id=1261848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 20:30:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 20:30:49 -0000 Subject: SUSE-SU-2026:1634-1: important: Security update for freerdp Message-ID: <177732184906.7394.16087979943285717923@a649e7bfc190> # Security update for freerdp Announcement ID: SUSE-SU-2026:1634-1 Release Date: 2026-04-27T12:06:21Z Rating: important References: * bsc#1258919 * bsc#1258920 * bsc#1258921 * bsc#1258923 * bsc#1258924 * bsc#1258939 * bsc#1258967 * bsc#1258977 * bsc#1258987 * bsc#1259680 * bsc#1259684 * bsc#1259689 * bsc#1259692 * bsc#1259693 * bsc#1261848 Cross-References: * CVE-2026-25941 * CVE-2026-25942 * CVE-2026-25952 * CVE-2026-25953 * CVE-2026-25954 * CVE-2026-25997 * CVE-2026-26986 * CVE-2026-27015 * CVE-2026-27951 * CVE-2026-29774 * CVE-2026-29775 * CVE-2026-29776 * CVE-2026-31884 * CVE-2026-31897 CVSS scores: * CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25942 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25952 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25953 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25953 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25954 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25997 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-26986 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-26986 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26986 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27015 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27015 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27015 ( NVD ): 5.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27951 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27951 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27951 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27951 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29774 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29775 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29776 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31884 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31897 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 14 vulnerabilities and has one security fix can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted `WIRE_TO_SURFACE_2` PDU (bsc#1258919). * CVE-2026-25942: Global-buffer-overflow in `xf_rail_server_execute_result` (bsc#1258920). * CVE-2026-25952: Heap-use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921). * CVE-2026-25953: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923). * CVE-2026-25954: Heap-use-after-free in `xf_rail_server_local_move_size` (bsc#1258924). * CVE-2026-25997: Heap-use-after-free in `xf_clipboard_format_equal` (bsc#1258977). * CVE-2026-26986: Heap-use-after-free in `rail_window_free` (bsc#1258967). * CVE-2026-27015: Smartcard NDR alignment padding triggers reachable `WINPR_ASSERT` abort (bsc#1258987). * CVE-2026-27951: Denial of service via endless blocking loop in `Stream_EnsureCapacity` (bsc#1258939). * CVE-2026-29774: Missing bounds validation can cause a client-side heap buffer overflow (bsc#1259689). * CVE-2026-29775: Malicious server can trigger a client-side heap out-of- bounds access (bsc#1259684). * CVE-2026-29776: Missing length check can lead to an integer underflow (bsc#1259692). * CVE-2026-31897: Missing length check can cause an out-of-bounds read (bsc#1259693). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1634=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1634=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * freerdp-server-debuginfo-2.4.0-150400.3.52.1 * libwinpr2-debuginfo-2.4.0-150400.3.52.1 * freerdp-debuginfo-2.4.0-150400.3.52.1 * freerdp-proxy-2.4.0-150400.3.52.1 * libfreerdp2-debuginfo-2.4.0-150400.3.52.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.52.1 * libuwac0-0-2.4.0-150400.3.52.1 * freerdp-2.4.0-150400.3.52.1 * libwinpr2-2.4.0-150400.3.52.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.52.1 * libfreerdp2-2.4.0-150400.3.52.1 * freerdp-devel-2.4.0-150400.3.52.1 * winpr2-devel-2.4.0-150400.3.52.1 * libuwac0-0-debuginfo-2.4.0-150400.3.52.1 * freerdp-wayland-2.4.0-150400.3.52.1 * freerdp-server-2.4.0-150400.3.52.1 * uwac0-0-devel-2.4.0-150400.3.52.1 * freerdp-debugsource-2.4.0-150400.3.52.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libwinpr2-debuginfo-2.4.0-150400.3.52.1 * freerdp-debuginfo-2.4.0-150400.3.52.1 * libfreerdp2-debuginfo-2.4.0-150400.3.52.1 * libfreerdp2-2.4.0-150400.3.52.1 * freerdp-debugsource-2.4.0-150400.3.52.1 * libwinpr2-2.4.0-150400.3.52.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25941.html * https://www.suse.com/security/cve/CVE-2026-25942.html * https://www.suse.com/security/cve/CVE-2026-25952.html * https://www.suse.com/security/cve/CVE-2026-25953.html * https://www.suse.com/security/cve/CVE-2026-25954.html * https://www.suse.com/security/cve/CVE-2026-25997.html * https://www.suse.com/security/cve/CVE-2026-26986.html * https://www.suse.com/security/cve/CVE-2026-27015.html * https://www.suse.com/security/cve/CVE-2026-27951.html * https://www.suse.com/security/cve/CVE-2026-29774.html * https://www.suse.com/security/cve/CVE-2026-29775.html * https://www.suse.com/security/cve/CVE-2026-29776.html * https://www.suse.com/security/cve/CVE-2026-31884.html * https://www.suse.com/security/cve/CVE-2026-31897.html * https://bugzilla.suse.com/show_bug.cgi?id=1258919 * https://bugzilla.suse.com/show_bug.cgi?id=1258920 * https://bugzilla.suse.com/show_bug.cgi?id=1258921 * https://bugzilla.suse.com/show_bug.cgi?id=1258923 * https://bugzilla.suse.com/show_bug.cgi?id=1258924 * https://bugzilla.suse.com/show_bug.cgi?id=1258939 * https://bugzilla.suse.com/show_bug.cgi?id=1258967 * https://bugzilla.suse.com/show_bug.cgi?id=1258977 * https://bugzilla.suse.com/show_bug.cgi?id=1258987 * https://bugzilla.suse.com/show_bug.cgi?id=1259680 * https://bugzilla.suse.com/show_bug.cgi?id=1259684 * https://bugzilla.suse.com/show_bug.cgi?id=1259689 * https://bugzilla.suse.com/show_bug.cgi?id=1259692 * https://bugzilla.suse.com/show_bug.cgi?id=1259693 * https://bugzilla.suse.com/show_bug.cgi?id=1261848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 20:31:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 20:31:14 -0000 Subject: SUSE-SU-2026:1633-1: important: Security update for freerdp Message-ID: <177732187409.7394.13146442979359977962@a649e7bfc190> # Security update for freerdp Announcement ID: SUSE-SU-2026:1633-1 Release Date: 2026-04-27T12:05:31Z Rating: important References: * bsc#1258919 * bsc#1258920 * bsc#1258921 * bsc#1258923 * bsc#1258924 * bsc#1258939 * bsc#1258941 * bsc#1258967 * bsc#1258973 * bsc#1258976 * bsc#1258977 * bsc#1258987 * bsc#1259680 * bsc#1259684 * bsc#1259689 * bsc#1259692 * bsc#1259693 * jsc#PED-13439 Cross-References: * CVE-2026-25941 * CVE-2026-25942 * CVE-2026-25952 * CVE-2026-25953 * CVE-2026-25954 * CVE-2026-25955 * CVE-2026-25959 * CVE-2026-25997 * CVE-2026-26986 * CVE-2026-27015 * CVE-2026-27950 * CVE-2026-27951 * CVE-2026-29774 * CVE-2026-29775 * CVE-2026-29776 * CVE-2026-31884 * CVE-2026-31897 CVSS scores: * CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25942 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25952 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25953 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25953 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25954 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25955 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25955 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-25955 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25955 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25959 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25959 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25959 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25997 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-26986 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-26986 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26986 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27015 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27015 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27015 ( NVD ): 5.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27950 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27950 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27950 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27950 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27951 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27951 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27951 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27951 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29774 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29775 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29776 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31884 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31897 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 17 vulnerabilities and contains one feature can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted `WIRE_TO_SURFACE_2` PDU (bsc#1258919). * CVE-2026-25942: Global-buffer-overflow in `xf_rail_server_execute_result` (bsc#1258920). * CVE-2026-25952: Heap-use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921). * CVE-2026-25953: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923). * CVE-2026-25954: Heap-use-after-free in `xf_rail_server_local_move_size` (bsc#1258924). * CVE-2026-25955: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258973). * CVE-2026-25959: Heap-use-after-free in `xf_cliprdr_provide_data_` (bsc#1258976). * CVE-2026-25997: Heap-use-after-free in `xf_clipboard_format_equal` (bsc#1258977). * CVE-2026-26986: Heap-use-after-free in `rail_window_free` (bsc#1258967). * CVE-2026-27015: Smartcard NDR alignment padding triggers reachable `WINPR_ASSERT` abort (bsc#1258987). * CVE-2026-27950: Denial of service due to incomplete fix for heap-use-after- free vulnerability (bsc#1258941). * CVE-2026-27951: Denial of service via endless blocking loop in `Stream_EnsureCapacity` (bsc#1258939). * CVE-2026-29774: Missing bounds validation can cause a client-side heap buffer overflow (bsc#1259689). * CVE-2026-29775: Malicious server can trigger a client-side heap out-of- bounds access (bsc#1259684). * CVE-2026-29776: Missing length check can lead to an integer underflow (bsc#1259692). * CVE-2026-31897: Missing length check can cause an out-of-bounds read (bsc#1259693). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1633=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1633=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp-wayland-debuginfo-3.10.3-150700.3.14.1 * freerdp-proxy-3.10.3-150700.3.14.1 * freerdp-proxy-debuginfo-3.10.3-150700.3.14.1 * freerdp-wayland-3.10.3-150700.3.14.1 * freerdp-debuginfo-3.10.3-150700.3.14.1 * freerdp-server-debuginfo-3.10.3-150700.3.14.1 * libuwac0-0-3.10.3-150700.3.14.1 * freerdp-debugsource-3.10.3-150700.3.14.1 * libuwac0-0-debuginfo-3.10.3-150700.3.14.1 * freerdp-devel-3.10.3-150700.3.14.1 * freerdp-3.10.3-150700.3.14.1 * freerdp-server-3.10.3-150700.3.14.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libfreerdp3-3-3.10.3-150700.3.14.1 * freerdp-proxy-3.10.3-150700.3.14.1 * libfreerdp3-3-debuginfo-3.10.3-150700.3.14.1 * freerdp-server-3.10.3-150700.3.14.1 * librdtk0-0-3.10.3-150700.3.14.1 * freerdp-sdl-debuginfo-3.10.3-150700.3.14.1 * freerdp-proxy-plugins-3.10.3-150700.3.14.1 * freerdp-debugsource-3.10.3-150700.3.14.1 * freerdp-devel-3.10.3-150700.3.14.1 * freerdp-3.10.3-150700.3.14.1 * libfreerdp-server-proxy3-3-3.10.3-150700.3.14.1 * freerdp-proxy-debuginfo-3.10.3-150700.3.14.1 * freerdp-debuginfo-3.10.3-150700.3.14.1 * libfreerdp-server-proxy3-3-debuginfo-3.10.3-150700.3.14.1 * winpr-devel-3.10.3-150700.3.14.1 * freerdp-server-debuginfo-3.10.3-150700.3.14.1 * libwinpr3-3-debuginfo-3.10.3-150700.3.14.1 * freerdp-proxy-plugins-debuginfo-3.10.3-150700.3.14.1 * librdtk0-0-debuginfo-3.10.3-150700.3.14.1 * freerdp-sdl-3.10.3-150700.3.14.1 * libwinpr3-3-3.10.3-150700.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25941.html * https://www.suse.com/security/cve/CVE-2026-25942.html * https://www.suse.com/security/cve/CVE-2026-25952.html * https://www.suse.com/security/cve/CVE-2026-25953.html * https://www.suse.com/security/cve/CVE-2026-25954.html * https://www.suse.com/security/cve/CVE-2026-25955.html * https://www.suse.com/security/cve/CVE-2026-25959.html * https://www.suse.com/security/cve/CVE-2026-25997.html * https://www.suse.com/security/cve/CVE-2026-26986.html * https://www.suse.com/security/cve/CVE-2026-27015.html * https://www.suse.com/security/cve/CVE-2026-27950.html * https://www.suse.com/security/cve/CVE-2026-27951.html * https://www.suse.com/security/cve/CVE-2026-29774.html * https://www.suse.com/security/cve/CVE-2026-29775.html * https://www.suse.com/security/cve/CVE-2026-29776.html * https://www.suse.com/security/cve/CVE-2026-31884.html * https://www.suse.com/security/cve/CVE-2026-31897.html * https://bugzilla.suse.com/show_bug.cgi?id=1258919 * https://bugzilla.suse.com/show_bug.cgi?id=1258920 * https://bugzilla.suse.com/show_bug.cgi?id=1258921 * https://bugzilla.suse.com/show_bug.cgi?id=1258923 * https://bugzilla.suse.com/show_bug.cgi?id=1258924 * https://bugzilla.suse.com/show_bug.cgi?id=1258939 * https://bugzilla.suse.com/show_bug.cgi?id=1258941 * https://bugzilla.suse.com/show_bug.cgi?id=1258967 * https://bugzilla.suse.com/show_bug.cgi?id=1258973 * https://bugzilla.suse.com/show_bug.cgi?id=1258976 * https://bugzilla.suse.com/show_bug.cgi?id=1258977 * https://bugzilla.suse.com/show_bug.cgi?id=1258987 * https://bugzilla.suse.com/show_bug.cgi?id=1259680 * https://bugzilla.suse.com/show_bug.cgi?id=1259684 * https://bugzilla.suse.com/show_bug.cgi?id=1259689 * https://bugzilla.suse.com/show_bug.cgi?id=1259692 * https://bugzilla.suse.com/show_bug.cgi?id=1259693 * https://jira.suse.com/browse/PED-13439 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 27 20:31:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 27 Apr 2026 20:31:36 -0000 Subject: SUSE-SU-2026:1632-1: important: Security update for freerdp Message-ID: <177732189686.7394.17202811130413401126@a649e7bfc190> # Security update for freerdp Announcement ID: SUSE-SU-2026:1632-1 Release Date: 2026-04-27T12:04:31Z Rating: important References: * bsc#1258919 * bsc#1258920 * bsc#1258921 * bsc#1258923 * bsc#1258924 * bsc#1258939 * bsc#1258967 * bsc#1258977 * bsc#1258987 * bsc#1259680 * bsc#1259684 * bsc#1259689 * bsc#1259692 * bsc#1259693 * bsc#1261848 Cross-References: * CVE-2026-25941 * CVE-2026-25942 * CVE-2026-25952 * CVE-2026-25953 * CVE-2026-25954 * CVE-2026-25997 * CVE-2026-26986 * CVE-2026-27015 * CVE-2026-27951 * CVE-2026-29774 * CVE-2026-29775 * CVE-2026-29776 * CVE-2026-31884 * CVE-2026-31897 CVSS scores: * CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25942 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25952 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25953 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25953 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25954 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25997 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-26986 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-26986 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26986 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27015 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27015 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27015 ( NVD ): 5.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27951 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27951 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27951 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27951 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29774 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29775 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29776 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31884 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31897 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 14 vulnerabilities and has one security fix can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted `WIRE_TO_SURFACE_2` PDU (bsc#1258919). * CVE-2026-25942: Global-buffer-overflow in `xf_rail_server_execute_result` (bsc#1258920). * CVE-2026-25952: Heap-use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921). * CVE-2026-25953: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923). * CVE-2026-25954: Heap-use-after-free in `xf_rail_server_local_move_size` (bsc#1258924). * CVE-2026-25997: Heap-use-after-free in `xf_clipboard_format_equal` (bsc#1258977). * CVE-2026-26986: Heap-use-after-free in `rail_window_free` (bsc#1258967). * CVE-2026-27015: Smartcard NDR alignment padding triggers reachable `WINPR_ASSERT` abort (bsc#1258987). * CVE-2026-27951: Denial of service via endless blocking loop in `Stream_EnsureCapacity` (bsc#1258939). * CVE-2026-29774: Missing bounds validation can cause a client-side heap buffer overflow (bsc#1259689). * CVE-2026-29775: Malicious server can trigger a client-side heap out-of- bounds access (bsc#1259684). * CVE-2026-29776: Missing length check can lead to an integer underflow (bsc#1259692). * CVE-2026-31897: Missing length check can cause an out-of-bounds read (bsc#1259693). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1632=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1632=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * freerdp-debuginfo-2.11.2-150600.4.26.1 * freerdp-server-debuginfo-2.11.2-150600.4.26.1 * libfreerdp2-2-2.11.2-150600.4.26.1 * freerdp-debugsource-2.11.2-150600.4.26.1 * libwinpr2-2-debuginfo-2.11.2-150600.4.26.1 * freerdp-server-2.11.2-150600.4.26.1 * freerdp-2.11.2-150600.4.26.1 * freerdp-proxy-debuginfo-2.11.2-150600.4.26.1 * libuwac0-0-2.11.2-150600.4.26.1 * libuwac0-0-debuginfo-2.11.2-150600.4.26.1 * winpr-devel-2.11.2-150600.4.26.1 * freerdp-devel-2.11.2-150600.4.26.1 * freerdp-wayland-debuginfo-2.11.2-150600.4.26.1 * libwinpr2-2-2.11.2-150600.4.26.1 * freerdp-wayland-2.11.2-150600.4.26.1 * freerdp-proxy-2.11.2-150600.4.26.1 * libfreerdp2-2-debuginfo-2.11.2-150600.4.26.1 * uwac0-0-devel-2.11.2-150600.4.26.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp-debuginfo-2.11.2-150600.4.26.1 * freerdp-debugsource-2.11.2-150600.4.26.1 * uwac0-0-devel-2.11.2-150600.4.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25941.html * https://www.suse.com/security/cve/CVE-2026-25942.html * https://www.suse.com/security/cve/CVE-2026-25952.html * https://www.suse.com/security/cve/CVE-2026-25953.html * https://www.suse.com/security/cve/CVE-2026-25954.html * https://www.suse.com/security/cve/CVE-2026-25997.html * https://www.suse.com/security/cve/CVE-2026-26986.html * https://www.suse.com/security/cve/CVE-2026-27015.html * https://www.suse.com/security/cve/CVE-2026-27951.html * https://www.suse.com/security/cve/CVE-2026-29774.html * https://www.suse.com/security/cve/CVE-2026-29775.html * https://www.suse.com/security/cve/CVE-2026-29776.html * https://www.suse.com/security/cve/CVE-2026-31884.html * https://www.suse.com/security/cve/CVE-2026-31897.html * https://bugzilla.suse.com/show_bug.cgi?id=1258919 * https://bugzilla.suse.com/show_bug.cgi?id=1258920 * https://bugzilla.suse.com/show_bug.cgi?id=1258921 * https://bugzilla.suse.com/show_bug.cgi?id=1258923 * https://bugzilla.suse.com/show_bug.cgi?id=1258924 * https://bugzilla.suse.com/show_bug.cgi?id=1258939 * https://bugzilla.suse.com/show_bug.cgi?id=1258967 * https://bugzilla.suse.com/show_bug.cgi?id=1258977 * https://bugzilla.suse.com/show_bug.cgi?id=1258987 * https://bugzilla.suse.com/show_bug.cgi?id=1259680 * https://bugzilla.suse.com/show_bug.cgi?id=1259684 * https://bugzilla.suse.com/show_bug.cgi?id=1259689 * https://bugzilla.suse.com/show_bug.cgi?id=1259692 * https://bugzilla.suse.com/show_bug.cgi?id=1259693 * https://bugzilla.suse.com/show_bug.cgi?id=1261848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 08:30:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 08:30:32 -0000 Subject: SUSE-SU-2026:1637-1: important: Security update for strongswan Message-ID: <177736503235.11277.10755192613040241844@46b3146b979a> # Security update for strongswan Announcement ID: SUSE-SU-2026:1637-1 Release Date: 2026-04-27T16:59:38Z Rating: important References: * bsc#1261705 * bsc#1261706 * bsc#1261708 * bsc#1261712 * bsc#1261717 * bsc#1261718 * bsc#1261720 Cross-References: * CVE-2026-35328 * CVE-2026-35329 * CVE-2026-35330 * CVE-2026-35331 * CVE-2026-35332 * CVE-2026-35333 * CVE-2026-35334 CVSS scores: * CVE-2026-35328 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35328 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35329 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35330 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35331 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35331 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35332 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35332 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35333 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35333 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35334 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2026-35328: infinite loop when handling supported versions TLS extension (bsc#1261712). * CVE-2026-35329: null pointer dereference when processing padding in PKCS#7 (bsc#1261717). * CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). * CVE-2026-35331: accepting certificates violating name constraints (bsc#1261718). * CVE-2026-35332: null pointer dereference when handling ECDH public value in TLS (bsc#1261708). * CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). * CVE-2026-35334: possible null pointer dereference in RSA decryption (bsc#1261720). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1637=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1637=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1637=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * strongswan-libs0-5.9.14-150700.3.14.1 * strongswan-ipsec-debuginfo-5.9.14-150700.3.14.1 * strongswan-libs0-debuginfo-5.9.14-150700.3.14.1 * strongswan-hmac-5.9.14-150700.3.14.1 * strongswan-ipsec-5.9.14-150700.3.14.1 * strongswan-5.9.14-150700.3.14.1 * strongswan-debuginfo-5.9.14-150700.3.14.1 * strongswan-debugsource-5.9.14-150700.3.14.1 * Basesystem Module 15-SP7 (noarch) * strongswan-doc-5.9.14-150700.3.14.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.9.14-150700.3.14.1 * strongswan-nm-5.9.14-150700.3.14.1 * strongswan-debugsource-5.9.14-150700.3.14.1 * strongswan-nm-debuginfo-5.9.14-150700.3.14.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * strongswan-debuginfo-5.9.14-150700.3.14.1 * strongswan-nm-5.9.14-150700.3.14.1 * strongswan-debugsource-5.9.14-150700.3.14.1 * strongswan-nm-debuginfo-5.9.14-150700.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35328.html * https://www.suse.com/security/cve/CVE-2026-35329.html * https://www.suse.com/security/cve/CVE-2026-35330.html * https://www.suse.com/security/cve/CVE-2026-35331.html * https://www.suse.com/security/cve/CVE-2026-35332.html * https://www.suse.com/security/cve/CVE-2026-35333.html * https://www.suse.com/security/cve/CVE-2026-35334.html * https://bugzilla.suse.com/show_bug.cgi?id=1261705 * https://bugzilla.suse.com/show_bug.cgi?id=1261706 * https://bugzilla.suse.com/show_bug.cgi?id=1261708 * https://bugzilla.suse.com/show_bug.cgi?id=1261712 * https://bugzilla.suse.com/show_bug.cgi?id=1261717 * https://bugzilla.suse.com/show_bug.cgi?id=1261718 * https://bugzilla.suse.com/show_bug.cgi?id=1261720 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 08:30:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 08:30:35 -0000 Subject: SUSE-SU-2026:1636-1: important: Security update for fontforge Message-ID: <177736503562.11277.7297702926463864137@46b3146b979a> # Security update for fontforge Announcement ID: SUSE-SU-2026:1636-1 Release Date: 2026-04-27T16:55:28Z Rating: important References: * bsc#1256031 Cross-References: * CVE-2025-15270 CVSS scores: * CVE-2025-15270 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-15270 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for fontforge fixes the following issue: * CVE-2025-15270: Remote code execution via malicious SFD file parsing (bsc#1256031). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1636=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1636=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1636=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1636=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1636=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1636=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1636=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1636=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1636=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1636=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1636=1 ## Package List: * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * fontforge-20200314-150200.3.15.1 * fontforge-debuginfo-20200314-150200.3.15.1 * fontforge-debugsource-20200314-150200.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15270.html * https://bugzilla.suse.com/show_bug.cgi?id=1256031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:30:08 -0000 Subject: SUSE-SU-2026:21390-1: moderate: Security update for haproxy Message-ID: <177739380833.48.15334410913662654083@9e3d0d49577d> # Security update for haproxy Announcement ID: SUSE-SU-2026:21390-1 Release Date: 2026-04-23T08:15:56Z Rating: moderate References: * bsc#1261626 * bsc#1262103 Cross-References: * CVE-2026-33555 CVSS scores: * CVE-2026-33555 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N * CVE-2026-33555 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-33555 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for haproxy fixes the following issues: Security issue: * CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization (bsc#1262103). * bug in SLZ compression (bsc#1261626). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-632=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * haproxy-3.2.15+git64.0fc44b458-160000.2.1 * haproxy-debugsource-3.2.15+git64.0fc44b458-160000.2.1 * haproxy-debuginfo-3.2.15+git64.0fc44b458-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33555.html * https://bugzilla.suse.com/show_bug.cgi?id=1261626 * https://bugzilla.suse.com/show_bug.cgi?id=1262103 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:30:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:30:25 -0000 Subject: SUSE-SU-2026:21388-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16) Message-ID: <177739382526.48.6120841101145731136@9e3d0d49577d> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21388-1 Release Date: 2026-04-23T08:22:01Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-634=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-634=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_27-default-2-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-debuginfo-2-160000.1.1 * kernel-livepatch-SLE16_Update_6-debugsource-2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_27-default-2-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-debuginfo-2-160000.1.1 * kernel-livepatch-SLE16_Update_6-debugsource-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:30:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:30:28 -0000 Subject: SUSE-SU-2026:21387-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177739382805.48.4504546626662433321@9e3d0d49577d> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21387-1 Release Date: 2026-04-23T08:20:31Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-633=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-633=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_8-default-5-160000.1.1 * kernel-livepatch-SLE16_Update_3-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-5-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_8-default-5-160000.1.1 * kernel-livepatch-SLE16_Update_3-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:30:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:30:32 -0000 Subject: SUSE-SU-2026:21386-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177739383228.48.502674748355788835@9e3d0d49577d> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21386-1 Release Date: 2026-04-23T06:52:59Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-631=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-631=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_6-default-debuginfo-8-160000.1.1 * kernel-livepatch-SLE16_Update_1-debugsource-8-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-8-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_6-default-debuginfo-8-160000.1.1 * kernel-livepatch-SLE16_Update_1-debugsource-8-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:30:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:30:36 -0000 Subject: SUSE-SU-2026:21385-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177739383670.48.14562416302126686658@9e3d0d49577d> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21385-1 Release Date: 2026-04-22T23:22:40Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-630=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-630=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_5-default-10-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-10-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-10-160000.4.3 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-10-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-10-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-10-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:30:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:30:40 -0000 Subject: SUSE-SU-2026:21383-1: important: Security update for MozillaFirefox Message-ID: <177739384081.48.714065785008223613@9e3d0d49577d> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:21383-1 Release Date: 2026-04-23T14:47:03Z Rating: important References: * bsc#1262230 Cross-References: * CVE-2026-6746 * CVE-2026-6747 * CVE-2026-6748 * CVE-2026-6749 * CVE-2026-6750 * CVE-2026-6751 * CVE-2026-6752 * CVE-2026-6753 * CVE-2026-6754 * CVE-2026-6757 * CVE-2026-6759 * CVE-2026-6761 * CVE-2026-6762 * CVE-2026-6763 * CVE-2026-6764 * CVE-2026-6765 * CVE-2026-6766 * CVE-2026-6767 * CVE-2026-6769 * CVE-2026-6770 * CVE-2026-6771 * CVE-2026-6772 * CVE-2026-6776 * CVE-2026-6785 * CVE-2026-6786 CVSS scores: * CVE-2026-6746 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6747 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6748 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6749 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6750 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6751 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6752 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6753 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6754 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6757 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6759 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6761 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6762 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6763 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6764 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-6765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6766 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6767 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6769 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6770 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-6771 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6772 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6785 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6786 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.10.0 ESR. * MFSA 2026-32 (bsc#1262230): * CVE-2026-6746: Use-after-free in the DOM: Core & HTML component * CVE-2026-6747: Use-after-free in the WebRTC component * CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component * CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component * CVE-2026-6750: Privilege escalation in the Graphics: WebRender component * CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component * CVE-2026-6752: Incorrect boundary conditions in the WebRTC component * CVE-2026-6753: Incorrect boundary conditions in the WebRTC component * CVE-2026-6754: Use-after-free in the JavaScript Engine component * CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component * CVE-2026-6759: Use-after-free in the Widget: Cocoa component * CVE-2026-6761: Privilege escalation in the Networking component * CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component * CVE-2026-6763: Mitigation bypass in the File Handling component * CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component * CVE-2026-6765: Information disclosure in the Form Autofill component * CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS * CVE-2026-6767: Other issue in the Libraries component in NSS * CVE-2026-6769: Privilege escalation in the Debugger component * CVE-2026-6770: Other issue in the Storage: IndexedDB component * CVE-2026-6771: Mitigation bypass in the DOM: Security component * CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS * CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component * CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 * CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-635=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-635=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * MozillaFirefox-debuginfo-140.10.0-160000.1.1 * MozillaFirefox-translations-common-140.10.0-160000.1.1 * MozillaFirefox-140.10.0-160000.1.1 * MozillaFirefox-translations-other-140.10.0-160000.1.1 * MozillaFirefox-debugsource-140.10.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * MozillaFirefox-devel-140.10.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-140.10.0-160000.1.1 * MozillaFirefox-translations-common-140.10.0-160000.1.1 * MozillaFirefox-140.10.0-160000.1.1 * MozillaFirefox-translations-other-140.10.0-160000.1.1 * MozillaFirefox-debugsource-140.10.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * MozillaFirefox-devel-140.10.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6746.html * https://www.suse.com/security/cve/CVE-2026-6747.html * https://www.suse.com/security/cve/CVE-2026-6748.html * https://www.suse.com/security/cve/CVE-2026-6749.html * https://www.suse.com/security/cve/CVE-2026-6750.html * https://www.suse.com/security/cve/CVE-2026-6751.html * https://www.suse.com/security/cve/CVE-2026-6752.html * https://www.suse.com/security/cve/CVE-2026-6753.html * https://www.suse.com/security/cve/CVE-2026-6754.html * https://www.suse.com/security/cve/CVE-2026-6757.html * https://www.suse.com/security/cve/CVE-2026-6759.html * https://www.suse.com/security/cve/CVE-2026-6761.html * https://www.suse.com/security/cve/CVE-2026-6762.html * https://www.suse.com/security/cve/CVE-2026-6763.html * https://www.suse.com/security/cve/CVE-2026-6764.html * https://www.suse.com/security/cve/CVE-2026-6765.html * https://www.suse.com/security/cve/CVE-2026-6766.html * https://www.suse.com/security/cve/CVE-2026-6767.html * https://www.suse.com/security/cve/CVE-2026-6769.html * https://www.suse.com/security/cve/CVE-2026-6770.html * https://www.suse.com/security/cve/CVE-2026-6771.html * https://www.suse.com/security/cve/CVE-2026-6772.html * https://www.suse.com/security/cve/CVE-2026-6776.html * https://www.suse.com/security/cve/CVE-2026-6785.html * https://www.suse.com/security/cve/CVE-2026-6786.html * https://bugzilla.suse.com/show_bug.cgi?id=1262230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:30:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:30:43 -0000 Subject: SUSE-SU-2026:21382-1: important: Security update for python-Pillow Message-ID: <177739384377.48.18115886767992655371@9e3d0d49577d> # Security update for python-Pillow Announcement ID: SUSE-SU-2026:21382-1 Release Date: 2026-04-22T21:45:29Z Rating: important References: * bsc#1262184 Cross-References: * CVE-2026-40192 CVSS scores: * CVE-2026-40192 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40192 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40192 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40192 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issue: * CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks (bsc#1262184). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-629=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-629=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python313-Pillow-debuginfo-11.3.0-160000.4.1 * python313-Pillow-tk-debuginfo-11.3.0-160000.4.1 * python313-Pillow-11.3.0-160000.4.1 * python-Pillow-debugsource-11.3.0-160000.4.1 * python313-Pillow-tk-11.3.0-160000.4.1 * python-Pillow-debuginfo-11.3.0-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python313-Pillow-debuginfo-11.3.0-160000.4.1 * python313-Pillow-tk-debuginfo-11.3.0-160000.4.1 * python313-Pillow-11.3.0-160000.4.1 * python-Pillow-debugsource-11.3.0-160000.4.1 * python313-Pillow-tk-11.3.0-160000.4.1 * python-Pillow-debuginfo-11.3.0-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40192.html * https://bugzilla.suse.com/show_bug.cgi?id=1262184 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:31:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:31:07 -0000 Subject: SUSE-SU-2026:21380-1: important: Security update for ImageMagick Message-ID: <177739386794.48.6728115492592848397@9e3d0d49577d> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:21380-1 Release Date: 2026-04-22T11:02:58Z Rating: important References: * bsc#1259612 * bsc#1259872 * bsc#1260874 * bsc#1260879 * bsc#1262097 * bsc#1262145 * bsc#1262146 * bsc#1262147 * bsc#1262148 * bsc#1262149 * bsc#1262150 * bsc#1262152 * bsc#1262153 * bsc#1262154 * bsc#1262155 * bsc#1262156 Cross-References: * CVE-2026-32259 * CVE-2026-32636 * CVE-2026-33535 * CVE-2026-33536 * CVE-2026-33899 * CVE-2026-33900 * CVE-2026-33901 * CVE-2026-33902 * CVE-2026-33905 * CVE-2026-33908 * CVE-2026-34238 * CVE-2026-40169 * CVE-2026-40183 * CVE-2026-40310 * CVE-2026-40311 * CVE-2026-40312 CVSS scores: * CVE-2026-32259 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32259 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32636 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-32636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32636 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32636 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33899 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33899 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33899 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33900 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33900 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33900 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33901 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33901 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33901 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33902 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33902 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33905 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-33908 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33908 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34238 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34238 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-34238 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34238 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40169 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40169 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40169 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40169 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40183 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40310 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40310 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40311 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40311 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40312 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40312 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40312 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40312 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 16 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-32259: stack out-of-bounds write due to a memory allocation failure in the sixel encoder can lead to a crash (bsc#1259612). * CVE-2026-32636: out-of-bounds write of a single zero byte due to bug the `NewXMLTree` method can lead to denial of service (bsc#1259872). * CVE-2026-33535: out-of-bounds write of a zero byte in X11 `display` interaction path can lead to a crash (bsc#1260874). * CVE-2026-33536: stack out-of-bounds write due to incorrect return value on certain platforms can lead to a denial of service (bsc#1260879). * CVE-2026-33899: out-of-bounds write of single zero byte in XML parsing can lead to a denial of service (bsc#1262154). * CVE-2026-33900: heap out-of-bounds write due to integer truncation in viff encoder can lead to a crash (bsc#1262156). * CVE-2026-33901: heap buffer overflow in the MVG decoder can lead to memory corruption or a crash (bsc#1262155). * CVE-2026-33902: stack buffer overflow in the FX expression parser can lead to a process crash (bsc#1262153). * CVE-2026-33905: out-of-bounds read in `-sample` operation can lead to a denial of service (bsc#1262097). * CVE-2026-33908: recursive execution with no depth limit imposed when processing XML files can lead to resource exhaustion and a denial of service (bsc#1262152). * CVE-2026-34238: heap buffer overflow due to integer overflow in the despeckle operation can lead to a denial of service (bsc#1262147). * CVE-2026-40169: out-of-bounds heap write when processing a crafted image and writing a YAML or JSON output can lead to a crash (bsc#1262150). * CVE-2026-40183: heap out-of-bounds write in the JXL encoder can lead to a denial of service (bsc#1262145). * CVE-2026-40310: heap out-of-bounds write in the JP2 encoder can lead to a denial of service (bsc#1262148). * CVE-2026-40311: heap use-after-free when reading and printing values from an invalid XMP profile can lead to a denial of service (bsc#1262146). * CVE-2026-40312: off-by-one error in the MSL decoder can lead to a crash (bsc#1262149). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-618=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-618=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libMagick++-7_Q16HDRI5-7.1.2.0-160000.8.1 * ImageMagick-debuginfo-7.1.2.0-160000.8.1 * ImageMagick-extra-debuginfo-7.1.2.0-160000.8.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.2.0-160000.8.1 * ImageMagick-7.1.2.0-160000.8.1 * perl-PerlMagick-debuginfo-7.1.2.0-160000.8.1 * ImageMagick-devel-7.1.2.0-160000.8.1 * perl-PerlMagick-7.1.2.0-160000.8.1 * libMagickWand-7_Q16HDRI10-7.1.2.0-160000.8.1 * ImageMagick-extra-7.1.2.0-160000.8.1 * libMagick++-devel-7.1.2.0-160000.8.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.2.0-160000.8.1 * libMagickCore-7_Q16HDRI10-7.1.2.0-160000.8.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.2.0-160000.8.1 * ImageMagick-debugsource-7.1.2.0-160000.8.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * ImageMagick-config-7-upstream-limited-7.1.2.0-160000.8.1 * ImageMagick-config-7-upstream-open-7.1.2.0-160000.8.1 * ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.8.1 * ImageMagick-config-7-SUSE-7.1.2.0-160000.8.1 * ImageMagick-doc-7.1.2.0-160000.8.1 * ImageMagick-config-7-upstream-secure-7.1.2.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI5-7.1.2.0-160000.8.1 * ImageMagick-debuginfo-7.1.2.0-160000.8.1 * ImageMagick-extra-debuginfo-7.1.2.0-160000.8.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.2.0-160000.8.1 * ImageMagick-7.1.2.0-160000.8.1 * perl-PerlMagick-debuginfo-7.1.2.0-160000.8.1 * ImageMagick-devel-7.1.2.0-160000.8.1 * perl-PerlMagick-7.1.2.0-160000.8.1 * libMagickWand-7_Q16HDRI10-7.1.2.0-160000.8.1 * ImageMagick-extra-7.1.2.0-160000.8.1 * libMagick++-devel-7.1.2.0-160000.8.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.2.0-160000.8.1 * libMagickCore-7_Q16HDRI10-7.1.2.0-160000.8.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.2.0-160000.8.1 * ImageMagick-debugsource-7.1.2.0-160000.8.1 * SUSE Linux Enterprise Server 16.0 (noarch) * ImageMagick-config-7-upstream-limited-7.1.2.0-160000.8.1 * ImageMagick-config-7-upstream-open-7.1.2.0-160000.8.1 * ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.8.1 * ImageMagick-config-7-SUSE-7.1.2.0-160000.8.1 * ImageMagick-doc-7.1.2.0-160000.8.1 * ImageMagick-config-7-upstream-secure-7.1.2.0-160000.8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32259.html * https://www.suse.com/security/cve/CVE-2026-32636.html * https://www.suse.com/security/cve/CVE-2026-33535.html * https://www.suse.com/security/cve/CVE-2026-33536.html * https://www.suse.com/security/cve/CVE-2026-33899.html * https://www.suse.com/security/cve/CVE-2026-33900.html * https://www.suse.com/security/cve/CVE-2026-33901.html * https://www.suse.com/security/cve/CVE-2026-33902.html * https://www.suse.com/security/cve/CVE-2026-33905.html * https://www.suse.com/security/cve/CVE-2026-33908.html * https://www.suse.com/security/cve/CVE-2026-34238.html * https://www.suse.com/security/cve/CVE-2026-40169.html * https://www.suse.com/security/cve/CVE-2026-40183.html * https://www.suse.com/security/cve/CVE-2026-40310.html * https://www.suse.com/security/cve/CVE-2026-40311.html * https://www.suse.com/security/cve/CVE-2026-40312.html * https://bugzilla.suse.com/show_bug.cgi?id=1259612 * https://bugzilla.suse.com/show_bug.cgi?id=1259872 * https://bugzilla.suse.com/show_bug.cgi?id=1260874 * https://bugzilla.suse.com/show_bug.cgi?id=1260879 * https://bugzilla.suse.com/show_bug.cgi?id=1262097 * https://bugzilla.suse.com/show_bug.cgi?id=1262145 * https://bugzilla.suse.com/show_bug.cgi?id=1262146 * https://bugzilla.suse.com/show_bug.cgi?id=1262147 * https://bugzilla.suse.com/show_bug.cgi?id=1262148 * https://bugzilla.suse.com/show_bug.cgi?id=1262149 * https://bugzilla.suse.com/show_bug.cgi?id=1262150 * https://bugzilla.suse.com/show_bug.cgi?id=1262152 * https://bugzilla.suse.com/show_bug.cgi?id=1262153 * https://bugzilla.suse.com/show_bug.cgi?id=1262154 * https://bugzilla.suse.com/show_bug.cgi?id=1262155 * https://bugzilla.suse.com/show_bug.cgi?id=1262156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:31:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:31:21 -0000 Subject: SUSE-SU-2026:21379-1: important: Security update for tomcat10 Message-ID: <177739388155.48.6286679201157187040@9e3d0d49577d> # Security update for tomcat10 Announcement ID: SUSE-SU-2026:21379-1 Release Date: 2026-04-22T10:52:20Z Rating: important References: * bsc#1258371 * bsc#1261850 * bsc#1261851 * bsc#1261852 * bsc#1261853 * bsc#1261854 * bsc#1261855 * bsc#1261856 * bsc#1261857 Cross-References: * CVE-2025-66614 * CVE-2026-24880 * CVE-2026-25854 * CVE-2026-29129 * CVE-2026-29145 * CVE-2026-29146 * CVE-2026-32990 * CVE-2026-34483 * CVE-2026-34486 * CVE-2026-34487 * CVE-2026-34500 CVSS scores: * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-25854 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29145 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29146 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-32990 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34483 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34500 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for tomcat10 fixes the following issues: * Update to Tomcat 10.1.54 * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). * CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-624=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-624=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * tomcat10-docs-webapp-10.1.54-160000.1.1 * tomcat10-embed-10.1.54-160000.1.1 * tomcat10-jsp-3_1-api-10.1.54-160000.1.1 * tomcat10-doc-10.1.54-160000.1.1 * tomcat10-jsvc-10.1.54-160000.1.1 * tomcat10-webapps-10.1.54-160000.1.1 * tomcat10-10.1.54-160000.1.1 * tomcat10-admin-webapps-10.1.54-160000.1.1 * tomcat10-el-5_0-api-10.1.54-160000.1.1 * tomcat10-lib-10.1.54-160000.1.1 * tomcat10-servlet-6_0-api-10.1.54-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * tomcat10-docs-webapp-10.1.54-160000.1.1 * tomcat10-embed-10.1.54-160000.1.1 * tomcat10-jsp-3_1-api-10.1.54-160000.1.1 * tomcat10-doc-10.1.54-160000.1.1 * tomcat10-jsvc-10.1.54-160000.1.1 * tomcat10-webapps-10.1.54-160000.1.1 * tomcat10-10.1.54-160000.1.1 * tomcat10-admin-webapps-10.1.54-160000.1.1 * tomcat10-el-5_0-api-10.1.54-160000.1.1 * tomcat10-lib-10.1.54-160000.1.1 * tomcat10-servlet-6_0-api-10.1.54-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24880.html * https://www.suse.com/security/cve/CVE-2026-25854.html * https://www.suse.com/security/cve/CVE-2026-29129.html * https://www.suse.com/security/cve/CVE-2026-29145.html * https://www.suse.com/security/cve/CVE-2026-29146.html * https://www.suse.com/security/cve/CVE-2026-32990.html * https://www.suse.com/security/cve/CVE-2026-34483.html * https://www.suse.com/security/cve/CVE-2026-34486.html * https://www.suse.com/security/cve/CVE-2026-34487.html * https://www.suse.com/security/cve/CVE-2026-34500.html * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1261850 * https://bugzilla.suse.com/show_bug.cgi?id=1261851 * https://bugzilla.suse.com/show_bug.cgi?id=1261852 * https://bugzilla.suse.com/show_bug.cgi?id=1261853 * https://bugzilla.suse.com/show_bug.cgi?id=1261854 * https://bugzilla.suse.com/show_bug.cgi?id=1261855 * https://bugzilla.suse.com/show_bug.cgi?id=1261856 * https://bugzilla.suse.com/show_bug.cgi?id=1261857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:31:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:31:36 -0000 Subject: SUSE-SU-2026:21378-1: important: Security update for tomcat Message-ID: <177739389604.48.6421563890349371632@9e3d0d49577d> # Security update for tomcat Announcement ID: SUSE-SU-2026:21378-1 Release Date: 2026-04-22T10:52:20Z Rating: important References: * bsc#1258371 * bsc#1261850 * bsc#1261851 * bsc#1261852 * bsc#1261853 * bsc#1261854 * bsc#1261855 * bsc#1261856 * bsc#1261857 Cross-References: * CVE-2025-66614 * CVE-2026-24880 * CVE-2026-25854 * CVE-2026-29129 * CVE-2026-29145 * CVE-2026-29146 * CVE-2026-32990 * CVE-2026-34483 * CVE-2026-34486 * CVE-2026-34487 * CVE-2026-34500 CVSS scores: * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-25854 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29145 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29146 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-32990 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34483 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34500 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). * CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-623=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-623=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * tomcat-9.0.117-160000.1.1 * tomcat-javadoc-9.0.117-160000.1.1 * tomcat-docs-webapp-9.0.117-160000.1.1 * tomcat-embed-9.0.117-160000.1.1 * tomcat-admin-webapps-9.0.117-160000.1.1 * tomcat-webapps-9.0.117-160000.1.1 * tomcat-el-3_0-api-9.0.117-160000.1.1 * tomcat-jsvc-9.0.117-160000.1.1 * tomcat-lib-9.0.117-160000.1.1 * tomcat-servlet-4_0-api-9.0.117-160000.1.1 * tomcat-jsp-2_3-api-9.0.117-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * tomcat-9.0.117-160000.1.1 * tomcat-javadoc-9.0.117-160000.1.1 * tomcat-docs-webapp-9.0.117-160000.1.1 * tomcat-embed-9.0.117-160000.1.1 * tomcat-admin-webapps-9.0.117-160000.1.1 * tomcat-webapps-9.0.117-160000.1.1 * tomcat-el-3_0-api-9.0.117-160000.1.1 * tomcat-jsvc-9.0.117-160000.1.1 * tomcat-lib-9.0.117-160000.1.1 * tomcat-servlet-4_0-api-9.0.117-160000.1.1 * tomcat-jsp-2_3-api-9.0.117-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24880.html * https://www.suse.com/security/cve/CVE-2026-25854.html * https://www.suse.com/security/cve/CVE-2026-29129.html * https://www.suse.com/security/cve/CVE-2026-29145.html * https://www.suse.com/security/cve/CVE-2026-29146.html * https://www.suse.com/security/cve/CVE-2026-32990.html * https://www.suse.com/security/cve/CVE-2026-34483.html * https://www.suse.com/security/cve/CVE-2026-34486.html * https://www.suse.com/security/cve/CVE-2026-34487.html * https://www.suse.com/security/cve/CVE-2026-34500.html * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1261850 * https://bugzilla.suse.com/show_bug.cgi?id=1261851 * https://bugzilla.suse.com/show_bug.cgi?id=1261852 * https://bugzilla.suse.com/show_bug.cgi?id=1261853 * https://bugzilla.suse.com/show_bug.cgi?id=1261854 * https://bugzilla.suse.com/show_bug.cgi?id=1261855 * https://bugzilla.suse.com/show_bug.cgi?id=1261856 * https://bugzilla.suse.com/show_bug.cgi?id=1261857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:31:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:31:38 -0000 Subject: SUSE-SU-2026:21377-1: important: Security update for librsvg Message-ID: <177739389895.48.2707493270937617271@9e3d0d49577d> # Security update for librsvg Announcement ID: SUSE-SU-2026:21377-1 Release Date: 2026-04-22T10:52:20Z Rating: important References: * bsc#1257922 Cross-References: * CVE-2026-25727 CVSS scores: * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for librsvg fixes the following issue: * CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-622=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-622=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * librsvg-devel-2.60.2-160000.2.1 * gdk-pixbuf-loader-rsvg-2.60.2-160000.2.1 * librsvg-2-2-2.60.2-160000.2.1 * rsvg-convert-2.60.2-160000.2.1 * librsvg-2-2-debuginfo-2.60.2-160000.2.1 * typelib-1_0-Rsvg-2_0-2.60.2-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * rsvg-thumbnailer-2.60.2-160000.2.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * librsvg-devel-2.60.2-160000.2.1 * gdk-pixbuf-loader-rsvg-2.60.2-160000.2.1 * librsvg-2-2-2.60.2-160000.2.1 * rsvg-convert-2.60.2-160000.2.1 * librsvg-2-2-debuginfo-2.60.2-160000.2.1 * typelib-1_0-Rsvg-2_0-2.60.2-160000.2.1 * SUSE Linux Enterprise Server 16.0 (noarch) * rsvg-thumbnailer-2.60.2-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25727.html * https://bugzilla.suse.com/show_bug.cgi?id=1257922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:31:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:31:48 -0000 Subject: SUSE-SU-2026:21376-1: important: Security update for google-guest-agent Message-ID: <177739390898.48.11856383651732829147@9e3d0d49577d> # Security update for google-guest-agent Announcement ID: SUSE-SU-2026:21376-1 Release Date: 2026-04-22T10:52:20Z Rating: important References: * bsc#1234563 * bsc#1236533 * bsc#1239763 * bsc#1239866 * bsc#1243254 * bsc#1243505 Cross-References: * CVE-2023-45288 * CVE-2024-45337 CVSS scores: * CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-45288 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities and has four fixes can now be installed. ## Description: This update for google-guest-agent fixes the following issues: Update to version 20250506.01 (bsc#1243254, bsc#1243505). Security issues fixed: * CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to authorization bypass in applications (bsc#1234563). * CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533). Other updates and bugfixes: * Version 20250506.01: * Make sure agent added connections are activated by NM (#534) * Version 20250506.00: * Wrap NSS cache refresh in a goroutine (#533) * Version 20250502.01: * Wicked: Only reload interfaces for which configurations are written or changed. (#524) * Version 20250502.00: * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Version 20250418.00: * Re-enable disabled services if the core plugin was enabled (#521) * Version 20250414.00: * Add AuthorizedKeysCompat to windows packaging (#530) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Version 20250327.01 (bsc#1239763, bsc#1239866): * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) * Version 20250327.00: * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Version 20250326.00: * Re-enable disabled services if the core plugin was enabled (#521) * Version 20250324.00: * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert "Revert bundling new binaries in the package (#509)" (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250317.00: * Revert "Revert bundling new binaries in the package (#509)" (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250312.00: * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250305.00: * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250304.01: * Fix typo in windows build script (#501) * Version 20250214.01: * Include core plugin binary for all packages (#500) * Version 20250212.00: * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * Version 20250211.00: * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) * Version 20250207.00: * vlan: toggle vlan configuration in debian packaging (#495) * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Include interfaces in lists even if it has an invalid MAC. (#489) * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) * Version 20250204.02: * force concourse to move version forward. * Version 20250204.01: * vlan: toggle vlan configuration in debian packaging (#495) * Version 20250204.00: * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Version 20250203.01: * Include interfaces in lists even if it has an invalid MAC. (#489) * Version 20250203.00: * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) * Version 20250122.00: * networkd(vlan): remove the interface in addition to config (#468) * Implement support for vlan dynamic removal, update dhclient to remove only if configured (#465) * Update logging library (#479) * Remove Pat from owners file. (#478) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-621=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-621=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * google-guest-agent-20250506.01-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * google-guest-agent-20250506.01-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2024-45337.html * https://bugzilla.suse.com/show_bug.cgi?id=1234563 * https://bugzilla.suse.com/show_bug.cgi?id=1236533 * https://bugzilla.suse.com/show_bug.cgi?id=1239763 * https://bugzilla.suse.com/show_bug.cgi?id=1239866 * https://bugzilla.suse.com/show_bug.cgi?id=1243254 * https://bugzilla.suse.com/show_bug.cgi?id=1243505 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:31:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:31:51 -0000 Subject: SUSE-SU-2026:21375-1: important: Security update for fontforge Message-ID: <177739391195.48.2704098608857478674@9e3d0d49577d> # Security update for fontforge Announcement ID: SUSE-SU-2026:21375-1 Release Date: 2026-04-22T10:52:20Z Rating: important References: * bsc#1256031 Cross-References: * CVE-2025-15270 CVSS scores: * CVE-2025-15270 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-15270 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for fontforge fixes the following issues: * CVE-2025-15270: lack of proper validation of user-supplied data when parsing SFD files can lead to OOB writes and arbitrary code execution (bsc#1256031). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-620=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-620=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * fontforge-debugsource-20251009-160000.2.1 * fontforge-debuginfo-20251009-160000.2.1 * fontforge-devel-20251009-160000.2.1 * fontforge-20251009-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * fontforge-doc-20251009-160000.2.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * fontforge-debugsource-20251009-160000.2.1 * fontforge-debuginfo-20251009-160000.2.1 * fontforge-devel-20251009-160000.2.1 * fontforge-20251009-160000.2.1 * SUSE Linux Enterprise Server 16.0 (noarch) * fontforge-doc-20251009-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15270.html * https://bugzilla.suse.com/show_bug.cgi?id=1256031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:32:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:32:04 -0000 Subject: SUSE-SU-2026:21374-1: important: Security update for erlang Message-ID: <177739392477.48.16405059744072719975@9e3d0d49577d> # Security update for erlang Announcement ID: SUSE-SU-2026:21374-1 Release Date: 2026-04-22T10:52:20Z Rating: important References: * bsc#1258663 * bsc#1259681 * bsc#1259682 * bsc#1259687 * bsc#1261726 * bsc#1261728 * bsc#1261734 * bsc#1262288 Cross-References: * CVE-2026-21620 * CVE-2026-23941 * CVE-2026-23942 * CVE-2026-23943 * CVE-2026-28808 * CVE-2026-28810 * CVE-2026-32144 CVSS scores: * CVE-2026-21620 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21620 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21620 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23941 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-23941 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-23941 ( NVD ): 7.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23942 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-23942 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-23942 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23943 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23943 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23943 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28808 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28808 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28808 ( NVD ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28808 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28810 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28810 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-28810 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28810 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-32144 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32144 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-32144 ( NVD ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32144 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and has one fix can now be installed. ## Description: This update for erlang fixes the following issues: Security issues fixed: * CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitrary reads/writes (bsc#1258663). * CVE-2026-23941: improper handling of duplicate Content-Length headers in Erlang OTP can lead to HTTP request smuggling (bsc#1259687). * CVE-2026-23942: improper limitation of a pathname to a restricted directory in the SFTP server can lead to path traversal (bsc#1259681). * CVE-2026-23943: improper handling of highly compressed data in Erlang OTP ssh can lead to denial of service (bsc#1259682). * CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728). * CVE-2026-28810: predictable DNS transaction IDs can lead to DNS cache poisoning (bsc#1261726). * CVE-2026-32144: missing signature verification can lead to OCSP authorization bypass and information disclosure (bsc#1261734). Other updates and bugfixes: * jinterface: allow to build determenistic OtpErlang.jar (bsc#1262288). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-619=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-619=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * erlang-epmd-27.1.3-160000.4.1 * erlang-debuginfo-27.1.3-160000.4.1 * erlang-debugsource-27.1.3-160000.4.1 * erlang-27.1.3-160000.4.1 * erlang-epmd-debuginfo-27.1.3-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * erlang-epmd-27.1.3-160000.4.1 * erlang-debuginfo-27.1.3-160000.4.1 * erlang-debugsource-27.1.3-160000.4.1 * erlang-27.1.3-160000.4.1 * erlang-epmd-debuginfo-27.1.3-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21620.html * https://www.suse.com/security/cve/CVE-2026-23941.html * https://www.suse.com/security/cve/CVE-2026-23942.html * https://www.suse.com/security/cve/CVE-2026-23943.html * https://www.suse.com/security/cve/CVE-2026-28808.html * https://www.suse.com/security/cve/CVE-2026-28810.html * https://www.suse.com/security/cve/CVE-2026-32144.html * https://bugzilla.suse.com/show_bug.cgi?id=1258663 * https://bugzilla.suse.com/show_bug.cgi?id=1259681 * https://bugzilla.suse.com/show_bug.cgi?id=1259682 * https://bugzilla.suse.com/show_bug.cgi?id=1259687 * https://bugzilla.suse.com/show_bug.cgi?id=1261726 * https://bugzilla.suse.com/show_bug.cgi?id=1261728 * https://bugzilla.suse.com/show_bug.cgi?id=1261734 * https://bugzilla.suse.com/show_bug.cgi?id=1262288 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:32:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:32:08 -0000 Subject: SUSE-SU-2026:21373-1: important: Security update for libcap Message-ID: <177739392800.48.2202840592264147617@9e3d0d49577d> # Security update for libcap Announcement ID: SUSE-SU-2026:21373-1 Release Date: 2026-04-22T10:22:37Z Rating: important References: * bsc#1261809 Cross-References: * CVE-2026-4878 CVSS scores: * CVE-2026-4878 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4878 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4878 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4878 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issues: * CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in `cap_set_file()` (bsc#1261809). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-625=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-625=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libcap-progs-2.73-160000.3.1 * libcap2-2.73-160000.3.1 * libcap-progs-debuginfo-2.73-160000.3.1 * libcap2-debuginfo-2.73-160000.3.1 * libpsx2-debuginfo-2.73-160000.3.1 * libcap-debugsource-2.73-160000.3.1 * libpsx2-2.73-160000.3.1 * libcap-devel-2.73-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libcap-progs-2.73-160000.3.1 * libcap2-2.73-160000.3.1 * libcap-progs-debuginfo-2.73-160000.3.1 * libcap2-debuginfo-2.73-160000.3.1 * libpsx2-debuginfo-2.73-160000.3.1 * libcap-debugsource-2.73-160000.3.1 * libpsx2-2.73-160000.3.1 * libcap-devel-2.73-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4878.html * https://bugzilla.suse.com/show_bug.cgi?id=1261809 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:32:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:32:16 -0000 Subject: SUSE-SU-2026:21372-1: important: Security update for openexr Message-ID: <177739393655.48.13775897205661581883@9e3d0d49577d> # Security update for openexr Announcement ID: SUSE-SU-2026:21372-1 Release Date: 2026-04-22T10:03:51Z Rating: important References: * bsc#1261621 * bsc#1261622 * bsc#1261624 * bsc#1261634 Cross-References: * CVE-2026-34379 * CVE-2026-34380 * CVE-2026-34588 * CVE-2026-34589 CVSS scores: * CVE-2026-34379 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-34379 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2026-34379 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2026-34380 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-34380 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-34380 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2026-34588 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34588 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34588 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34588 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34589 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34589 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34589 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34589 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for openexr fixes the following issues: * CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service (bsc#1261621). * CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding (bsc#1261622). * CVE-2026-34588: crafted EXR file can lead to out of bound read and write (bsc#1261624). * CVE-2026-34589: crafted scanline DWAA file can lead to arbitrary code execution or denial of service (bsc#1261634). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-617=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-617=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libIlmThread-3_2-31-debuginfo-3.2.2-160000.6.1 * libOpenEXRUtil-3_2-31-debuginfo-3.2.2-160000.6.1 * libIex-3_2-31-debuginfo-3.2.2-160000.6.1 * libOpenEXR-3_2-31-debuginfo-3.2.2-160000.6.1 * libOpenEXRUtil-3_2-31-3.2.2-160000.6.1 * openexr-3.2.2-160000.6.1 * openexr-debuginfo-3.2.2-160000.6.1 * libOpenEXRCore-3_2-31-3.2.2-160000.6.1 * libOpenEXRCore-3_2-31-debuginfo-3.2.2-160000.6.1 * openexr-debugsource-3.2.2-160000.6.1 * libIlmThread-3_2-31-3.2.2-160000.6.1 * libOpenEXR-3_2-31-3.2.2-160000.6.1 * libIex-3_2-31-3.2.2-160000.6.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * openexr-doc-3.2.2-160000.6.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libIex-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 * libIlmThread-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 * libOpenEXRUtil-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 * libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libOpenEXRCore-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 * libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libIex-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libOpenEXR-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libIlmThread-3_2-31-debuginfo-3.2.2-160000.6.1 * libOpenEXRUtil-3_2-31-debuginfo-3.2.2-160000.6.1 * libIex-3_2-31-debuginfo-3.2.2-160000.6.1 * libOpenEXR-3_2-31-debuginfo-3.2.2-160000.6.1 * libOpenEXRUtil-3_2-31-3.2.2-160000.6.1 * openexr-3.2.2-160000.6.1 * openexr-debuginfo-3.2.2-160000.6.1 * libOpenEXRCore-3_2-31-3.2.2-160000.6.1 * libOpenEXRCore-3_2-31-debuginfo-3.2.2-160000.6.1 * openexr-debugsource-3.2.2-160000.6.1 * libIlmThread-3_2-31-3.2.2-160000.6.1 * libOpenEXR-3_2-31-3.2.2-160000.6.1 * libIex-3_2-31-3.2.2-160000.6.1 * SUSE Linux Enterprise Server 16.0 (noarch) * openexr-doc-3.2.2-160000.6.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libIex-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 * libIlmThread-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 * libOpenEXRUtil-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 * libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libOpenEXRCore-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 * libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libIex-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.6.1 * libOpenEXR-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34379.html * https://www.suse.com/security/cve/CVE-2026-34380.html * https://www.suse.com/security/cve/CVE-2026-34588.html * https://www.suse.com/security/cve/CVE-2026-34589.html * https://bugzilla.suse.com/show_bug.cgi?id=1261621 * https://bugzilla.suse.com/show_bug.cgi?id=1261622 * https://bugzilla.suse.com/show_bug.cgi?id=1261624 * https://bugzilla.suse.com/show_bug.cgi?id=1261634 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:32:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:32:21 -0000 Subject: SUSE-SU-2026:21370-1: important: Security update for ignition Message-ID: <177739394199.48.7865037293867182041@9e3d0d49577d> # Security update for ignition Announcement ID: SUSE-SU-2026:21370-1 Release Date: 2026-04-22T09:58:26Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header (bsc#1260251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-615=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-615=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * ignition-2.21.0-160000.3.1 * ignition-debuginfo-2.21.0-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * ignition-2.21.0-160000.3.1 * ignition-debuginfo-2.21.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:32:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:32:24 -0000 Subject: SUSE-SU-2026:21369-1: important: Security update for sudo Message-ID: <177739394472.48.1429239822382135769@9e3d0d49577d> # Security update for sudo Announcement ID: SUSE-SU-2026:21369-1 Release Date: 2026-04-22T09:56:41Z Rating: important References: * bsc#1261420 Cross-References: * CVE-2026-35535 CVSS scores: * CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for sudo fixes the following issues: * CVE-2026-35535: unhandled failure of `setuid`, `setgid` or `setgroups` calls during a mailer privilege drop allows for local privilege escalation (bsc#1261420). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-616=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-616=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * sudo-policy-sudo-auth-self-1.9.17p1-160000.3.1 * sudo-devel-1.9.17p1-160000.3.1 * sudo-plugin-python-debuginfo-1.9.17p1-160000.3.1 * sudo-debugsource-1.9.17p1-160000.3.1 * sudo-plugin-python-1.9.17p1-160000.3.1 * system-group-sudo-1.9.17p1-160000.3.1 * sudo-policy-wheel-auth-self-1.9.17p1-160000.3.1 * sudo-debuginfo-1.9.17p1-160000.3.1 * sudo-1.9.17p1-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * sudo-policy-sudo-auth-self-1.9.17p1-160000.3.1 * sudo-devel-1.9.17p1-160000.3.1 * sudo-plugin-python-debuginfo-1.9.17p1-160000.3.1 * sudo-debugsource-1.9.17p1-160000.3.1 * sudo-plugin-python-1.9.17p1-160000.3.1 * system-group-sudo-1.9.17p1-160000.3.1 * sudo-policy-wheel-auth-self-1.9.17p1-160000.3.1 * sudo-debuginfo-1.9.17p1-160000.3.1 * sudo-1.9.17p1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35535.html * https://bugzilla.suse.com/show_bug.cgi?id=1261420 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:32:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:32:28 -0000 Subject: SUSE-SU-2026:21368-1: moderate: Security update for giflib Message-ID: <177739394858.48.8473465890586991686@9e3d0d49577d> # Security update for giflib Announcement ID: SUSE-SU-2026:21368-1 Release Date: 2026-04-22T08:10:14Z Rating: moderate References: * bsc#1259502 Cross-References: * CVE-2026-23868 CVSS scores: * CVE-2026-23868 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23868 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-23868 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for giflib fixes the following issue: * CVE-2026-23868: double-free result of a shallow copy can lead to memory corruption (bsc#1259502). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-612=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-612=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libgif7-5.2.2-160000.3.1 * giflib-debugsource-5.2.2-160000.3.1 * giflib-progs-5.2.2-160000.3.1 * libgif7-debuginfo-5.2.2-160000.3.1 * giflib-devel-5.2.2-160000.3.1 * giflib-progs-debuginfo-5.2.2-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libgif7-5.2.2-160000.3.1 * giflib-debugsource-5.2.2-160000.3.1 * giflib-progs-5.2.2-160000.3.1 * libgif7-debuginfo-5.2.2-160000.3.1 * giflib-devel-5.2.2-160000.3.1 * giflib-progs-debuginfo-5.2.2-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23868.html * https://bugzilla.suse.com/show_bug.cgi?id=1259502 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:32:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:32:52 -0000 Subject: SUSE-SU-2026:21366-1: important: Security update for tomcat11 Message-ID: <177739397213.48.12472046115984761004@9e3d0d49577d> # Security update for tomcat11 Announcement ID: SUSE-SU-2026:21366-1 Release Date: 2026-04-21T11:33:15Z Rating: important References: * bsc#1258371 * bsc#1261850 * bsc#1261851 * bsc#1261852 * bsc#1261853 * bsc#1261854 * bsc#1261855 * bsc#1261856 * bsc#1261857 Cross-References: * CVE-2025-66614 * CVE-2026-24880 * CVE-2026-25854 * CVE-2026-29129 * CVE-2026-29145 * CVE-2026-29146 * CVE-2026-32990 * CVE-2026-34483 * CVE-2026-34486 * CVE-2026-34487 * CVE-2026-34500 CVSS scores: * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-24880 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24880 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25854 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25854 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-25854 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-29129 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29129 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29129 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29145 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-29145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-29145 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-29146 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-29146 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-29146 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-32990 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34483 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34483 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34483 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34486 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34486 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34487 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34500 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34500 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34500 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for tomcat11 fixes the following issues: * Update to Tomcat 11.0.21 * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). * CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-605=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-605=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * tomcat11-webapps-11.0.21-160000.1.1 * tomcat11-docs-webapp-11.0.21-160000.1.1 * tomcat11-embed-11.0.21-160000.1.1 * tomcat11-jsp-4_0-api-11.0.21-160000.1.1 * tomcat11-servlet-6_1-api-11.0.21-160000.1.1 * tomcat11-lib-11.0.21-160000.1.1 * tomcat11-doc-11.0.21-160000.1.1 * tomcat11-jsvc-11.0.21-160000.1.1 * tomcat11-admin-webapps-11.0.21-160000.1.1 * tomcat11-el-6_0-api-11.0.21-160000.1.1 * tomcat11-11.0.21-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * tomcat11-webapps-11.0.21-160000.1.1 * tomcat11-docs-webapp-11.0.21-160000.1.1 * tomcat11-embed-11.0.21-160000.1.1 * tomcat11-jsp-4_0-api-11.0.21-160000.1.1 * tomcat11-servlet-6_1-api-11.0.21-160000.1.1 * tomcat11-lib-11.0.21-160000.1.1 * tomcat11-doc-11.0.21-160000.1.1 * tomcat11-jsvc-11.0.21-160000.1.1 * tomcat11-admin-webapps-11.0.21-160000.1.1 * tomcat11-el-6_0-api-11.0.21-160000.1.1 * tomcat11-11.0.21-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24880.html * https://www.suse.com/security/cve/CVE-2026-25854.html * https://www.suse.com/security/cve/CVE-2026-29129.html * https://www.suse.com/security/cve/CVE-2026-29145.html * https://www.suse.com/security/cve/CVE-2026-29146.html * https://www.suse.com/security/cve/CVE-2026-32990.html * https://www.suse.com/security/cve/CVE-2026-34483.html * https://www.suse.com/security/cve/CVE-2026-34486.html * https://www.suse.com/security/cve/CVE-2026-34487.html * https://www.suse.com/security/cve/CVE-2026-34500.html * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1261850 * https://bugzilla.suse.com/show_bug.cgi?id=1261851 * https://bugzilla.suse.com/show_bug.cgi?id=1261852 * https://bugzilla.suse.com/show_bug.cgi?id=1261853 * https://bugzilla.suse.com/show_bug.cgi?id=1261854 * https://bugzilla.suse.com/show_bug.cgi?id=1261855 * https://bugzilla.suse.com/show_bug.cgi?id=1261856 * https://bugzilla.suse.com/show_bug.cgi?id=1261857 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:33:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:33:02 -0000 Subject: SUSE-SU-2026:21364-1: moderate: Security update for libpng16 Message-ID: <177739398243.48.15340665008779304304@9e3d0d49577d> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21364-1 Release Date: 2026-04-21T09:59:18Z Rating: moderate References: * bsc#1261957 Cross-References: * CVE-2026-34757 CVSS scores: * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issue: * CVE-2026-34757: libpng: Information disclosure and data corruption via use- after-free vulnerability (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-603=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-603=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libpng16-16-debuginfo-1.6.44-160000.7.1 * libpng16-compat-devel-1.6.44-160000.7.1 * libpng16-debugsource-1.6.44-160000.7.1 * libpng16-16-1.6.44-160000.7.1 * libpng16-devel-1.6.44-160000.7.1 * libpng16-tools-1.6.44-160000.7.1 * libpng16-tools-debuginfo-1.6.44-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libpng16-16-x86-64-v3-debuginfo-1.6.44-160000.7.1 * libpng16-compat-devel-x86-64-v3-1.6.44-160000.7.1 * libpng16-16-x86-64-v3-1.6.44-160000.7.1 * libpng16-devel-x86-64-v3-1.6.44-160000.7.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libpng16-16-debuginfo-1.6.44-160000.7.1 * libpng16-compat-devel-1.6.44-160000.7.1 * libpng16-debugsource-1.6.44-160000.7.1 * libpng16-16-1.6.44-160000.7.1 * libpng16-devel-1.6.44-160000.7.1 * libpng16-tools-1.6.44-160000.7.1 * libpng16-tools-debuginfo-1.6.44-160000.7.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libpng16-16-x86-64-v3-debuginfo-1.6.44-160000.7.1 * libpng16-compat-devel-x86-64-v3-1.6.44-160000.7.1 * libpng16-16-x86-64-v3-1.6.44-160000.7.1 * libpng16-devel-x86-64-v3-1.6.44-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1261957 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:33:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:33:25 -0000 Subject: SUSE-SU-2026:21363-1: moderate: Security update for ghostscript Message-ID: <177739400514.48.4731859254742337091@9e3d0d49577d> # Security update for ghostscript Announcement ID: SUSE-SU-2026:21363-1 Release Date: 2026-04-21T09:49:39Z Rating: moderate References: * bsc#1243701 * bsc#1245896 * bsc#1250353 * bsc#1250354 * bsc#1250355 * bsc#1257699 Cross-References: * CVE-2025-46646 * CVE-2025-48708 * CVE-2025-59798 * CVE-2025-59799 * CVE-2025-59800 * CVE-2025-59801 CVSS scores: * CVE-2025-46646 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-46646 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2025-48708 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-48708 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-48708 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-59798 ( SUSE ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2025-59798 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59798 ( NVD ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2025-59799 ( SUSE ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2025-59799 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59799 ( NVD ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2025-59800 ( SUSE ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2025-59800 ( NVD ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2025-59800 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59801 ( NVD ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for ghostscript fixes the following issues: Update to version 10.06.0. Security issues fixed: * CVE-2025-59800: an integer overflow can lead to a heap-based buffer overflow in ocr_line8 (bsc#1250355). * CVE-2025-59799: a large size value can cause a stack-based buffer overflow in pdfmark_coerce_dest (bsc#1250354). * CVE-2025-59798: stack-based buffer overflow in pdf_write_cmap can lead to a denial-of-service (bsc#1250353). * CVE-2025-48708: lacks of argument sanitization may lead to password disclosure (bsc#1243701). * CVE-2025-46646: mishandling of overlong utf-8 encoding in artifex ghostscript's decode_utf8 function (bsc#1257699). Other updates and bugfixes: * switch over to libalternatives for ghostscript to provide a gs variant (bsc#1245896) * Version upgrade to 10.06.0: * removes the non-standard operator "selectdevice" (cf. the entry below dated Tue Apr 1 09:56:06 UTC 2025) * Version upgrade to 10.05.1: * an overflow issue in Freetype on platforms where long is a 4 byte (rather than 8 byte) type (Microsoft Windows, for example) causing corrupted glyph rendering at higher resolutions * an issue with embedded files, affecting Zugferd format PDF creation. * broken logic in PDF Optional Content processing * potential slow down due to searching for identifiable font files * a small number of extreme edge case segmentation faults. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-602=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-602=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * ghostscript-x11-debuginfo-10.06.0-160000.1.1 * ghostscript-devel-10.06.0-160000.1.1 * ghostscript-debugsource-10.06.0-160000.1.1 * ghostscript-10.06.0-160000.1.1 * ghostscript-x11-10.06.0-160000.1.1 * ghostscript-debuginfo-10.06.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-debuginfo-10.06.0-160000.1.1 * ghostscript-devel-10.06.0-160000.1.1 * ghostscript-debugsource-10.06.0-160000.1.1 * ghostscript-10.06.0-160000.1.1 * ghostscript-x11-10.06.0-160000.1.1 * ghostscript-debuginfo-10.06.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46646.html * https://www.suse.com/security/cve/CVE-2025-48708.html * https://www.suse.com/security/cve/CVE-2025-59798.html * https://www.suse.com/security/cve/CVE-2025-59799.html * https://www.suse.com/security/cve/CVE-2025-59800.html * https://www.suse.com/security/cve/CVE-2025-59801.html * https://bugzilla.suse.com/show_bug.cgi?id=1243701 * https://bugzilla.suse.com/show_bug.cgi?id=1245896 * https://bugzilla.suse.com/show_bug.cgi?id=1250353 * https://bugzilla.suse.com/show_bug.cgi?id=1250354 * https://bugzilla.suse.com/show_bug.cgi?id=1250355 * https://bugzilla.suse.com/show_bug.cgi?id=1257699 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:33:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:33:28 -0000 Subject: SUSE-SU-2026:21362-1: moderate: Security update for gnome-remote-desktop Message-ID: <177739400846.48.16864202907339824730@9e3d0d49577d> # Security update for gnome-remote-desktop Announcement ID: SUSE-SU-2026:21362-1 Release Date: 2026-04-21T09:37:03Z Rating: moderate References: * bsc#1244053 Cross-References: * CVE-2025-5024 CVSS scores: * CVE-2025-5024 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-5024 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H * CVE-2025-5024 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for gnome-remote-desktop fixes the following issues: Update to version 48.3. Security issues fixed: * CVE-2025-5024: an unauthenticated attacker can exhaust system resources (bsc#1244053). Other updates and bugfixes: * Version update to 48.3: * Fix image corruption on some NVIDIA GPUs. * Version upadte to 48.2: * Handle Vulkan dma-buf format compatibility issues. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-600=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-600=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * gnome-remote-desktop-debugsource-48.3-160000.1.1 * gnome-remote-desktop-debuginfo-48.3-160000.1.1 * gnome-remote-desktop-48.3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * gnome-remote-desktop-lang-48.3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * gnome-remote-desktop-debugsource-48.3-160000.1.1 * gnome-remote-desktop-debuginfo-48.3-160000.1.1 * gnome-remote-desktop-48.3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * gnome-remote-desktop-lang-48.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-5024.html * https://bugzilla.suse.com/show_bug.cgi?id=1244053 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:35:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:35:15 -0000 Subject: SUSE-SU-2026:21361-1: important: Security update for the Linux Kernel Message-ID: <177739411532.48.3472403282279187371@9e3d0d49577d> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21361-1 Release Date: 2026-04-20T17:16:35Z Rating: important References: * bsc#1191256 * bsc#1191270 * bsc#1194778 * bsc#1207184 * bsc#1217845 * bsc#1222768 * bsc#1243208 * bsc#1252073 * bsc#1253129 * bsc#1254214 * bsc#1254306 * bsc#1254307 * bsc#1255084 * bsc#1255687 * bsc#1256647 * bsc#1257183 * bsc#1257511 * bsc#1257708 * bsc#1257773 * bsc#1257777 * bsc#1258175 * bsc#1258280 * bsc#1258293 * bsc#1258301 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258340 * bsc#1258414 * bsc#1258447 * bsc#1258476 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259484 * bsc#1259485 * bsc#1259580 * bsc#1259707 * bsc#1259759 * bsc#1259795 * bsc#1259797 * bsc#1259870 * bsc#1259886 * bsc#1259891 * bsc#1259955 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260459 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260490 * bsc#1260497 * bsc#1260500 * bsc#1260522 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260606 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261496 * bsc#1261498 * bsc#1261506 * bsc#1261507 * bsc#1261669 * jsc#PED-11175 * jsc#PED-15042 * jsc#PED-15441 * jsc#PED-15986 Cross-References: * CVE-2025-39998 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71239 * CVE-2026-23072 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23138 * CVE-2026-23140 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23204 * CVE-2026-23215 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23239 * CVE-2026-23240 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23297 * CVE-2026-23304 * CVE-2026-23319 * CVE-2026-23326 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23393 * CVE-2026-23398 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-23425 * CVE-2026-31788 CVSS scores: * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71239 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-71239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-23072 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23072 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23215 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23326 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23326 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23326 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23335 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23343 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23361 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23379 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23386 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23393 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23414 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23414 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23425 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23425 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23425 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23425 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 49 vulnerabilities, contains four features and has 23 fixes can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759). * CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). * CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485). * CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511). * Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)." * Update config files (bsc#1254307). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955). * bpf: crypto: Use the correct destructor kfunc type (bsc#1259955). * btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * drm/amdkfd: Unreserve bo if queue update failed (git-fixes). * drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). * drm/i915/dsc: Add Selective Update register definitions (stable-fixes). * drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). * firmware: microchip: fail auto-update probe if no flash found (git-fixes). * kABI: Include trace recursion bits in kABI tracking (bsc#1258301). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). * nvme: expose active quirks in sysfs (bsc#1243208). * nvme: fix memory leak in quirks_param_set() (bsc#1243208). * powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes). * powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes). * s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214). * s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175). * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: fnic: Add Cisco hardware model names (jsc#PED-15441). * scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441). * scsi: fnic: Add and integrate support for FIP (jsc#PED-15441). * scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441). * scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441). * scsi: fnic: Add stats and related functionality (jsc#PED-15441). * scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441). * scsi: fnic: Code cleanup (jsc#PED-15441). * scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441). * scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441). * scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441). * scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441). * scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441). * scsi: fnic: Increment driver version (jsc#PED-15441). * scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441). * scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441). * scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441). * scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441). * scsi: fnic: Remove extern definition from .c files (jsc#PED-15441). * scsi: fnic: Remove unnecessary debug print (jsc#PED-15441). * scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441). * scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441). * scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441). * scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441). * scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441). * scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441). * scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441). * scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441). * scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441). * scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441). * scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). * scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). * scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042). * selftests/bpf: Use the correct destructor kfunc type (bsc#1259955). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). * tg3: Fix race for querying speed/duplex (bsc#1257183). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-596=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-596=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * kernel-source-vanilla-6.12.0-160000.28.1 * kernel-docs-html-6.12.0-160000.28.1 * kernel-source-6.12.0-160000.28.1 * kernel-devel-6.12.0-160000.28.1 * kernel-macros-6.12.0-160000.28.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-obs-qa-6.12.0-160000.28.1 * kernel-default-debuginfo-6.12.0-160000.28.1 * dlm-kmp-default-debuginfo-6.12.0-160000.28.1 * kernel-default-base-6.12.0-160000.27.1.160000.2.8 * cluster-md-kmp-default-debuginfo-6.12.0-160000.28.1 * kernel-kvmsmall-debugsource-6.12.0-160000.28.1 * kernel-default-extra-debuginfo-6.12.0-160000.28.1 * cluster-md-kmp-default-6.12.0-160000.28.1 * dlm-kmp-default-6.12.0-160000.28.1 * kernel-default-devel-6.12.0-160000.28.1 * kernel-kvmsmall-devel-6.12.0-160000.28.1 * kernel-kvmsmall-debuginfo-6.12.0-160000.28.1 * kernel-default-debugsource-6.12.0-160000.28.1 * kernel-default-extra-6.12.0-160000.28.1 * kernel-default-livepatch-6.12.0-160000.28.1 * kernel-syms-6.12.0-160000.28.1 * gfs2-kmp-default-debuginfo-6.12.0-160000.28.1 * gfs2-kmp-default-6.12.0-160000.28.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (nosrc ppc64le x86_64) * kernel-kvmsmall-6.12.0-160000.28.1 * kernel-default-6.12.0-160000.28.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.28.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (nosrc x86_64) * kernel-azure-6.12.0-160000.28.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * kernel-azure-debuginfo-6.12.0-160000.28.1 * kernel-azure-extra-debuginfo-6.12.0-160000.28.1 * kernel-default-vdso-debuginfo-6.12.0-160000.28.1 * kernel-default-vdso-6.12.0-160000.28.1 * kernel-azure-vdso-debuginfo-6.12.0-160000.28.1 * kernel-azure-devel-debuginfo-6.12.0-160000.28.1 * kernel-kvmsmall-vdso-6.12.0-160000.28.1 * kernel-default-devel-debuginfo-6.12.0-160000.28.1 * kernel-azure-devel-6.12.0-160000.28.1 * kernel-azure-extra-6.12.0-160000.28.1 * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.28.1 * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.28.1 * kernel-azure-debugsource-6.12.0-160000.28.1 * kernel-azure-vdso-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (noarch) * kernel-source-vanilla-6.12.0-160000.28.1 * kernel-docs-html-6.12.0-160000.28.1 * kernel-source-6.12.0-160000.28.1 * kernel-devel-6.12.0-160000.28.1 * kernel-macros-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-6.12.0-160000.28.1 * kernel-default-base-6.12.0-160000.27.1.160000.2.8 * kernel-kvmsmall-devel-6.12.0-160000.28.1 * kernel-kvmsmall-debuginfo-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (aarch64) * kernel-64kb-extra-6.12.0-160000.28.1 * kernel-64kb-devel-6.12.0-160000.28.1 * kernel-64kb-debugsource-6.12.0-160000.28.1 * kernel-64kb-extra-debuginfo-6.12.0-160000.28.1 * kernel-64kb-debuginfo-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc x86_64) * kernel-azure-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * kernel-azure-debuginfo-6.12.0-160000.28.1 * kernel-azure-extra-debuginfo-6.12.0-160000.28.1 * kernel-azure-devel-6.12.0-160000.28.1 * kernel-azure-extra-6.12.0-160000.28.1 * kernel-azure-debugsource-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * kernel-obs-qa-6.12.0-160000.28.1 * kernel-default-debuginfo-6.12.0-160000.28.1 * kernel-default-extra-debuginfo-6.12.0-160000.28.1 * kernel-default-devel-6.12.0-160000.28.1 * kernel-default-debugsource-6.12.0-160000.28.1 * kernel-default-extra-6.12.0-160000.28.1 * kernel-syms-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * kernel-default-vdso-debuginfo-6.12.0-160000.28.1 * kernel-default-vdso-6.12.0-160000.28.1 * kernel-azure-vdso-debuginfo-6.12.0-160000.28.1 * kernel-azure-devel-debuginfo-6.12.0-160000.28.1 * kernel-kvmsmall-vdso-6.12.0-160000.28.1 * kernel-default-devel-debuginfo-6.12.0-160000.28.1 * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.28.1 * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.28.1 * kernel-azure-vdso-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (nosrc s390x) * kernel-zfcpdump-6.12.0-160000.28.1 * SUSE Linux Enterprise Server 16.0 (s390x) * kernel-zfcpdump-debuginfo-6.12.0-160000.28.1 * kernel-zfcpdump-debugsource-6.12.0-160000.28.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71239.html * https://www.suse.com/security/cve/CVE-2026-23072.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23138.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23215.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23239.html * https://www.suse.com/security/cve/CVE-2026-23240.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23297.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23326.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23393.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-23425.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1191256 * https://bugzilla.suse.com/show_bug.cgi?id=1191270 * https://bugzilla.suse.com/show_bug.cgi?id=1194778 * https://bugzilla.suse.com/show_bug.cgi?id=1207184 * https://bugzilla.suse.com/show_bug.cgi?id=1217845 * https://bugzilla.suse.com/show_bug.cgi?id=1222768 * https://bugzilla.suse.com/show_bug.cgi?id=1243208 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1254214 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1254307 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1255687 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257511 * https://bugzilla.suse.com/show_bug.cgi?id=1257708 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1258175 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258301 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258476 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259484 * https://bugzilla.suse.com/show_bug.cgi?id=1259485 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259759 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259955 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260459 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260490 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260522 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260606 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261506 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 * https://jira.suse.com/browse/PED-11175 * https://jira.suse.com/browse/PED-15042 * https://jira.suse.com/browse/PED-15441 * https://jira.suse.com/browse/PED-15986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:35:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:35:27 -0000 Subject: SUSE-SU-2026:21360-1: important: Security update for libraw Message-ID: <177739412704.48.7288806660911409517@9e3d0d49577d> # Security update for libraw Announcement ID: SUSE-SU-2026:21360-1 Release Date: 2026-04-20T15:30:10Z Rating: important References: * bsc#1261499 * bsc#1261671 * bsc#1261672 * bsc#1261673 * bsc#1261674 * bsc#1261675 * bsc#1261676 Cross-References: * CVE-2026-20884 * CVE-2026-20889 * CVE-2026-20911 * CVE-2026-21413 * CVE-2026-24450 * CVE-2026-24660 * CVE-2026-5342 CVSS scores: * CVE-2026-20884 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20884 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20889 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20889 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20911 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20911 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20911 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-21413 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24450 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-24450 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-24450 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-24660 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5342 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-5342 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-5342 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-5342 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read (bsc#1261499). * CVE-2026-20884: integer overflow vulnerability in the deflate_dng_load_raw (bsc#1261671). * CVE-2026-20889: heap-based buffer overflow vulnerability in the x3f_thumb_loader (bsc#1261672). * CVE-2026-20911: heap-based buffer overflow vulnerability in the HuffTable: initval (bsc#1261673). * CVE-2026-21413: heap-based buffer overflow vulnerability in the lossless_jpeg_load_raw (bsc#1261674). * CVE-2026-24450: integer overflow vulnerability in uncompressed_fp_dng_load_raw (bsc#1261675). * CVE-2026-24660: heap-based buffer overflow vulnerability in the x3f_load_huffman (bsc#1261676). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-599=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-599=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libraw-debugsource-0.21.4-160000.3.1 * libraw23-debuginfo-0.21.4-160000.3.1 * libraw23-0.21.4-160000.3.1 * libraw-tools-debuginfo-0.21.4-160000.3.1 * libraw-tools-0.21.4-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libraw-debugsource-0.21.4-160000.3.1 * libraw23-debuginfo-0.21.4-160000.3.1 * libraw23-0.21.4-160000.3.1 * libraw-tools-debuginfo-0.21.4-160000.3.1 * libraw-tools-0.21.4-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20884.html * https://www.suse.com/security/cve/CVE-2026-20889.html * https://www.suse.com/security/cve/CVE-2026-20911.html * https://www.suse.com/security/cve/CVE-2026-21413.html * https://www.suse.com/security/cve/CVE-2026-24450.html * https://www.suse.com/security/cve/CVE-2026-24660.html * https://www.suse.com/security/cve/CVE-2026-5342.html * https://bugzilla.suse.com/show_bug.cgi?id=1261499 * https://bugzilla.suse.com/show_bug.cgi?id=1261671 * https://bugzilla.suse.com/show_bug.cgi?id=1261672 * https://bugzilla.suse.com/show_bug.cgi?id=1261673 * https://bugzilla.suse.com/show_bug.cgi?id=1261674 * https://bugzilla.suse.com/show_bug.cgi?id=1261675 * https://bugzilla.suse.com/show_bug.cgi?id=1261676 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:35:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:35:35 -0000 Subject: SUSE-SU-2026:21358-1: moderate: Security update for clamav Message-ID: <177739413532.48.1514846876819039685@9e3d0d49577d> # Security update for clamav Announcement ID: SUSE-SU-2026:21358-1 Release Date: 2026-04-20T14:56:29Z Rating: moderate References: * bsc#1221954 * bsc#1258072 * bsc#1259207 * jsc#PED-14819 Cross-References: * CVE-2026-20031 CVSS scores: * CVE-2026-20031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-20031 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-20031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability, contains one feature and has two fixes can now be installed. ## Description: This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: * CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file (bsc#1259207). Non security issue: * Support transactional updates (jsc#PED-14819). Changelog: * Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. * The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. * Freshclam: Fix CLD verification bug with PrivateMirror option. * Upgraded the Rust bytes dependency to a newer version to resolve RUSTSEC-2026-0007 advisory. * Fixed a possible crash caused by invalid pointer alignment on some platforms. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-487=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-487=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * clamav-1.5.2-160000.1.1 * libclamav12-1.5.2-160000.1.1 * libclammspack0-1.5.2-160000.1.1 * libclammspack0-debuginfo-1.5.2-160000.1.1 * clamav-debugsource-1.5.2-160000.1.1 * libfreshclam4-1.5.2-160000.1.1 * libclamav12-debuginfo-1.5.2-160000.1.1 * libfreshclam4-debuginfo-1.5.2-160000.1.1 * clamav-milter-debuginfo-1.5.2-160000.1.1 * clamav-milter-1.5.2-160000.1.1 * clamav-debuginfo-1.5.2-160000.1.1 * clamav-devel-1.5.2-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * clamav-docs-html-1.5.2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * clamav-1.5.2-160000.1.1 * libclamav12-1.5.2-160000.1.1 * libclammspack0-1.5.2-160000.1.1 * libclammspack0-debuginfo-1.5.2-160000.1.1 * clamav-debugsource-1.5.2-160000.1.1 * libfreshclam4-1.5.2-160000.1.1 * libclamav12-debuginfo-1.5.2-160000.1.1 * libfreshclam4-debuginfo-1.5.2-160000.1.1 * clamav-milter-debuginfo-1.5.2-160000.1.1 * clamav-milter-1.5.2-160000.1.1 * clamav-debuginfo-1.5.2-160000.1.1 * clamav-devel-1.5.2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * clamav-docs-html-1.5.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20031.html * https://bugzilla.suse.com/show_bug.cgi?id=1221954 * https://bugzilla.suse.com/show_bug.cgi?id=1258072 * https://bugzilla.suse.com/show_bug.cgi?id=1259207 * https://jira.suse.com/browse/PED-14819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:35:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:35:39 -0000 Subject: SUSE-SU-2026:21357-1: moderate: Security update for rust1.94 Message-ID: <177739413968.48.1237343375507661710@9e3d0d49577d> # Security update for rust1.94 Announcement ID: SUSE-SU-2026:21357-1 Release Date: 2026-04-20T14:46:54Z Rating: moderate References: * bsc#1259623 * bsc#1261876 Cross-References: * CVE-2026-31812 CVSS scores: * CVE-2026-31812 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31812 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31812 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for rust1.94 fixes the following issues: Changes in rust1.94: * Don't force gcc-15 on SLE-16 and higher (bsc#1261876) Update to rust1.94.1: * Release notes can be found externally: https://github.com/rust- lang/rust/releases/tag/1.94.1 * Avoid unwrapping varint decoding during parameters parsing (bsc#1259623 CVE-2026-31812). * Release notes can be found externally: https://github.com/rust- lang/rust/releases/tag/1.94.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-593=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-593=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * cargo1.94-debuginfo-1.94.1-160000.1.1 * rust1.94-debuginfo-1.94.1-160000.1.1 * cargo1.94-1.94.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (nosrc ppc64le x86_64) * rust1.94-1.94.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * cargo1.94-debuginfo-1.94.1-160000.1.1 * rust1.94-debuginfo-1.94.1-160000.1.1 * cargo1.94-1.94.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.94-1.94.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31812.html * https://bugzilla.suse.com/show_bug.cgi?id=1259623 * https://bugzilla.suse.com/show_bug.cgi?id=1261876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:35:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:35:57 -0000 Subject: SUSE-SU-2026:21356-1: important: Security update for go1.26 Message-ID: <177739415720.48.10493045385460963714@9e3d0d49577d> # Security update for go1.26 Announcement ID: SUSE-SU-2026:21356-1 Release Date: 2026-04-20T14:07:00Z Rating: important References: * bsc#1255111 * bsc#1261653 * bsc#1261654 * bsc#1261655 * bsc#1261656 * bsc#1261657 * bsc#1261658 * bsc#1261659 * bsc#1261660 * bsc#1261661 * bsc#1261662 Cross-References: * CVE-2026-27140 * CVE-2026-27143 * CVE-2026-27144 * CVE-2026-32280 * CVE-2026-32281 * CVE-2026-32282 * CVE-2026-32283 * CVE-2026-32288 * CVE-2026-32289 * CVE-2026-33810 CVSS scores: * CVE-2026-27140 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32280 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-33810 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33810 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 10 vulnerabilities and has one fix can now be installed. ## Description: This update for go1.26 fixes the following issues: * Update to version go1.26.2 (bsc#1255111). * CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). * CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). * CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). * CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). * CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). * CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). * CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). * CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains (bsc#1261662). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-595=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-595=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * go1.26-race-1.26.2-160000.1.1 * go1.26-1.26.2-160000.1.1 * go1.26-doc-1.26.2-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * go1.26-libstd-debuginfo-1.26.2-160000.1.1 * go1.26-libstd-1.26.2-160000.1.1 * go1.26-debuginfo-1.26.2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * go1.26-race-1.26.2-160000.1.1 * go1.26-1.26.2-160000.1.1 * go1.26-doc-1.26.2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * go1.26-libstd-debuginfo-1.26.2-160000.1.1 * go1.26-libstd-1.26.2-160000.1.1 * go1.26-debuginfo-1.26.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27140.html * https://www.suse.com/security/cve/CVE-2026-27143.html * https://www.suse.com/security/cve/CVE-2026-27144.html * https://www.suse.com/security/cve/CVE-2026-32280.html * https://www.suse.com/security/cve/CVE-2026-32281.html * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32283.html * https://www.suse.com/security/cve/CVE-2026-32288.html * https://www.suse.com/security/cve/CVE-2026-32289.html * https://www.suse.com/security/cve/CVE-2026-33810.html * https://bugzilla.suse.com/show_bug.cgi?id=1255111 * https://bugzilla.suse.com/show_bug.cgi?id=1261653 * https://bugzilla.suse.com/show_bug.cgi?id=1261654 * https://bugzilla.suse.com/show_bug.cgi?id=1261655 * https://bugzilla.suse.com/show_bug.cgi?id=1261656 * https://bugzilla.suse.com/show_bug.cgi?id=1261657 * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1261659 * https://bugzilla.suse.com/show_bug.cgi?id=1261660 * https://bugzilla.suse.com/show_bug.cgi?id=1261661 * https://bugzilla.suse.com/show_bug.cgi?id=1261662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:36:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:36:13 -0000 Subject: SUSE-SU-2026:21355-1: important: Security update for go1.25 Message-ID: <177739417350.48.10776896172094633747@9e3d0d49577d> # Security update for go1.25 Announcement ID: SUSE-SU-2026:21355-1 Release Date: 2026-04-20T14:02:24Z Rating: important References: * bsc#1244485 * bsc#1261653 * bsc#1261654 * bsc#1261655 * bsc#1261656 * bsc#1261657 * bsc#1261658 * bsc#1261659 * bsc#1261660 * bsc#1261661 Cross-References: * CVE-2026-27140 * CVE-2026-27143 * CVE-2026-27144 * CVE-2026-32280 * CVE-2026-32281 * CVE-2026-32282 * CVE-2026-32283 * CVE-2026-32288 * CVE-2026-32289 CVSS scores: * CVE-2026-27140 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32280 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves nine vulnerabilities and has one fix can now be installed. ## Description: This update for go1.25 fixes the following issues: * Update to version go1.25.9 (bsc#1244485). * CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). * CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). * CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). * CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). * CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). * CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). * CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-594=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-594=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * go1.25-doc-1.25.9-160000.1.1 * go1.25-race-1.25.9-160000.1.1 * go1.25-1.25.9-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * go1.25-libstd-debuginfo-1.25.9-160000.1.1 * go1.25-debuginfo-1.25.9-160000.1.1 * go1.25-libstd-1.25.9-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.9-160000.1.1 * go1.25-race-1.25.9-160000.1.1 * go1.25-1.25.9-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * go1.25-libstd-debuginfo-1.25.9-160000.1.1 * go1.25-debuginfo-1.25.9-160000.1.1 * go1.25-libstd-1.25.9-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27140.html * https://www.suse.com/security/cve/CVE-2026-27143.html * https://www.suse.com/security/cve/CVE-2026-27144.html * https://www.suse.com/security/cve/CVE-2026-32280.html * https://www.suse.com/security/cve/CVE-2026-32281.html * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32283.html * https://www.suse.com/security/cve/CVE-2026-32288.html * https://www.suse.com/security/cve/CVE-2026-32289.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1261653 * https://bugzilla.suse.com/show_bug.cgi?id=1261654 * https://bugzilla.suse.com/show_bug.cgi?id=1261655 * https://bugzilla.suse.com/show_bug.cgi?id=1261656 * https://bugzilla.suse.com/show_bug.cgi?id=1261657 * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1261659 * https://bugzilla.suse.com/show_bug.cgi?id=1261660 * https://bugzilla.suse.com/show_bug.cgi?id=1261661 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:36:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:36:20 -0000 Subject: SUSE-SU-2026:21354-1: important: Security update for qemu Message-ID: <177739418084.48.2067114371537164995@9e3d0d49577d> # Security update for qemu Announcement ID: SUSE-SU-2026:21354-1 Release Date: 2026-04-20T10:24:12Z Rating: important References: * bsc#1258509 * bsc#1259079 * bsc#1259080 * jsc#PED-13174 Cross-References: * CVE-2026-2243 * CVE-2026-3195 * CVE-2026-3196 CVSS scores: * CVE-2026-2243 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-2243 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-2243 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-3195 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H * CVE-2026-3195 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-3196 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-3196 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for qemu fixes the following issues: Update to version 10.0.9. Security issues fixed: * CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCM_INFO requests sent from the guest (bsc#1259079). * CVE-2026-3195: heap out-of-bounds write when reading input audio in the virtio-snd device input callback (bsc#1259080). * CVE-2026-2243: heap out-of-bounds read and 12-byte information leak when processing specially crafted VMDK files with qemu-img (bsc#1258509). Other updates and bugfixes: * Version 10.0.9: * Full backport list: https://lore.kernel.org/qemu- devel/20260318045608.7E1B513DFF6 at think4mjt.localdomain/ * hyperv/syndbg: check length returned by cpu_physical_memory_map() * fuse: Copy write buffer content before polling * target/loongarch: Avoid recursive PNX exception on CSR_BADI fetch * target/loongarch: Preserve PTE permission bits in LDPTE * hw/net/npcm_gmac: Catch accesses off the end of the register array * linux-user: fix TIOCGSID ioctl * tests/tcg/multiarch/test-mmap: Check mmaps beyond reserved_va * bsd-user: Deal with mmap where start > reserved_va * linux-user: Deal with mmap where start > reserved_va * hw/net/xilinx_ethlite: Check for oversized TX packets * virtio-gpu: Ensure BHs are invoked only from main-loop thread * block/nfs: Do not enter coroutine from CB * block: Never drop BLOCK_IO_ERROR with action=stop for rate limiting * block/throttle-groups: fix deadlock with iolimits and muliple iothreads * mirror: Fix missed dirty bitmap writes during startup * block/curl: fix concurrent completion handling * block/vmdk: fix OOB read in vmdk_read_extent() * hw/net/smc91c111: Don't allow negative-length packets * io: fix cleanup for websock I/O source data on cancellation * io: fix cleanup for TLS I/O source data on cancellation * io: separate freeing of tasks from marking them as complete * target/i386/hvf/x86_mmu: Fix compiler warning * hw/i386/vmmouse: Fix hypercall clobbers * tests/docker: upgrade most non-lcitool debian tests to debian 13 * hw/9pfs: fix missing EOPNOTSUPP on Twstat and Trenameat for fs synth driver * hw/9pfs: fix data race in v9fs_mark_fids_unreclaim() * Add support for AMD-Turn CPUs (jsc#PED-13174) * target/i386: Add support for EPYC-Turin model (jsc#PED-13174) * target/i386: Update EPYC-Genoa for Cache property, perfmon-v2, RAS and SVM feature bits (jsc#PED-13174) * target/i386: Add couple of feature bits in CPUID_Fn80000021_EAX (jsc#PED-13174) * target/i386: Update EPYC-Milan CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) * target/i386: Update EPYC-Rome CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) * target/i386: Update EPYC CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-591=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-591=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * qemu-10.0.9-160000.1.1 * qemu-audio-jack-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-vga-10.0.9-160000.1.1 * qemu-hw-usb-smartcard-debuginfo-10.0.9-160000.1.1 * qemu-ppc-debuginfo-10.0.9-160000.1.1 * qemu-debugsource-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-10.0.9-160000.1.1 * qemu-extra-10.0.9-160000.1.1 * qemu-vhost-user-gpu-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-vga-debuginfo-10.0.9-160000.1.1 * qemu-arm-10.0.9-160000.1.1 * qemu-linux-user-debugsource-10.0.9-160000.1.1 * qemu-vhost-user-gpu-10.0.9-160000.1.1 * qemu-hw-usb-host-10.0.9-160000.1.1 * qemu-ivshmem-tools-debuginfo-10.0.9-160000.1.1 * qemu-tools-10.0.9-160000.1.1 * qemu-extra-debuginfo-10.0.9-160000.1.1 * qemu-block-ssh-debuginfo-10.0.9-160000.1.1 * qemu-hw-s390x-virtio-gpu-ccw-10.0.9-160000.1.1 * qemu-s390x-debuginfo-10.0.9-160000.1.1 * qemu-arm-debuginfo-10.0.9-160000.1.1 * qemu-block-nfs-debuginfo-10.0.9-160000.1.1 * qemu-debuginfo-10.0.9-160000.1.1 * qemu-hw-usb-redirect-10.0.9-160000.1.1 * qemu-block-iscsi-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-10.0.9-160000.1.1 * qemu-img-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-pci-10.0.9-160000.1.1 * qemu-block-curl-debuginfo-10.0.9-160000.1.1 * qemu-x86-10.0.9-160000.1.1 * qemu-block-iscsi-debuginfo-10.0.9-160000.1.1 * qemu-pr-helper-10.0.9-160000.1.1 * qemu-audio-oss-debuginfo-10.0.9-160000.1.1 * qemu-hw-usb-redirect-debuginfo-10.0.9-160000.1.1 * qemu-hw-usb-smartcard-10.0.9-160000.1.1 * qemu-ivshmem-tools-10.0.9-160000.1.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-10.0.9-160000.1.1 * qemu-ppc-10.0.9-160000.1.1 * qemu-headless-10.0.9-160000.1.1 * qemu-audio-oss-10.0.9-160000.1.1 * qemu-hw-usb-host-debuginfo-10.0.9-160000.1.1 * qemu-pr-helper-debuginfo-10.0.9-160000.1.1 * qemu-ksm-10.0.9-160000.1.1 * qemu-x86-debuginfo-10.0.9-160000.1.1 * qemu-audio-dbus-10.0.9-160000.1.1 * qemu-tools-debuginfo-10.0.9-160000.1.1 * qemu-s390x-10.0.9-160000.1.1 * qemu-block-dmg-debuginfo-10.0.9-160000.1.1 * qemu-block-curl-10.0.9-160000.1.1 * qemu-audio-alsa-10.0.9-160000.1.1 * qemu-block-nfs-10.0.9-160000.1.1 * qemu-audio-jack-10.0.9-160000.1.1 * qemu-img-debuginfo-10.0.9-160000.1.1 * qemu-guest-agent-debuginfo-10.0.9-160000.1.1 * qemu-linux-user-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-debuginfo-10.0.9-160000.1.1 * qemu-guest-agent-10.0.9-160000.1.1 * qemu-linux-user-10.0.9-160000.1.1 * qemu-audio-alsa-debuginfo-10.0.9-160000.1.1 * qemu-block-dmg-10.0.9-160000.1.1 * qemu-audio-dbus-debuginfo-10.0.9-160000.1.1 * qemu-block-ssh-10.0.9-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * qemu-doc-10.0.9-160000.1.1 * qemu-vgabios-10.0.91.16.3_3_g3d33c746-160000.1.1 * qemu-SLOF-10.0.9-160000.1.1 * qemu-lang-10.0.9-160000.1.1 * qemu-skiboot-10.0.9-160000.1.1 * qemu-ipxe-10.0.9-160000.1.1 * qemu-microvm-10.0.9-160000.1.1 * qemu-seabios-10.0.91.16.3_3_g3d33c746-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * qemu-vmsr-helper-10.0.9-160000.1.1 * qemu-vmsr-helper-debuginfo-10.0.9-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * qemu-10.0.9-160000.1.1 * qemu-audio-jack-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-vga-10.0.9-160000.1.1 * qemu-hw-usb-smartcard-debuginfo-10.0.9-160000.1.1 * qemu-ppc-debuginfo-10.0.9-160000.1.1 * qemu-debugsource-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-10.0.9-160000.1.1 * qemu-extra-10.0.9-160000.1.1 * qemu-vhost-user-gpu-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-vga-debuginfo-10.0.9-160000.1.1 * qemu-arm-10.0.9-160000.1.1 * qemu-linux-user-debugsource-10.0.9-160000.1.1 * qemu-vhost-user-gpu-10.0.9-160000.1.1 * qemu-hw-usb-host-10.0.9-160000.1.1 * qemu-ivshmem-tools-debuginfo-10.0.9-160000.1.1 * qemu-tools-10.0.9-160000.1.1 * qemu-extra-debuginfo-10.0.9-160000.1.1 * qemu-block-ssh-debuginfo-10.0.9-160000.1.1 * qemu-hw-s390x-virtio-gpu-ccw-10.0.9-160000.1.1 * qemu-s390x-debuginfo-10.0.9-160000.1.1 * qemu-arm-debuginfo-10.0.9-160000.1.1 * qemu-block-nfs-debuginfo-10.0.9-160000.1.1 * qemu-debuginfo-10.0.9-160000.1.1 * qemu-hw-usb-redirect-10.0.9-160000.1.1 * qemu-block-iscsi-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-10.0.9-160000.1.1 * qemu-img-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-pci-10.0.9-160000.1.1 * qemu-block-curl-debuginfo-10.0.9-160000.1.1 * qemu-x86-10.0.9-160000.1.1 * qemu-block-iscsi-debuginfo-10.0.9-160000.1.1 * qemu-pr-helper-10.0.9-160000.1.1 * qemu-audio-oss-debuginfo-10.0.9-160000.1.1 * qemu-hw-usb-redirect-debuginfo-10.0.9-160000.1.1 * qemu-hw-usb-smartcard-10.0.9-160000.1.1 * qemu-ivshmem-tools-10.0.9-160000.1.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-10.0.9-160000.1.1 * qemu-ppc-10.0.9-160000.1.1 * qemu-headless-10.0.9-160000.1.1 * qemu-audio-oss-10.0.9-160000.1.1 * qemu-hw-usb-host-debuginfo-10.0.9-160000.1.1 * qemu-pr-helper-debuginfo-10.0.9-160000.1.1 * qemu-ksm-10.0.9-160000.1.1 * qemu-x86-debuginfo-10.0.9-160000.1.1 * qemu-audio-dbus-10.0.9-160000.1.1 * qemu-tools-debuginfo-10.0.9-160000.1.1 * qemu-s390x-10.0.9-160000.1.1 * qemu-block-dmg-debuginfo-10.0.9-160000.1.1 * qemu-block-curl-10.0.9-160000.1.1 * qemu-audio-alsa-10.0.9-160000.1.1 * qemu-block-nfs-10.0.9-160000.1.1 * qemu-audio-jack-10.0.9-160000.1.1 * qemu-img-debuginfo-10.0.9-160000.1.1 * qemu-guest-agent-debuginfo-10.0.9-160000.1.1 * qemu-linux-user-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-debuginfo-10.0.9-160000.1.1 * qemu-guest-agent-10.0.9-160000.1.1 * qemu-linux-user-10.0.9-160000.1.1 * qemu-audio-alsa-debuginfo-10.0.9-160000.1.1 * qemu-block-dmg-10.0.9-160000.1.1 * qemu-audio-dbus-debuginfo-10.0.9-160000.1.1 * qemu-block-ssh-10.0.9-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * qemu-doc-10.0.9-160000.1.1 * qemu-vgabios-10.0.91.16.3_3_g3d33c746-160000.1.1 * qemu-SLOF-10.0.9-160000.1.1 * qemu-lang-10.0.9-160000.1.1 * qemu-skiboot-10.0.9-160000.1.1 * qemu-microvm-10.0.9-160000.1.1 * qemu-ipxe-10.0.9-160000.1.1 * qemu-seabios-10.0.91.16.3_3_g3d33c746-160000.1.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * qemu-vmsr-helper-10.0.9-160000.1.1 * qemu-vmsr-helper-debuginfo-10.0.9-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2243.html * https://www.suse.com/security/cve/CVE-2026-3195.html * https://www.suse.com/security/cve/CVE-2026-3196.html * https://bugzilla.suse.com/show_bug.cgi?id=1258509 * https://bugzilla.suse.com/show_bug.cgi?id=1259079 * https://bugzilla.suse.com/show_bug.cgi?id=1259080 * https://jira.suse.com/browse/PED-13174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:36:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:36:25 -0000 Subject: SUSE-SU-2026:21353-1: moderate: Security update for haproxy Message-ID: <177739418500.48.18439392619095537550@9e3d0d49577d> # Security update for haproxy Announcement ID: SUSE-SU-2026:21353-1 Release Date: 2026-04-23T08:06:25Z Rating: moderate References: * bsc#1261626 * bsc#1262103 Cross-References: * CVE-2026-33555 CVSS scores: * CVE-2026-33555 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N * CVE-2026-33555 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-33555 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server High Availability Extension 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for haproxy fixes the following issues: Security issue: * CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization (bsc#1262103). * bug in SLZ compression (bsc#1261626). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server High Availability Extension 16.0 zypper in -t patch SUSE-SLES-HA-16.0-632=1 ## Package List: * SUSE Linux Enterprise Server High Availability Extension 16.0 (ppc64le s390x x86_64) * haproxy-3.2.15+git64.0fc44b458-160000.2.1 * haproxy-debugsource-3.2.15+git64.0fc44b458-160000.2.1 * haproxy-debuginfo-3.2.15+git64.0fc44b458-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33555.html * https://bugzilla.suse.com/show_bug.cgi?id=1261626 * https://bugzilla.suse.com/show_bug.cgi?id=1262103 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:38:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:38:08 -0000 Subject: SUSE-SU-2026:21352-1: important: Security update for the Linux Kernel Message-ID: <177739428828.48.6145598097644017307@9e3d0d49577d> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21352-1 Release Date: 2026-04-20T15:09:00Z Rating: important References: * bsc#1191256 * bsc#1191270 * bsc#1194778 * bsc#1207184 * bsc#1217845 * bsc#1222768 * bsc#1243208 * bsc#1252073 * bsc#1253129 * bsc#1254214 * bsc#1254306 * bsc#1254307 * bsc#1255084 * bsc#1255687 * bsc#1256647 * bsc#1257183 * bsc#1257511 * bsc#1257708 * bsc#1257773 * bsc#1257777 * bsc#1258175 * bsc#1258280 * bsc#1258293 * bsc#1258301 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258340 * bsc#1258414 * bsc#1258447 * bsc#1258476 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259484 * bsc#1259485 * bsc#1259580 * bsc#1259707 * bsc#1259759 * bsc#1259795 * bsc#1259797 * bsc#1259870 * bsc#1259886 * bsc#1259891 * bsc#1259955 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260459 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260490 * bsc#1260497 * bsc#1260500 * bsc#1260522 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260606 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261496 * bsc#1261498 * bsc#1261506 * bsc#1261507 * bsc#1261669 * jsc#PED-11175 * jsc#PED-15042 * jsc#PED-15441 * jsc#PED-15986 Cross-References: * CVE-2025-39998 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71239 * CVE-2026-23072 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23138 * CVE-2026-23140 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23204 * CVE-2026-23215 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23239 * CVE-2026-23240 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23297 * CVE-2026-23304 * CVE-2026-23319 * CVE-2026-23326 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23393 * CVE-2026-23398 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-23425 * CVE-2026-31788 CVSS scores: * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71239 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-71239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-23072 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23072 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23215 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23326 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23326 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23326 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23335 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23343 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23361 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23379 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23386 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23393 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23414 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23414 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23425 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23425 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23425 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23425 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server High Availability Extension 16.0 An update that solves 49 vulnerabilities, contains four features and has 23 fixes can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759). * CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). * CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485). * CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511). * Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)." * Update config files (bsc#1254307). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955). * bpf: crypto: Use the correct destructor kfunc type (bsc#1259955). * btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * drm/amdkfd: Unreserve bo if queue update failed (git-fixes). * drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). * drm/i915/dsc: Add Selective Update register definitions (stable-fixes). * drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). * firmware: microchip: fail auto-update probe if no flash found (git-fixes). * kABI: Include trace recursion bits in kABI tracking (bsc#1258301). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). * nvme: expose active quirks in sysfs (bsc#1243208). * nvme: fix memory leak in quirks_param_set() (bsc#1243208). * powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes). * powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes). * s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214). * s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175). * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: fnic: Add Cisco hardware model names (jsc#PED-15441). * scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441). * scsi: fnic: Add and integrate support for FIP (jsc#PED-15441). * scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441). * scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441). * scsi: fnic: Add stats and related functionality (jsc#PED-15441). * scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441). * scsi: fnic: Code cleanup (jsc#PED-15441). * scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441). * scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441). * scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441). * scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441). * scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441). * scsi: fnic: Increment driver version (jsc#PED-15441). * scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441). * scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441). * scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441). * scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441). * scsi: fnic: Remove extern definition from .c files (jsc#PED-15441). * scsi: fnic: Remove unnecessary debug print (jsc#PED-15441). * scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441). * scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441). * scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441). * scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441). * scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441). * scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441). * scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441). * scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441). * scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441). * scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441). * scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). * scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). * scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042). * selftests/bpf: Use the correct destructor kfunc type (bsc#1259955). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). * tg3: Fix race for querying speed/duplex (bsc#1257183). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server High Availability Extension 16.0 zypper in -t patch SUSE-SLES-HA-16.0-596=1 ## Package List: * SUSE Linux Enterprise Server High Availability Extension 16.0 (ppc64le s390x x86_64) * kernel-default-debuginfo-6.12.0-160000.28.1 * dlm-kmp-default-debuginfo-6.12.0-160000.28.1 * cluster-md-kmp-default-debuginfo-6.12.0-160000.28.1 * cluster-md-kmp-default-6.12.0-160000.28.1 * dlm-kmp-default-6.12.0-160000.28.1 * kernel-default-debugsource-6.12.0-160000.28.1 * gfs2-kmp-default-debuginfo-6.12.0-160000.28.1 * gfs2-kmp-default-6.12.0-160000.28.1 * SUSE Linux Enterprise Server High Availability Extension 16.0 (nosrc) * kernel-default-6.12.0-160000.28.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71239.html * https://www.suse.com/security/cve/CVE-2026-23072.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23138.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23215.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23239.html * https://www.suse.com/security/cve/CVE-2026-23240.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23297.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23326.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23393.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-23425.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1191256 * https://bugzilla.suse.com/show_bug.cgi?id=1191270 * https://bugzilla.suse.com/show_bug.cgi?id=1194778 * https://bugzilla.suse.com/show_bug.cgi?id=1207184 * https://bugzilla.suse.com/show_bug.cgi?id=1217845 * https://bugzilla.suse.com/show_bug.cgi?id=1222768 * https://bugzilla.suse.com/show_bug.cgi?id=1243208 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1254214 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1254307 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1255687 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257511 * https://bugzilla.suse.com/show_bug.cgi?id=1257708 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1258175 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258301 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258476 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259484 * https://bugzilla.suse.com/show_bug.cgi?id=1259485 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259759 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259955 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260459 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260490 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260522 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260606 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261506 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 * https://jira.suse.com/browse/PED-11175 * https://jira.suse.com/browse/PED-15042 * https://jira.suse.com/browse/PED-15441 * https://jira.suse.com/browse/PED-15986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:38:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:38:43 -0000 Subject: SUSE-SU-2026:1640-1: important: Security update for freerdp2 Message-ID: <177739432370.48.10364464256996969008@9e3d0d49577d> # Security update for freerdp2 Announcement ID: SUSE-SU-2026:1640-1 Release Date: 2026-04-28T11:33:59Z Rating: important References: * bsc#1258919 * bsc#1258920 * bsc#1258921 * bsc#1258923 * bsc#1258924 * bsc#1258939 * bsc#1258967 * bsc#1258977 * bsc#1258987 * bsc#1259653 * bsc#1259680 * bsc#1259684 * bsc#1259689 * bsc#1259692 * bsc#1259693 * bsc#1261848 Cross-References: * CVE-2026-25941 * CVE-2026-25942 * CVE-2026-25952 * CVE-2026-25953 * CVE-2026-25954 * CVE-2026-25997 * CVE-2026-26986 * CVE-2026-27015 * CVE-2026-27951 * CVE-2026-29774 * CVE-2026-29775 * CVE-2026-29776 * CVE-2026-31806 * CVE-2026-31884 * CVE-2026-31897 CVSS scores: * CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25942 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25952 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25953 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25953 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25954 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25997 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-26986 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-26986 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26986 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27015 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27015 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27015 ( NVD ): 5.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27951 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27951 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27951 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27951 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29774 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29775 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29776 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31884 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31897 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 15 vulnerabilities and has one security fix can now be installed. ## Description: This update for freerdp2 fixes the following issues: * CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted `WIRE_TO_SURFACE_2` PDU (bsc#1258919). * CVE-2026-25942: Global-buffer-overflow in `xf_rail_server_execute_result` (bsc#1258920). * CVE-2026-25952: Heap-use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921). * CVE-2026-25953: Heap-use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923). * CVE-2026-25954: Heap-use-after-free in `xf_rail_server_local_move_size` (bsc#1258924). * CVE-2026-25997: Heap-use-after-free in `xf_clipboard_format_equal` (bsc#1258977). * CVE-2026-26986: Heap-use-after-free in `rail_window_free` (bsc#1258967). * CVE-2026-27015: Smartcard NDR alignment padding triggers reachable `WINPR_ASSERT` abort (bsc#1258987). * CVE-2026-27951: Denial of Service via endless blocking loop in `Stream_EnsureCapacity` (bsc#1258939). * CVE-2026-29774: Missing bounds validation can cause a client-side heap buffer overflow (bsc#1259689). * CVE-2026-29775: Malicious server can trigger a client-side heap out-of- bounds access (bsc#1259684). * CVE-2026-29776: Missing length check can lead to an integer underflow (bsc#1259692). * CVE-2026-31897: Missing length check can cause an out-of-bounds read (bsc#1259693). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1640=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1640=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp2-debugsource-2.11.7-150700.3.22.1 * winpr2-devel-2.11.7-150700.3.22.1 * freerdp2-debuginfo-2.11.7-150700.3.22.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * freerdp2-proxy-debuginfo-2.11.7-150700.3.22.1 * winpr2-devel-2.11.7-150700.3.22.1 * freerdp2-server-2.11.7-150700.3.22.1 * freerdp2-server-debuginfo-2.11.7-150700.3.22.1 * freerdp2-2.11.7-150700.3.22.1 * freerdp2-devel-2.11.7-150700.3.22.1 * libwinpr2-2-debuginfo-2.11.7-150700.3.22.1 * freerdp2-debugsource-2.11.7-150700.3.22.1 * libfreerdp2-2-2.11.7-150700.3.22.1 * libwinpr2-2-2.11.7-150700.3.22.1 * freerdp2-debuginfo-2.11.7-150700.3.22.1 * freerdp2-proxy-2.11.7-150700.3.22.1 * libfreerdp2-2-debuginfo-2.11.7-150700.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25941.html * https://www.suse.com/security/cve/CVE-2026-25942.html * https://www.suse.com/security/cve/CVE-2026-25952.html * https://www.suse.com/security/cve/CVE-2026-25953.html * https://www.suse.com/security/cve/CVE-2026-25954.html * https://www.suse.com/security/cve/CVE-2026-25997.html * https://www.suse.com/security/cve/CVE-2026-26986.html * https://www.suse.com/security/cve/CVE-2026-27015.html * https://www.suse.com/security/cve/CVE-2026-27951.html * https://www.suse.com/security/cve/CVE-2026-29774.html * https://www.suse.com/security/cve/CVE-2026-29775.html * https://www.suse.com/security/cve/CVE-2026-29776.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31884.html * https://www.suse.com/security/cve/CVE-2026-31897.html * https://bugzilla.suse.com/show_bug.cgi?id=1258919 * https://bugzilla.suse.com/show_bug.cgi?id=1258920 * https://bugzilla.suse.com/show_bug.cgi?id=1258921 * https://bugzilla.suse.com/show_bug.cgi?id=1258923 * https://bugzilla.suse.com/show_bug.cgi?id=1258924 * https://bugzilla.suse.com/show_bug.cgi?id=1258939 * https://bugzilla.suse.com/show_bug.cgi?id=1258967 * https://bugzilla.suse.com/show_bug.cgi?id=1258977 * https://bugzilla.suse.com/show_bug.cgi?id=1258987 * https://bugzilla.suse.com/show_bug.cgi?id=1259653 * https://bugzilla.suse.com/show_bug.cgi?id=1259680 * https://bugzilla.suse.com/show_bug.cgi?id=1259684 * https://bugzilla.suse.com/show_bug.cgi?id=1259689 * https://bugzilla.suse.com/show_bug.cgi?id=1259692 * https://bugzilla.suse.com/show_bug.cgi?id=1259693 * https://bugzilla.suse.com/show_bug.cgi?id=1261848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 16:38:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 16:38:52 -0000 Subject: SUSE-SU-2026:1639-1: important: Security update for bouncycastle Message-ID: <177739433258.48.6169627869265016716@9e3d0d49577d> # Security update for bouncycastle Announcement ID: SUSE-SU-2026:1639-1 Release Date: 2026-04-28T11:10:38Z Rating: important References: * bsc#1262225 * bsc#1262226 * bsc#1262227 * bsc#1262228 * bsc#1262232 Cross-References: * CVE-2025-14813 * CVE-2026-0636 * CVE-2026-3505 * CVE-2026-5588 * CVE-2026-5598 CVSS scores: * CVE-2025-14813 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-14813 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2025-14813 ( NVD ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Red * CVE-2026-0636 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-0636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-0636 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:X/RE:M/U:Amber * CVE-2026-3505 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3505 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3505 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-5588 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-5588 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-5588 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber * CVE-2026-5598 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-5598 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2026-5598 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:Red Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for bouncycastle fixes the following issues: Update to version 1.84. Security issues fixed: * CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly (bsc#1262225). * CVE-2026-0636: LDAP injection in LDAPStoreHelper.java leads to information disclosure (bsc#1262226). * CVE-2026-3505: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion (bsc#1262232). * CVE-2026-5588: PKIX draft CompositeVerifier accepts empty signature sequence as valid (bsc#1262228). * CVE-2026-5598: non-constant time comparisons risks private key leakage in FrodoKEM (bsc#1262227). Other updates and bugfixes: * Version 1.84: * In line with JVM changes, KEM support has been backported to Java 17. * BCJSSE: Configurable (client) early key_share groups via BCSSLParameters.earlyKeyShares or 'org.bouncycastle.jsse.client.earlyKeyShares' system property. * BCJSSE: Support for curveSM2MLKEM768 hybrid NamedGroup in TLS 1.3 per draft- yang-tls-hybrid-sm2-mlkem-03. * BCJSSE: Log when default cipher suites are disabled. * BCJSSE: Experimental support for ShangMi crypto in TLS 1.3 per RFC 8998 (not enabled by default). * CMS: Added CMSAuthEnvelopedDataStreamGenerator.open taking an explicit content type. * HKDF: Provider support for HKDFParameterSpec.Expand. * Added initial support for RFC 9380 (Hashing to Elliptic Curves); see org.bouncycastle.crypto.hash2curve . * PKCS12: Added default max iteration count of 5,000,000 (configurable via 'org.bouncycastle.pkcs12.max_it_count' property). * TLS: Use javax.crypto.KEM API (when available) to access ML-KEM implementation (incl. hybrids). * A new KeyStore, PKCS12-PBMAC1, has been added which defaults to using PBMAC1 and supports RFC 9879. * A new property 'org.bouncycastle.asn1.max_cons_depth' has been added to allow setting of the maximum nesting for SETs/SEQUENCESs in ASN.1. Default is 32. * A new property 'org.bouncycastle.asn1.max_limit' has been added to allow setting of the stream size of ASN.1 encodings. The value can be either in bytes, or appended with k (1 kilobyte blocks), m (1 megabyte blocks), or g (1 gigabyte blocks). * Added NTRU+ support to the lightweight PQC API and the BCPQC provider. * Added SM4 key wrap/unwrap mode, SM2 key exchange, and logging to SM2Signer. * OpenPGP: Added encryption-key filtering by purpose, a new OpenPGPKey constructor, KeyPassphraseProvider-based passphrase change, wildcard (anonymous) recipient handling, and Web-of-Trust methods for third-party signature chains and delegations. * CMSSignedDataStreamGenerator can now support the generation of DER/DL encoded SignedData objects (note memory restrictions still apply). * It is now possible to add extra digest alorithm IDs to CMSSignedDataStreamGenerator when required. * Random numbers being generated for DSTU4145 signature calculations were 1 bit shorter than they could be. The code has been corrected to allow the generated numbers to occupy the full numeric range available. * HKDF implementation has been corrected to use multiple IKMs if available. * CompositePublic/PrivateKey builders had an issue identifying brainpool and EdDSA curves from the algorithm names due to an error in the OID mapping table. This has been fixed. * S/MIME: Fix AuthEnveloped support for AES192/GCM and AES256/GCM. * CMS: Use implicit tag for AuthEnvelopedData.authEncryptedContentInfo.encryptedContent. * Fixed Strings.split to handle delimiters at position 0. * Fixed FrodoKEM error sampling to be constant-time. * Fixed PKIXNameConstraintValidator to treat a DNS name as intersecting itself. * Fixed PKCS12 key stores not calling getInstance with the original provider (which was forcing provider registration). * A resource leak due to the SMIMESigned constructor leaving background threads hanging on MessagingException has been fixed. * OpenPGP: Fixed an issue where a custom signature creation time was ignored when generating message signatures. * OpenPGP: Fixed SKESK encoding for direct-S2K-encrypted messages. * Version 1.83: * Attempting to check a password on a stripped PGP would throw an exception. Checking the password on such a key will now always return false. * Fixed an issue in KangarooTwelve where premature absorption caused erroneous 168-byte padding; absorption is now delayed so correct final-byte padding is applied. * BCJSSE: Fix supported_versions creation for renegotiation handshake. * (D)TLS: Reneg info now oly offered with pre-1.3. * A generic "COMPOSITE" algorithm name has been added as a JCA Signature algorithm. The algorithm will identify the composite signature to use from the composite key passed in. * The composite signatures implementation has been updated to the final draft and now follows the submitted standard. * Support for the generation and use as trust anchors has been added for certificate signatures with id-alg-unsigned as the signature type. * Support for CMP direct POP for encryption keys using challenge/response has been added to the CMP/CRMF APIs. * Support for SupportedCurves attribute to the BC provider * BCJSSE: Added support for SLH-DSA signature schemes in TLS 1.3 per draft- reddy-tls-slhdsa-01. * Support has been added for the Java 25 KDF API (current algorithms, PBKDF2, SCRYPT, and HKDF). * Support for composite signatures is now included in CMS and timestamping. * It is now possible to disable the Lenstra check in RSA where the public key is not available via the system/security property "org.bouncycastle.rsa.no_lenstra_check". * Version 1.82: * SNOVA and MAYO are now correctly added to the JCA provider module-info file. * TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7. * BCJSSE: Session binding map is now shared across all stages of the session lifecycle (SunJSSE compatibility). * The CMCEPrivateKeyParameters#reconstructPublicKey method was returning an empty byte array. It now returns an encoding of the public key. * CBZip2InputStream no longer auto-closes at end-of-contents. * The BC CertPath implementation was eliminating certificates on the bases of the Key-ID. This is not in accordance with RFC 4158. * Support for the previous set of libOQS Falcon OIDs has been restored. * The BC CipherInputStream could throw an exception if asked to handle an AEAD stream consisting of the MAC only. * Some KeyAgreement classes were missing in the Java 11 class hierarchy. * Fix typo in a constant name in the HPKE class and deprecate the old constant. * Fuzzing analysis has been done on the OpenPGP API and additional code has been added to prevent escaping exceptions. * SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable and EncodableService. * BCJSSE: Added support for integrity-only cipher suites in TLS 1.3 per RFC 9150. * BCJSSE: Added support for system properties "jdk.tls.{client,server}.maxInboundCertificateChainLength" * BCJSSE: Added support for ML-DSA signature schemes in TLS 1.3 per draft- ietf-tls-mldsa-00. * The Composite post-quantum signatures implementation has been updated to the latest draft (07) draft-ietf-lamps-pq-composite-sigs. * "_PREHASH" implementations are now provided for all composite signatures to allow the hash of the date to be used instead of the actual data in signature calculation. * The gradle build can now be used to generate an Bill of Materials (BOM) file. * It is now possible to configure the SignerInfoVerifierBuilder used by the SignedMailValidator class. * The Ascon family of algorithms has been updated with the latest published changes. * Composite signature keys can now be constructed from the individual keys of the algorithms composing the composite. * PGPSecretKey, PGPSignatureGenerator now support version 6. * Further optimisation work has been done on ML-KEM public key validation. * Zeroization of passwords in the JCA PKCS12 key store has been improved. * The "org.bouncycastle.drbg.effective_256bits_entropy" property has been added for platforms where the entropy source is not producing 1 full bit of entropy per bit and additional bits are required (default value 282). * OpenPGPKeyGenerator now allows for the use of empty UserIDs (version 4 compatibility). * The HQC KEM has been updated with the latest draft updates. * The legacy post-quantum package has now been removed. * Version 1.81: * A potention NullPointerException in the KEM KDF KemUtil class has been removed. * Overlapping input/output buffers in doFinal could result in data corruption. * Fixed Grain-128AEAD decryption incorrectly handle MAC verification. * Add configurable header validation to prevent malicious header injection in PGP cleartext signed messages; Fix signature packet encoding issues in PGPSignature.join() and embedded signatures while phasing out legacy format. * Fixed ParallelHash initialization stall when using block size B=0. * The PRF from the PBKDF2 function was been lost when PBMAC1 was initialized from protectionAlgorithm. This has been fixed. * The lowlevel DigestFactory was cloning MD5 when being asked to clone SHA1. * XWing implementation updated to draft-connolly-cfrg-xwing-kem/07/ * Further support has been added for generation and use of PGP V6 keys * Additional validation has been added for armored headers in Cleartext Signed Messages. * The PQC signature algorithm proposal Mayo has been added to the low-level API and the BCPQC provider. * The PQC signature algorithm proposal Snova has been added to the low-level API and the BCPQC provider. * Support for ChaCha20-Poly1305 has been added to the CMS/SMIME APIs. * The Falcon implementation has been updated to the latest draft. * Support has been added for generating keys which encode as seed-only and expanded-key-only for ML-KEM and ML-DSA private keys. * Private key encoding of ML-DSA and ML-KEM private keys now follows the latest IETF draft. * The Ascon family of algorithms has been updated to the initial draft of SP 800-232. Some additional optimisation work has been done. * Support for ML-DSA's external-mu calculation and signing has been added to the BC provider. * CMS now supports ML-DSA for SignedData generation. * Introduce high-level OpenPGP API for message creation/consumption and certificate evaluation. * Added JDK21 KEM API implementation for HQC algorithm. * BCJSSE: Strip trailing dot from hostname for SNI, endpointID checks. * BCJSSE: Draft support for ML-KEM updated (draft-connolly-tls-mlkem-key- agreement-05). * BCJSSE: Draft support for hybrid ECDHE-MLKEM (draft-ietf-tls-ecdhe- mlkem-00). * BCJSSE: Optionally prefer TLS 1.3 server's supported_groups order (BCSSLParameters.useNamedGroupsOrder). * Version 1.80: * A splitting issue for ML-KEM led to an incorrect size for kemct in KEMRecipientInfos. This has been fixed. * The PKCS12 KeyStore has been adjusted to prevent accidental doubling of the Oracle trusted certificate attribute (results in an IOException when used with the JVM PKCS12 implementation). * The SignerInfoGenerator copy constructor was ignoring the certHolder field. * The getAlgorithm() method return value for a CompositePrivateKey was not consistent with the corresponding getAlgorithm() return value for the CompositePrivateKey. This has been fixed. * The international property files were missing from the bcjmail distribution. * Issues with ElephantEngine failing on processing large/multi-block messages have been addressed. * GCFB mode now fully resets on a reset. * The lightweight algorithm contestants: Elephant, ISAP, PhotonBeetle, Xoodyak now support the use of the AEADParameters class and provide accurate update/doFinal output lengths. * An unnecessary downcast in CertPathValidatorUtilities was resulting in the ignoring of URLs for FTP based CRLs. * A regression in the OpenPGP API could cause NoSuchAlgorithmException to be thrown when attempting to use SHA-256 in some contexts. * EtsiTs1029411TypesAuthorization was missing an extension field. * Interoperability issues with single depth LMS keys have been addressed. * CompositeSignatures now updated to draft-ietf-lamps-pq-composite-sigs-03. * ML-KEM, ML-DSA, SLH-DSA, and Composite private keys now use raw encodings as per the latest drafts from IETF 121: draft-ietf-lamps-kyber-certificates-06, draft-ietf-lamps-dilithium-certificates-05, and draft-ietf- lamps-x509-slhdsa. * Initial support has been added for RFC 9579 PBMAC1 in the PKCS API. * Support has been added for EC-JPAKE to the lightweight API. * Support has been added for the direct construction of S/MIME AuthEnvelopedData objects, via the SMIMEAuthEnvelopedData class. * An override "org.bouncycastle.asn1.allow_wrong_oid_enc" property has been added to disable new OID encoding checks (use with caution). * Support has been added for the PBEParemeterSpec.getParameterSpec() method where supported by the JVM. * ML-DSA/SLH-DSA now return null for Signature.getParameters() if no context is provided. This allows the algorithms to be used with the existing Java key tool. * HQC has been updated to reflect the reference implementation released on 2024-10-30. * Support has been added to the low-level APIs for the OASIS Shamir Secret Splitting algorithms. * BCJSSE: System property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" no longer used. FIPS TLS 1.2 GCM suites can now be enabled according to JcaTlsCrypto#getFipsGCMNonceGeneratorFactory (see JavaDoc for details) if done in alignment with FIPS requirements. * Support has been added for OpenPGP V6 PKESK and message encryption. * PGPSecretKey.copyWithNewPassword() now includes AEAD support. * The ASCON family of algorithms have been updated in accordance with the published FIPS SP 800-232 draft. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1639=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1639=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1639=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1639=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1639=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1639=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1639=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1639=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1639=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1639=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1639=1 ## Package List: * Development Tools Module 15-SP7 (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * bouncycastle-1.84-150200.3.35.1 * bouncycastle-pkix-1.84-150200.3.35.1 * bouncycastle-util-1.84-150200.3.35.1 * bouncycastle-pg-1.84-150200.3.35.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14813.html * https://www.suse.com/security/cve/CVE-2026-0636.html * https://www.suse.com/security/cve/CVE-2026-3505.html * https://www.suse.com/security/cve/CVE-2026-5588.html * https://www.suse.com/security/cve/CVE-2026-5598.html * https://bugzilla.suse.com/show_bug.cgi?id=1262225 * https://bugzilla.suse.com/show_bug.cgi?id=1262226 * https://bugzilla.suse.com/show_bug.cgi?id=1262227 * https://bugzilla.suse.com/show_bug.cgi?id=1262228 * https://bugzilla.suse.com/show_bug.cgi?id=1262232 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 20:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 20:30:12 -0000 Subject: SUSE-SU-2026:1645-1: important: Security update for xen Message-ID: <177740821298.94.2517267121682174733@c94ffd25b270> # Security update for xen Announcement ID: SUSE-SU-2026:1645-1 Release Date: 2026-04-28T14:46:53Z Rating: important References: * bsc#1262178 * bsc#1262180 * bsc#1262428 Cross-References: * CVE-2025-54505 * CVE-2026-23557 * CVE-2026-23558 CVSS scores: * CVE-2025-54505 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-54505 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-54505 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23557 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23558 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD- SN-7053 (bsc#1262428). * CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178). * CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1645=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1645=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1645=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * xen-debugsource-4.14.6_30-150300.3.97.1 * xen-tools-domU-debuginfo-4.14.6_30-150300.3.97.1 * xen-tools-domU-4.14.6_30-150300.3.97.1 * xen-libs-debuginfo-4.14.6_30-150300.3.97.1 * xen-libs-4.14.6_30-150300.3.97.1 * xen-devel-4.14.6_30-150300.3.97.1 * openSUSE Leap 15.3 (x86_64) * xen-libs-32bit-debuginfo-4.14.6_30-150300.3.97.1 * xen-libs-32bit-4.14.6_30-150300.3.97.1 * openSUSE Leap 15.3 (aarch64 x86_64) * xen-doc-html-4.14.6_30-150300.3.97.1 * xen-4.14.6_30-150300.3.97.1 * xen-tools-debuginfo-4.14.6_30-150300.3.97.1 * xen-tools-4.14.6_30-150300.3.97.1 * openSUSE Leap 15.3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_30-150300.3.97.1 * openSUSE Leap 15.3 (aarch64_ilp32) * xen-libs-64bit-4.14.6_30-150300.3.97.1 * xen-libs-64bit-debuginfo-4.14.6_30-150300.3.97.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xen-debugsource-4.14.6_30-150300.3.97.1 * xen-libs-4.14.6_30-150300.3.97.1 * xen-libs-debuginfo-4.14.6_30-150300.3.97.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * xen-debugsource-4.14.6_30-150300.3.97.1 * xen-libs-4.14.6_30-150300.3.97.1 * xen-libs-debuginfo-4.14.6_30-150300.3.97.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54505.html * https://www.suse.com/security/cve/CVE-2026-23557.html * https://www.suse.com/security/cve/CVE-2026-23558.html * https://bugzilla.suse.com/show_bug.cgi?id=1262178 * https://bugzilla.suse.com/show_bug.cgi?id=1262180 * https://bugzilla.suse.com/show_bug.cgi?id=1262428 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 28 20:30:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 28 Apr 2026 20:30:25 -0000 Subject: SUSE-SU-2026:1641-1: important: Security update for dovecot22 Message-ID: <177740822525.94.9614226694916795850@c94ffd25b270> # Security update for dovecot22 Announcement ID: SUSE-SU-2026:1641-1 Release Date: 2026-04-28T11:53:50Z Rating: important References: * bsc#1260895 * bsc#1260897 * bsc#1260898 * bsc#1260899 * bsc#1260900 * bsc#1260901 * bsc#1260902 Cross-References: * CVE-2025-59031 * CVE-2025-59032 * CVE-2026-27855 * CVE-2026-27856 * CVE-2026-27857 * CVE-2026-27858 * CVE-2026-27859 CVSS scores: * CVE-2025-59031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59031 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-59031 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-59032 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59032 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59032 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27855 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-27855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-27855 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-27856 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-27856 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27856 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27857 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27857 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27857 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27858 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27858 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27858 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27859 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27859 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27859 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for dovecot22 fixes the following issues: * CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing (bsc#1260895). * CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client (bsc#1260902). * CVE-2026-27855: OTP driver vulnerable to replay attack (bsc#1260900). * CVE-2026-27856: Doveadm credentials were not checked using timing-safe checking function (bsc#1260899). * CVE-2026-27857: sending excessive parenthesis causes imap-login to use excessive memory (bsc#1260898). * CVE-2026-27858: pigeonhole: managesieve-login can allocate large amount of memory during authentication (bsc#1260901). * CVE-2026-27859: excessive RFC 2231 MIME parameters in email would can excessive CPU usage (bsc#1260897). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1641=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1641=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * dovecot22-backend-pgsql-debuginfo-2.2.31-19.32.1 * dovecot22-debugsource-2.2.31-19.32.1 * dovecot22-backend-sqlite-debuginfo-2.2.31-19.32.1 * dovecot22-backend-mysql-debuginfo-2.2.31-19.32.1 * dovecot22-backend-pgsql-2.2.31-19.32.1 * dovecot22-debuginfo-2.2.31-19.32.1 * dovecot22-2.2.31-19.32.1 * dovecot22-devel-2.2.31-19.32.1 * dovecot22-backend-sqlite-2.2.31-19.32.1 * dovecot22-backend-mysql-2.2.31-19.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * dovecot22-backend-pgsql-debuginfo-2.2.31-19.32.1 * dovecot22-debugsource-2.2.31-19.32.1 * dovecot22-backend-sqlite-debuginfo-2.2.31-19.32.1 * dovecot22-backend-mysql-debuginfo-2.2.31-19.32.1 * dovecot22-backend-pgsql-2.2.31-19.32.1 * dovecot22-debuginfo-2.2.31-19.32.1 * dovecot22-2.2.31-19.32.1 * dovecot22-devel-2.2.31-19.32.1 * dovecot22-backend-sqlite-2.2.31-19.32.1 * dovecot22-backend-mysql-2.2.31-19.32.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59031.html * https://www.suse.com/security/cve/CVE-2025-59032.html * https://www.suse.com/security/cve/CVE-2026-27855.html * https://www.suse.com/security/cve/CVE-2026-27856.html * https://www.suse.com/security/cve/CVE-2026-27857.html * https://www.suse.com/security/cve/CVE-2026-27858.html * https://www.suse.com/security/cve/CVE-2026-27859.html * https://bugzilla.suse.com/show_bug.cgi?id=1260895 * https://bugzilla.suse.com/show_bug.cgi?id=1260897 * https://bugzilla.suse.com/show_bug.cgi?id=1260898 * https://bugzilla.suse.com/show_bug.cgi?id=1260899 * https://bugzilla.suse.com/show_bug.cgi?id=1260900 * https://bugzilla.suse.com/show_bug.cgi?id=1260901 * https://bugzilla.suse.com/show_bug.cgi?id=1260902 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 29 08:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 29 Apr 2026 08:30:08 -0000 Subject: SUSE-SU-2026:1650-1: important: Security update for MozillaFirefox Message-ID: <177745140809.151.4251481021883017085@bc0ed609758c> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:1650-1 Release Date: 2026-04-28T18:52:54Z Rating: important References: * bsc#1262230 Cross-References: * CVE-2026-6746 * CVE-2026-6747 * CVE-2026-6748 * CVE-2026-6749 * CVE-2026-6750 * CVE-2026-6751 * CVE-2026-6752 * CVE-2026-6753 * CVE-2026-6754 * CVE-2026-6757 * CVE-2026-6759 * CVE-2026-6761 * CVE-2026-6762 * CVE-2026-6763 * CVE-2026-6764 * CVE-2026-6765 * CVE-2026-6766 * CVE-2026-6767 * CVE-2026-6769 * CVE-2026-6770 * CVE-2026-6771 * CVE-2026-6772 * CVE-2026-6776 * CVE-2026-6785 * CVE-2026-6786 CVSS scores: * CVE-2026-6746 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6747 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6748 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6749 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6750 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6751 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6752 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6753 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6754 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6757 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6759 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6761 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6762 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6763 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6764 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-6765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6766 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6767 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6769 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6770 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-6771 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6772 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6785 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6786 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR (bsc#1262230, MFSA 2026-32): * CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. * CVE-2026-6747: Use-after-free in the WebRTC component. * CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. * CVE-2026-6750: Privilege escalation in the Graphics: WebRender component. * CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6752: Incorrect boundary conditions in the WebRTC component. * CVE-2026-6753: Incorrect boundary conditions in the WebRTC component. * CVE-2026-6754: Use-after-free in the JavaScript Engine component. * CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component. * CVE-2026-6759: Use-after-free in the Widget: Cocoa component. * CVE-2026-6761: Privilege escalation in the Networking component. * CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component. * CVE-2026-6763: Mitigation bypass in the File Handling component. * CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component. * CVE-2026-6765: Information disclosure in the Form Autofill component. * CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS. * CVE-2026-6767: Other issue in the Libraries component in NSS. * CVE-2026-6769: Privilege escalation in the Debugger component. * CVE-2026-6770: Other issue in the Storage: IndexedDB component. * CVE-2026-6771: Mitigation bypass in the DOM: Security component. * CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS. * CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. * CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1650=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1650=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.10.0-112.310.1 * MozillaFirefox-translations-common-140.10.0-112.310.1 * MozillaFirefox-140.10.0-112.310.1 * MozillaFirefox-debuginfo-140.10.0-112.310.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * MozillaFirefox-devel-140.10.0-112.310.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * MozillaFirefox-debugsource-140.10.0-112.310.1 * MozillaFirefox-translations-common-140.10.0-112.310.1 * MozillaFirefox-140.10.0-112.310.1 * MozillaFirefox-debuginfo-140.10.0-112.310.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * MozillaFirefox-devel-140.10.0-112.310.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6746.html * https://www.suse.com/security/cve/CVE-2026-6747.html * https://www.suse.com/security/cve/CVE-2026-6748.html * https://www.suse.com/security/cve/CVE-2026-6749.html * https://www.suse.com/security/cve/CVE-2026-6750.html * https://www.suse.com/security/cve/CVE-2026-6751.html * https://www.suse.com/security/cve/CVE-2026-6752.html * https://www.suse.com/security/cve/CVE-2026-6753.html * https://www.suse.com/security/cve/CVE-2026-6754.html * https://www.suse.com/security/cve/CVE-2026-6757.html * https://www.suse.com/security/cve/CVE-2026-6759.html * https://www.suse.com/security/cve/CVE-2026-6761.html * https://www.suse.com/security/cve/CVE-2026-6762.html * https://www.suse.com/security/cve/CVE-2026-6763.html * https://www.suse.com/security/cve/CVE-2026-6764.html * https://www.suse.com/security/cve/CVE-2026-6765.html * https://www.suse.com/security/cve/CVE-2026-6766.html * https://www.suse.com/security/cve/CVE-2026-6767.html * https://www.suse.com/security/cve/CVE-2026-6769.html * https://www.suse.com/security/cve/CVE-2026-6770.html * https://www.suse.com/security/cve/CVE-2026-6771.html * https://www.suse.com/security/cve/CVE-2026-6772.html * https://www.suse.com/security/cve/CVE-2026-6776.html * https://www.suse.com/security/cve/CVE-2026-6785.html * https://www.suse.com/security/cve/CVE-2026-6786.html * https://bugzilla.suse.com/show_bug.cgi?id=1262230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 29 08:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 29 Apr 2026 08:30:12 -0000 Subject: SUSE-SU-2026:1649-1: important: Security update for MozillaFirefox Message-ID: <177745141203.151.12666273586683683175@bc0ed609758c> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:1649-1 Release Date: 2026-04-28T18:52:37Z Rating: important References: * bsc#1262230 Cross-References: * CVE-2026-6746 * CVE-2026-6747 * CVE-2026-6748 * CVE-2026-6749 * CVE-2026-6750 * CVE-2026-6751 * CVE-2026-6752 * CVE-2026-6753 * CVE-2026-6754 * CVE-2026-6757 * CVE-2026-6759 * CVE-2026-6761 * CVE-2026-6762 * CVE-2026-6763 * CVE-2026-6764 * CVE-2026-6765 * CVE-2026-6766 * CVE-2026-6767 * CVE-2026-6769 * CVE-2026-6770 * CVE-2026-6771 * CVE-2026-6772 * CVE-2026-6776 * CVE-2026-6785 * CVE-2026-6786 CVSS scores: * CVE-2026-6746 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6747 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6748 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6749 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6750 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6751 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6752 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6753 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6754 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6757 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6759 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6761 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6762 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6763 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6764 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-6765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6766 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6767 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6769 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6770 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-6771 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6772 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6785 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6786 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR (bsc#1262230, MFSA 2026-32): * CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. * CVE-2026-6747: Use-after-free in the WebRTC component. * CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. * CVE-2026-6750: Privilege escalation in the Graphics: WebRender component. * CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6752: Incorrect boundary conditions in the WebRTC component. * CVE-2026-6753: Incorrect boundary conditions in the WebRTC component. * CVE-2026-6754: Use-after-free in the JavaScript Engine component. * CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component. * CVE-2026-6759: Use-after-free in the Widget: Cocoa component. * CVE-2026-6761: Privilege escalation in the Networking component. * CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component. * CVE-2026-6763: Mitigation bypass in the File Handling component. * CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component. * CVE-2026-6765: Information disclosure in the Form Autofill component. * CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS. * CVE-2026-6767: Other issue in the Libraries component in NSS. * CVE-2026-6769: Privilege escalation in the Debugger component. * CVE-2026-6770: Other issue in the Storage: IndexedDB component. * CVE-2026-6771: Mitigation bypass in the DOM: Security component. * CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS. * CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. * CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1649=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1649=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1649=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1649=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1649=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1649=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1649=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1649=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1649=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1649=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1649=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * Desktop Applications Module 15-SP7 (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * MozillaFirefox-translations-other-140.10.0-150200.152.231.1 * MozillaFirefox-140.10.0-150200.152.231.1 * MozillaFirefox-debugsource-140.10.0-150200.152.231.1 * MozillaFirefox-translations-common-140.10.0-150200.152.231.1 * MozillaFirefox-debuginfo-140.10.0-150200.152.231.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * MozillaFirefox-devel-140.10.0-150200.152.231.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6746.html * https://www.suse.com/security/cve/CVE-2026-6747.html * https://www.suse.com/security/cve/CVE-2026-6748.html * https://www.suse.com/security/cve/CVE-2026-6749.html * https://www.suse.com/security/cve/CVE-2026-6750.html * https://www.suse.com/security/cve/CVE-2026-6751.html * https://www.suse.com/security/cve/CVE-2026-6752.html * https://www.suse.com/security/cve/CVE-2026-6753.html * https://www.suse.com/security/cve/CVE-2026-6754.html * https://www.suse.com/security/cve/CVE-2026-6757.html * https://www.suse.com/security/cve/CVE-2026-6759.html * https://www.suse.com/security/cve/CVE-2026-6761.html * https://www.suse.com/security/cve/CVE-2026-6762.html * https://www.suse.com/security/cve/CVE-2026-6763.html * https://www.suse.com/security/cve/CVE-2026-6764.html * https://www.suse.com/security/cve/CVE-2026-6765.html * https://www.suse.com/security/cve/CVE-2026-6766.html * https://www.suse.com/security/cve/CVE-2026-6767.html * https://www.suse.com/security/cve/CVE-2026-6769.html * https://www.suse.com/security/cve/CVE-2026-6770.html * https://www.suse.com/security/cve/CVE-2026-6771.html * https://www.suse.com/security/cve/CVE-2026-6772.html * https://www.suse.com/security/cve/CVE-2026-6776.html * https://www.suse.com/security/cve/CVE-2026-6785.html * https://www.suse.com/security/cve/CVE-2026-6786.html * https://bugzilla.suse.com/show_bug.cgi?id=1262230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 29 08:30:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 29 Apr 2026 08:30:29 -0000 Subject: SUSE-SU-2026:1648-1: moderate: Security update for webkit2gtk3 Message-ID: <177745142941.151.3982353251100877538@bc0ed609758c> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:1648-1 Release Date: 2026-04-28T18:07:02Z Rating: moderate References: * bsc#1261172 * bsc#1261173 * bsc#1261174 * bsc#1261175 * bsc#1261176 * bsc#1261177 * bsc#1261178 * bsc#1261179 Cross-References: * CVE-2026-20643 * CVE-2026-20664 * CVE-2026-20665 * CVE-2026-20691 * CVE-2026-28857 * CVE-2026-28859 * CVE-2026-28861 * CVE-2026-28871 CVSS scores: * CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-20691 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: * CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy (bsc#1261172). * CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261173). * CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced (bsc#1261174). * CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint the user (bsc#1261175). * CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261176). * CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox (bsc#1261177). * CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins (bsc#1261178). * CVE-2026-28871: visiting a maliciously crafted website may lead to a cross- site scripting attack (bsc#1261179). Other updates and bugfixes: * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1648=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libjavascriptcoregtk-4_0-18-2.52.1-4.57.1 * webkit2gtk3-debugsource-2.52.1-4.57.1 * typelib-1_0-WebKit2-4_0-2.52.1-4.57.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-4.57.1 * webkit2gtk3-devel-2.52.1-4.57.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-4.57.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-4.57.1 * libwebkit2gtk-4_0-37-2.52.1-4.57.1 * webkit2gtk-4_0-injected-bundles-2.52.1-4.57.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-4.57.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-4.57.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * libwebkit2gtk3-lang-2.52.1-4.57.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20643.html * https://www.suse.com/security/cve/CVE-2026-20664.html * https://www.suse.com/security/cve/CVE-2026-20665.html * https://www.suse.com/security/cve/CVE-2026-20691.html * https://www.suse.com/security/cve/CVE-2026-28857.html * https://www.suse.com/security/cve/CVE-2026-28859.html * https://www.suse.com/security/cve/CVE-2026-28861.html * https://www.suse.com/security/cve/CVE-2026-28871.html * https://bugzilla.suse.com/show_bug.cgi?id=1261172 * https://bugzilla.suse.com/show_bug.cgi?id=1261173 * https://bugzilla.suse.com/show_bug.cgi?id=1261174 * https://bugzilla.suse.com/show_bug.cgi?id=1261175 * https://bugzilla.suse.com/show_bug.cgi?id=1261176 * https://bugzilla.suse.com/show_bug.cgi?id=1261177 * https://bugzilla.suse.com/show_bug.cgi?id=1261178 * https://bugzilla.suse.com/show_bug.cgi?id=1261179 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 29 08:30:32 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 29 Apr 2026 08:30:32 -0000 Subject: SUSE-SU-2026:1647-1: moderate: Security update for python-requests Message-ID: <177745143269.151.10583216750982504992@bc0ed609758c> # Security update for python-requests Announcement ID: SUSE-SU-2026:1647-1 Release Date: 2026-04-28T18:03:12Z Rating: moderate References: * bsc#1260589 Cross-References: * CVE-2026-25645 CVSS scores: * CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1647=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1647=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1647=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1647=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-requests-2.31.0-150400.6.21.1 * openSUSE Leap 15.6 (noarch) * python311-requests-2.31.0-150400.6.21.1 * Public Cloud Module 15-SP4 (noarch) * python311-requests-2.31.0-150400.6.21.1 * Python 3 Module 15-SP7 (noarch) * python311-requests-2.31.0-150400.6.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25645.html * https://bugzilla.suse.com/show_bug.cgi?id=1260589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 29 08:30:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 29 Apr 2026 08:30:36 -0000 Subject: SUSE-SU-2026:1646-1: moderate: Security update for gnome-remote-desktop Message-ID: <177745143603.151.9796239979829670464@bc0ed609758c> # Security update for gnome-remote-desktop Announcement ID: SUSE-SU-2026:1646-1 Release Date: 2026-04-28T18:01:32Z Rating: moderate References: * bsc#1244053 Cross-References: * CVE-2025-5024 CVSS scores: * CVE-2025-5024 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-5024 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H * CVE-2025-5024 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gnome-remote-desktop fixes the following issue: * CVE-2025-5024: an unauthenticated attacker can exhaust system resources (bsc#1244053). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1646=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1646=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gnome-remote-desktop-debugsource-46.5-150700.3.3.1 * gnome-remote-desktop-46.5-150700.3.3.1 * gnome-remote-desktop-debuginfo-46.5-150700.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gnome-remote-desktop-lang-46.5-150700.3.3.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * gnome-remote-desktop-debugsource-46.5-150700.3.3.1 * gnome-remote-desktop-46.5-150700.3.3.1 * gnome-remote-desktop-debuginfo-46.5-150700.3.3.1 * SUSE Package Hub 15 15-SP7 (noarch) * gnome-remote-desktop-lang-46.5-150700.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-5024.html * https://bugzilla.suse.com/show_bug.cgi?id=1244053 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 29 08:30:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 29 Apr 2026 08:30:40 -0000 Subject: SUSE-SU-2026:1644-1: moderate: Security update for python-requests Message-ID: <177745144064.151.14234699070732773970@bc0ed609758c> # Security update for python-requests Announcement ID: SUSE-SU-2026:1644-1 Release Date: 2026-04-28T13:31:55Z Rating: moderate References: * bsc#1260589 Cross-References: * CVE-2026-25645 CVSS scores: * CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1644=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1644=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1644=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1644=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1644=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1644=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1644=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1644=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1644=1 ## Package List: * openSUSE Leap 15.3 (noarch) * python3-requests-2.25.1-150300.3.21.1 * python2-requests-2.25.1-150300.3.21.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-requests-2.25.1-150300.3.21.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-requests-2.25.1-150300.3.21.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-requests-2.25.1-150300.3.21.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-requests-2.25.1-150300.3.21.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-requests-2.25.1-150300.3.21.1 * Basesystem Module 15-SP7 (noarch) * python3-requests-2.25.1-150300.3.21.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-requests-2.25.1-150300.3.21.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-requests-2.25.1-150300.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25645.html * https://bugzilla.suse.com/show_bug.cgi?id=1260589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 29 08:31:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 29 Apr 2026 08:31:12 -0000 Subject: SUSE-SU-2026:1643-1: important: Security update for the Linux Kernel Message-ID: <177745147286.151.16185372950907239112@bc0ed609758c> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1643-1 Release Date: 2026-04-28T13:27:24Z Rating: important References: * bsc#1252073 * bsc#1253122 * bsc#1257506 * bsc#1257773 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259797 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260471 * bsc#1260486 * bsc#1260562 * bsc#1260730 * bsc#1261412 * bsc#1261498 Cross-References: * CVE-2025-39998 * CVE-2026-23103 * CVE-2026-23231 * CVE-2026-23243 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23278 * CVE-2026-23293 * CVE-2026-23317 * CVE-2026-23381 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-31788 CVSS scores: * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23412 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23412 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 14 vulnerabilities and has five security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing (bsc#1253122). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1643=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1643=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1643=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1643=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1643=1 ## Package List: * openSUSE Leap 15.6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (noarch) * kernel-docs-html-6.4.0-150600.23.95.1 * kernel-source-6.4.0-150600.23.95.1 * kernel-macros-6.4.0-150600.23.95.1 * kernel-source-vanilla-6.4.0-150600.23.95.1 * kernel-devel-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (nosrc ppc64le x86_64) * kernel-debug-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (ppc64le x86_64) * kernel-debug-devel-6.4.0-150600.23.95.1 * kernel-debug-debuginfo-6.4.0-150600.23.95.1 * kernel-debug-devel-debuginfo-6.4.0-150600.23.95.1 * kernel-debug-debugsource-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (x86_64) * kernel-default-vdso-6.4.0-150600.23.95.1 * kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.95.1 * kernel-default-vdso-debuginfo-6.4.0-150600.23.95.1 * kernel-debug-vdso-6.4.0-150600.23.95.1 * kernel-debug-vdso-debuginfo-6.4.0-150600.23.95.1 * kernel-kvmsmall-vdso-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.95.1 * kernel-kvmsmall-debugsource-6.4.0-150600.23.95.1 * kernel-default-base-6.4.0-150600.23.95.1.150600.12.44.1 * kernel-kvmsmall-devel-6.4.0-150600.23.95.1 * kernel-kvmsmall-debuginfo-6.4.0-150600.23.95.1 * kernel-default-base-rebuild-6.4.0-150600.23.95.1.150600.12.44.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * kernel-default-optional-6.4.0-150600.23.95.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.95.1 * kernel-default-devel-6.4.0-150600.23.95.1 * gfs2-kmp-default-6.4.0-150600.23.95.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.95.1 * kernel-default-extra-6.4.0-150600.23.95.1 * cluster-md-kmp-default-6.4.0-150600.23.95.1 * kernel-default-livepatch-6.4.0-150600.23.95.1 * kernel-default-debugsource-6.4.0-150600.23.95.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.95.1 * kernel-default-optional-debuginfo-6.4.0-150600.23.95.1 * kselftests-kmp-default-debuginfo-6.4.0-150600.23.95.1 * kernel-obs-build-debugsource-6.4.0-150600.23.95.1 * kernel-obs-qa-6.4.0-150600.23.95.1 * dlm-kmp-default-6.4.0-150600.23.95.1 * kselftests-kmp-default-6.4.0-150600.23.95.1 * kernel-default-extra-debuginfo-6.4.0-150600.23.95.1 * kernel-obs-build-6.4.0-150600.23.95.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.95.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1 * ocfs2-kmp-default-6.4.0-150600.23.95.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1 * reiserfs-kmp-default-6.4.0-150600.23.95.1 * kernel-default-debuginfo-6.4.0-150600.23.95.1 * kernel-syms-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-1-150600.13.3.1 * kernel-livepatch-6_4_0-150600_23_95-default-1-150600.13.3.1 * kernel-default-livepatch-devel-6.4.0-150600.23.95.1 * kernel-livepatch-SLE15-SP6_Update_22-debugsource-1-150600.13.3.1 * openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (s390x) * kernel-zfcpdump-debugsource-6.4.0-150600.23.95.1 * kernel-zfcpdump-debuginfo-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (nosrc) * dtb-aarch64-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (aarch64) * kernel-64kb-devel-6.4.0-150600.23.95.1 * dtb-nvidia-6.4.0-150600.23.95.1 * dtb-broadcom-6.4.0-150600.23.95.1 * kernel-64kb-devel-debuginfo-6.4.0-150600.23.95.1 * kernel-64kb-optional-6.4.0-150600.23.95.1 * dtb-socionext-6.4.0-150600.23.95.1 * dtb-hisilicon-6.4.0-150600.23.95.1 * kernel-64kb-debuginfo-6.4.0-150600.23.95.1 * kselftests-kmp-64kb-6.4.0-150600.23.95.1 * dtb-arm-6.4.0-150600.23.95.1 * reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.95.1 * dtb-amd-6.4.0-150600.23.95.1 * dtb-apm-6.4.0-150600.23.95.1 * dtb-cavium-6.4.0-150600.23.95.1 * kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.95.1 * kernel-64kb-debugsource-6.4.0-150600.23.95.1 * gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.95.1 * dtb-rockchip-6.4.0-150600.23.95.1 * dtb-altera-6.4.0-150600.23.95.1 * dtb-sprd-6.4.0-150600.23.95.1 * dtb-apple-6.4.0-150600.23.95.1 * cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.95.1 * dtb-mediatek-6.4.0-150600.23.95.1 * dtb-freescale-6.4.0-150600.23.95.1 * dtb-renesas-6.4.0-150600.23.95.1 * ocfs2-kmp-64kb-6.4.0-150600.23.95.1 * dtb-exynos-6.4.0-150600.23.95.1 * kernel-64kb-optional-debuginfo-6.4.0-150600.23.95.1 * dlm-kmp-64kb-6.4.0-150600.23.95.1 * kernel-64kb-extra-debuginfo-6.4.0-150600.23.95.1 * dtb-allwinner-6.4.0-150600.23.95.1 * dtb-qcom-6.4.0-150600.23.95.1 * dtb-amazon-6.4.0-150600.23.95.1 * dtb-lg-6.4.0-150600.23.95.1 * gfs2-kmp-64kb-6.4.0-150600.23.95.1 * kernel-64kb-extra-6.4.0-150600.23.95.1 * dlm-kmp-64kb-debuginfo-6.4.0-150600.23.95.1 * reiserfs-kmp-64kb-6.4.0-150600.23.95.1 * ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.95.1 * dtb-marvell-6.4.0-150600.23.95.1 * dtb-amlogic-6.4.0-150600.23.95.1 * cluster-md-kmp-64kb-6.4.0-150600.23.95.1 * dtb-xilinx-6.4.0-150600.23.95.1 * openSUSE Leap 15.6 (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.95.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc) * kernel-default-6.4.0-150600.23.95.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-6.4.0-150600.23.95.1 * kernel-default-debuginfo-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-6.4.0-150600.23.95.1 * kernel-obs-build-6.4.0-150600.23.95.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.95.1 * ocfs2-kmp-default-6.4.0-150600.23.95.1 * dlm-kmp-default-6.4.0-150600.23.95.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1 * gfs2-kmp-default-6.4.0-150600.23.95.1 * kernel-default-debugsource-6.4.0-150600.23.95.1 * kernel-default-devel-6.4.0-150600.23.95.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.95.1 * reiserfs-kmp-default-6.4.0-150600.23.95.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.95.1 * kernel-obs-build-debugsource-6.4.0-150600.23.95.1 * kernel-default-debuginfo-6.4.0-150600.23.95.1 * cluster-md-kmp-default-6.4.0-150600.23.95.1 * kernel-syms-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64) * kernel-64kb-debuginfo-6.4.0-150600.23.95.1 * kernel-64kb-debugsource-6.4.0-150600.23.95.1 * kernel-64kb-devel-6.4.0-150600.23.95.1 * kernel-64kb-devel-debuginfo-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-150600.23.95.1.150600.12.44.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * kernel-macros-6.4.0-150600.23.95.1 * kernel-source-6.4.0-150600.23.95.1 * kernel-devel-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch nosrc) * kernel-docs-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x) * kernel-zfcpdump-debugsource-6.4.0-150600.23.95.1 * kernel-zfcpdump-debuginfo-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * dlm-kmp-default-debuginfo-6.4.0-150600.23.95.1 * kernel-default-base-6.4.0-150600.23.95.1.150600.12.44.1 * kernel-obs-build-6.4.0-150600.23.95.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.95.1 * ocfs2-kmp-default-6.4.0-150600.23.95.1 * dlm-kmp-default-6.4.0-150600.23.95.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.95.1 * gfs2-kmp-default-6.4.0-150600.23.95.1 * kernel-default-debugsource-6.4.0-150600.23.95.1 * kernel-default-devel-6.4.0-150600.23.95.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.95.1 * reiserfs-kmp-default-6.4.0-150600.23.95.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.95.1 * kernel-obs-build-debugsource-6.4.0-150600.23.95.1 * kernel-default-debuginfo-6.4.0-150600.23.95.1 * cluster-md-kmp-default-6.4.0-150600.23.95.1 * kernel-syms-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (nosrc ppc64le x86_64) * kernel-default-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * kernel-macros-6.4.0-150600.23.95.1 * kernel-source-6.4.0-150600.23.95.1 * kernel-devel-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Live Patching 15-SP6 (nosrc) * kernel-default-6.4.0-150600.23.95.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_22-debugsource-1-150600.13.3.1 * kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-1-150600.13.3.1 * kernel-default-livepatch-6.4.0-150600.23.95.1 * kernel-default-livepatch-devel-6.4.0-150600.23.95.1 * kernel-livepatch-6_4_0-150600_23_95-default-1-150600.13.3.1 * kernel-default-debugsource-6.4.0-150600.23.95.1 * kernel-default-debuginfo-6.4.0-150600.23.95.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1253122 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 29 12:30:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 29 Apr 2026 12:30:42 -0000 Subject: SUSE-SU-2026:1653-1: moderate: Security update for protobuf Message-ID: <177746584285.318.8028025267613137073@b1a0890840dd> # Security update for protobuf Announcement ID: SUSE-SU-2026:1653-1 Release Date: 2026-04-29T00:46:40Z Rating: moderate References: * bsc#1244663 * bsc#1257173 * bsc#1260019 Cross-References: * CVE-2025-4565 * CVE-2026-0994 CVSS scores: * CVE-2025-4565 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-4565 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4565 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-4565 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0994 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0994 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0994 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-0994 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for protobuf fixes the following issues: Refresh fixes: * CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to RecursionError (bsc#1244663). * CVE-2026-0994: `max_recursion_depth` limit can be bypassed when parsing nested `google.protobuf.Any` messages and lead to the exhaustion of the Python recursion stack (bsc#1257173). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1653=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1653=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1653=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1653=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1653=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1653=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1653=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1653=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1653=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-1653=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1653=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1653=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1653=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1653=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1653=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1653=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1653=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1653=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1653=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1653=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1653=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1653=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1653=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-protobuf-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-protobuf-3.9.2-150200.4.33.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-protobuf-3.9.2-150200.4.33.1 * Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python3-protobuf-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * Public Cloud Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-protobuf-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-3.9.2-150200.4.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-3.9.2-150200.4.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-3.9.2-150200.4.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-debuginfo-3.9.2-150200.4.33.1 * libprotoc20-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libprotobuf20-debuginfo-3.9.2-150200.4.33.1 * libprotobuf20-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libprotobuf-lite20-3.9.2-150200.4.33.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.33.1 * protobuf-debugsource-3.9.2-150200.4.33.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4565.html * https://www.suse.com/security/cve/CVE-2026-0994.html * https://bugzilla.suse.com/show_bug.cgi?id=1244663 * https://bugzilla.suse.com/show_bug.cgi?id=1257173 * https://bugzilla.suse.com/show_bug.cgi?id=1260019 -------------- next part -------------- An HTML attachment was scrubbed... URL: