From null at suse.de Fri May 1 08:30:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 01 May 2026 08:30:06 -0000 Subject: SUSE-SU-2026:1667-1: low: Security update for python-Pygments Message-ID: <177762420651.405.6988026587146541592@9f1e1d6b19fe> # Security update for python-Pygments Announcement ID: SUSE-SU-2026:1667-1 Release Date: 2026-04-30T17:22:44Z Rating: low References: * bsc#1260796 Cross-References: * CVE-2026-4539 CVSS scores: * CVE-2026-4539 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-4539 ( NVD ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4539 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pygments fixes the following issues: * CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS (bsc#1260796). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1667=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1667=1 ## Package List: * openSUSE Leap 15.3 (noarch) * python3-Pygments-2.6.1-150300.4.6.1 * Basesystem Module 15-SP7 (noarch) * python3-Pygments-2.6.1-150300.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4539.html * https://bugzilla.suse.com/show_bug.cgi?id=1260796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 1 08:30:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 01 May 2026 08:30:09 -0000 Subject: SUSE-SU-2026:1666-1: low: Security update for python-Pygments Message-ID: <177762420978.405.14301727268240877711@9f1e1d6b19fe> # Security update for python-Pygments Announcement ID: SUSE-SU-2026:1666-1 Release Date: 2026-04-30T17:22:22Z Rating: low References: * bsc#1260796 Cross-References: * CVE-2026-4539 CVSS scores: * CVE-2026-4539 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-4539 ( NVD ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4539 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pygments fixes the following issues: * CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS (bsc#1260796). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1666=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1666=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1666=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1666=1 ## Package List: * Public Cloud Module 15-SP4 (noarch) * python311-Pygments-2.15.1-150400.7.10.1 * Python 3 Module 15-SP7 (noarch) * python311-Pygments-2.15.1-150400.7.10.1 * openSUSE Leap 15.4 (noarch) * python311-Pygments-2.15.1-150400.7.10.1 * openSUSE Leap 15.6 (noarch) * python311-Pygments-2.15.1-150400.7.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4539.html * https://bugzilla.suse.com/show_bug.cgi?id=1260796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 1 16:30:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 01 May 2026 16:30:36 -0000 Subject: SUSE-SU-2026:1668-1: important: Security update for the Linux Kernel Message-ID: <177765303650.432.6815286933619031889@9f1e1d6b19fe> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1668-1 Release Date: 2026-05-01T08:37:57Z Rating: important References: * bsc#1220186 * bsc#1228031 * bsc#1246057 * bsc#1249522 * bsc#1257221 * bsc#1257773 * bsc#1258280 * bsc#1259770 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259889 * bsc#1259997 * bsc#1260009 * bsc#1260489 * bsc#1260536 * bsc#1260551 * bsc#1260730 * bsc#1260799 Cross-References: * CVE-2024-26584 * CVE-2025-38234 * CVE-2025-39759 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-22990 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23243 * CVE-2026-23262 * CVE-2026-23272 * CVE-2026-23277 * CVE-2026-23318 * CVE-2026-23362 * CVE-2026-23382 * CVE-2026-23386 * CVE-2026-23398 CVSS scores: * CVE-2024-26584 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26584 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39759 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N * CVE-2025-39759 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39759 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22990 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22990 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22990 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22990 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23318 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23318 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23362 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23362 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23382 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23382 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23382 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23386 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 17 vulnerabilities and has two security fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2024-26584: net/tls: return ENOTSUPP on tls_init() (bsc#1220186). * CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). * CVE-2025-39759: btrfs: qgroup: fix race between quota disable and quota rescan ioctl (bsc#1249522). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-nelems before insertion (bsc#1260009). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23318: ALSA: usb-audio: Use correct version for UAC3 header validation (bsc#1260536). * CVE-2026-23362: can: bcm: fix locking for bcm_op runtime updates (bsc#1260489). * CVE-2026-23382: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (bsc#1260551). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). The following non security issues were fixed: * btrfs: fix processing of delayed data refs during backref walking (bsc#1228031). * fs: skip superblock shrink on frozen xfs filesystems (bsc#1259770). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1668=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1668=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1668=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-4.12.14-122.299.1 * kernel-default-base-4.12.14-122.299.1 * dlm-kmp-default-debuginfo-4.12.14-122.299.1 * kernel-default-devel-4.12.14-122.299.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.299.1 * kernel-default-base-debuginfo-4.12.14-122.299.1 * kernel-default-debugsource-4.12.14-122.299.1 * kernel-syms-4.12.14-122.299.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.299.1 * cluster-md-kmp-default-4.12.14-122.299.1 * ocfs2-kmp-default-4.12.14-122.299.1 * gfs2-kmp-default-4.12.14-122.299.1 * kernel-default-debuginfo-4.12.14-122.299.1 * dlm-kmp-default-4.12.14-122.299.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.299.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * kernel-source-4.12.14-122.299.1 * kernel-macros-4.12.14-122.299.1 * kernel-devel-4.12.14-122.299.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x) * kernel-default-man-4.12.14-122.299.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.299.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * gfs2-kmp-default-debuginfo-4.12.14-122.299.1 * kernel-default-base-4.12.14-122.299.1 * dlm-kmp-default-debuginfo-4.12.14-122.299.1 * kernel-default-devel-4.12.14-122.299.1 * kernel-default-devel-debuginfo-4.12.14-122.299.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.299.1 * kernel-default-base-debuginfo-4.12.14-122.299.1 * kernel-default-debugsource-4.12.14-122.299.1 * kernel-syms-4.12.14-122.299.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.299.1 * cluster-md-kmp-default-4.12.14-122.299.1 * ocfs2-kmp-default-4.12.14-122.299.1 * gfs2-kmp-default-4.12.14-122.299.1 * kernel-default-debuginfo-4.12.14-122.299.1 * dlm-kmp-default-4.12.14-122.299.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (nosrc x86_64) * kernel-default-4.12.14-122.299.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * kernel-source-4.12.14-122.299.1 * kernel-macros-4.12.14-122.299.1 * kernel-devel-4.12.14-122.299.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.299.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-kgraft-devel-4.12.14-122.299.1 * kgraft-patch-4_12_14-122_299-default-1-8.3.1 * kernel-default-debugsource-4.12.14-122.299.1 * kernel-default-kgraft-4.12.14-122.299.1 * kernel-default-debuginfo-4.12.14-122.299.1 ## References: * https://www.suse.com/security/cve/CVE-2024-26584.html * https://www.suse.com/security/cve/CVE-2025-38234.html * https://www.suse.com/security/cve/CVE-2025-39759.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-22990.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23318.html * https://www.suse.com/security/cve/CVE-2026-23362.html * https://www.suse.com/security/cve/CVE-2026-23382.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://bugzilla.suse.com/show_bug.cgi?id=1220186 * https://bugzilla.suse.com/show_bug.cgi?id=1228031 * https://bugzilla.suse.com/show_bug.cgi?id=1246057 * https://bugzilla.suse.com/show_bug.cgi?id=1249522 * https://bugzilla.suse.com/show_bug.cgi?id=1257221 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1259770 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260489 * https://bugzilla.suse.com/show_bug.cgi?id=1260536 * https://bugzilla.suse.com/show_bug.cgi?id=1260551 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:16 -0000 Subject: SUSE-SU-2026:21465-1: important: Security update for the Linux Kernel Message-ID: <177788359683.1375.15413598211845542338@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21465-1 Release Date: 2026-05-01T23:16:53Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-kernel-368=1 ## Package List: * SUSE Linux Micro Extras 6.1 (nosrc) * kernel-64kb-6.4.0-42.1 * SUSE Linux Micro Extras 6.1 (aarch64) * kernel-64kb-debugsource-6.4.0-42.1 * kernel-64kb-devel-6.4.0-42.1 * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-6.4.0-42.1 * kernel-obs-build-6.4.0-42.1 * kernel-syms-6.4.0-42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:20 -0000 Subject: SUSE-SU-2026:21464-1: moderate: Security update for vim Message-ID: <177788360063.1375.3394546673872116554@dde0e951fc7e> # Security update for vim Announcement ID: SUSE-SU-2026:21464-1 Release Date: 2026-04-29T11:29:57Z Rating: moderate References: * bsc#1261833 Cross-References: * CVE-2026-39881 CVSS scores: * CVE-2026-39881 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39881 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2026-39881 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-39881 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for vim fixes the following issue: Update to version 9.2.0398. Security issues fixed: * CVE-2026-39881: missing sanitization in `defineAnnoType` and `specialKeys` can lead to arbitrary Ex command injection via a malicious NetBeans server (bsc#1261833). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-515=1 ## Package List: * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0398-slfo.1.1_1.1 * vim-debuginfo-9.2.0398-slfo.1.1_1.1 * vim-9.2.0398-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-39881.html * https://bugzilla.suse.com/show_bug.cgi?id=1261833 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:29 -0000 Subject: SUSE-SU-2026:21463-1: important: Security update for the Linux Kernel Message-ID: <177788360936.1375.5355208793028592257@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21463-1 Release Date: 2026-05-02T07:27:55Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-666=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le x86_64) * kernel-default-base-6.12.0-160000.29.1.160000.2.9 * SUSE Linux Micro 6.2 (noarch) * kernel-devel-6.12.0-160000.29.1 * kernel-macros-6.12.0-160000.29.1 * kernel-source-6.12.0-160000.29.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.29.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-6.12.0-160000.29.1 * kernel-default-extra-debuginfo-6.12.0-160000.29.1 * kernel-default-extra-6.12.0-160000.29.1 * kernel-default-debuginfo-6.12.0-160000.29.1 * kernel-default-debugsource-6.12.0-160000.29.1 * SUSE Linux Micro 6.2 (x86_64) * kernel-rt-livepatch-6.12.0-160000.29.1 * kernel-default-devel-debuginfo-6.12.0-160000.29.1 * kernel-rt-devel-debuginfo-6.12.0-160000.29.1 * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.29.1 * SUSE Linux Micro 6.2 (aarch64 nosrc x86_64) * kernel-rt-6.12.0-160000.29.1 * SUSE Linux Micro 6.2 (aarch64 x86_64) * kernel-rt-debugsource-6.12.0-160000.29.1 * kernel-rt-debuginfo-6.12.0-160000.29.1 * kernel-rt-devel-6.12.0-160000.29.1 * SUSE Linux Micro 6.2 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.29.1 * SUSE Linux Micro 6.2 (aarch64) * kernel-64kb-debugsource-6.12.0-160000.29.1 * kernel-64kb-debuginfo-6.12.0-160000.29.1 * kernel-64kb-devel-6.12.0-160000.29.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:36 -0000 Subject: SUSE-SU-2026:21461-1: moderate: Security update for helm Message-ID: <177788361618.1375.10581225933022793429@dde0e951fc7e> # Security update for helm Announcement ID: SUSE-SU-2026:21461-1 Release Date: 2026-04-30T13:26:15Z Rating: moderate References: * bsc#1248093 * bsc#1261938 Cross-References: * CVE-2025-55199 * CVE-2026-35206 CVSS scores: * CVE-2025-55199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55199 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-35206 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-35206 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for helm fixes the following issues: Update to version 3.20.2. Security issued fixed: * CVE-2025-55199: specially crafted JSON Schema can lead to out of memory (OOM) termination (bsc#1248093). * CVE-2026-35206: specially crafted Chart will have contents extracted to immediate output directory rather than to expected output directory suffixed by the Chart's name (bsc#1261938). Other updates and bugfixes: * Version 3.20.1: * chore(deps): bump the k8s-io group with 7 updates a2369ca (dependabot[bot]) * add image index test 90e1056 (Pedro T?rres) * fix pulling charts from OCI indices 911f2e9 (Pedro T?rres) * Remove refactorring changes from coalesce_test.go 76dad33 (Evans Mungai) * Fix import 45c12f7 (Evans Mungai) * Update pkg/chart/common/util/coalesce_test.go 26c6f19 (Evans Mungai) * Fix lint warning 09f5129 (Evans Mungai) * Preserve nil values in chart already 417deb2 (Evans Mungai) * fix(values): preserve nil values when chart default is empty map 5417bfa (Evans Mungai) * Version 3.20.0: * SDK: bump k8s API versions to v0.35.0 * v3 backport: Fixed a bug where helm uninstall with --keep-history did not suspend previous deployed releases #12564 * v3 backport: Bump Go version to v1.25 * bump version to v3.20 * chore(deps): bump golang.org/x/text from 0.32.0 to 0.33.0 * chore(deps): bump golang.org/x/term from 0.38.0 to 0.39.0 * chore(deps): bump github.com/foxcpp/go-mockdns from 1.1.0 to 1.2.0 * chore(deps): bump the k8s-io group with 7 updates * [dev-v3] Replace deprecated `NewSimpleClientset` * [dev-v3] Bump Go v1.25, `golangci-lint` v2 * chore(deps): bump github.com/BurntSushi/toml from 1.5.0 to 1.6.0 * chore(deps): bump github.com/containerd/containerd from 1.7.29 to 1.7.30 * fix(rollback): `errors.Is` instead of string comp * fix(uninstall): supersede deployed releases * Use latest patch release of Go in releases * chore(deps): bump golang.org/x/crypto from 0.45.0 to 0.46.0 * chore(deps): bump golang.org/x/text from 0.31.0 to 0.32.0 * chore(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 * chore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 * chore(deps): bump github.com/rubenv/sql-migrate from 1.8.0 to 1.8.1 * chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 * chore(deps): bump github.com/cyphar/filepath-securejoin * chore(deps): bump golang.org/x/text from 0.30.0 to 0.31.0 * chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.44.0 * Remove dev-v3 `helm-latest-version` publish * chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 1.7.28 to 1.7.29 * Revert "pkg/registry: Login option for passing TLS config in memory" * jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 * Fix `helm pull` untar dir check with repo urls * chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 * chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0 * chore(deps): bump golang.org/x/text from 0.29.0 to 0.30.0 * [backport] fix: get-helm-3 script use helm3-latest-version * pkg/registry: Login option for passing TLS config in memory * Fix deprecation warning * chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.42.0 * chore(deps): bump golang.org/x/term from 0.34.0 to 0.35.0 * Avoid "panic: interface conversion: interface {} is nil" * bump version to v3.19.0 * chore(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 * fix: set repo authorizer in registry.Client.Resolve() * fix null merge * Add timeout flag to repo add and update flags * Version 3.19.5: * Fixed bug where removing subchart value via override resulted in warning #31118 * Fixed bug where helm uninstall with --keep-history did not suspend previous deployed releases #12556 * fix(rollback): errors.Is instead of string comp 4a19a5b (Hidde Beydals) * fix(uninstall): supersede deployed releases 7a00235 (Hidde Beydals) * fix null merge 578564e (Ben Foster) * Version 3.19.4: * Use latest patch release of Go in releases 7cfb6e4 (Matt Farina) * chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0 59c951f (dependabot[bot]) * chore(deps): bump github.com/cyphar/filepath-securejoin d45f3f1 * chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 d459544 (dependabot[bot]) * chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 becd387 (dependabot[bot]) * chore(deps): bump the k8s-io group with 7 updates edb1579 * Version 3.19.3: * Bump golang.org/x/crypto to v0.45.0 * Version 3.19.2: * [backport] fix: get-helm-3 script use helm3-latest-version 8766e71 (George Jenkins) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-661=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * helm-3.20.2-160000.1.1 * helm-debuginfo-3.20.2-160000.1.1 * SUSE Linux Micro 6.2 (noarch) * helm-bash-completion-3.20.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55199.html * https://www.suse.com/security/cve/CVE-2026-35206.html * https://bugzilla.suse.com/show_bug.cgi?id=1248093 * https://bugzilla.suse.com/show_bug.cgi?id=1261938 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:39 -0000 Subject: SUSE-SU-2026:21460-1: important: Security update for the Linux Kernel Message-ID: <177788361956.1375.16561496203193785870@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21460-1 Release Date: 2026-05-02T07:09:30Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-666=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-6.12.0-160000.29.1 * kernel-syms-6.12.0-160000.29.1 * kernel-obs-build-6.12.0-160000.29.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:43 -0000 Subject: SUSE-SU-2026:21459-1: important: Security update for the Linux Kernel Message-ID: <177788362319.1375.7535973672307791774@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21459-1 Release Date: 2026-05-02T08:47:22Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Micro 6.0 and 6.1 RT kernel was updated to fix one security issue. The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-kernel-370=1 ## Package List: * SUSE Linux Micro Extras 6.0 (nosrc) * kernel-rt-6.4.0-42.1 * SUSE Linux Micro Extras 6.0 (x86_64) * kernel-rt-devel-6.4.0-42.1 * kernel-rt-devel-debuginfo-6.4.0-42.1 * kernel-rt-debugsource-6.4.0-42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:46 -0000 Subject: SUSE-SU-2026:21458-1: important: Security update for the Linux Kernel Message-ID: <177788362673.1375.13900716007769332657@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21458-1 Release Date: 2026-05-01T23:16:53Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-kernel-368=1 ## Package List: * SUSE Linux Micro Extras 6.0 (nosrc) * kernel-64kb-6.4.0-42.1 * kernel-default-6.4.0-42.1 * SUSE Linux Micro Extras 6.0 (aarch64) * kernel-64kb-debugsource-6.4.0-42.1 * kernel-64kb-devel-6.4.0-42.1 * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * kernel-obs-build-debugsource-6.4.0-42.1 * kernel-default-devel-6.4.0-42.1 * kernel-default-debugsource-6.4.0-42.1 * kernel-syms-6.4.0-42.1 * kernel-obs-build-6.4.0-42.1 * SUSE Linux Micro Extras 6.0 (x86_64) * kernel-default-devel-debuginfo-6.4.0-42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:49 -0000 Subject: SUSE-SU-2026:21456-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_19 Message-ID: <177788362968.1375.9965939733046245470@dde0e951fc7e> # Security update for kernel-livepatch-MICRO-6-0_Update_19 Announcement ID: SUSE-SU-2026:21456-1 Release Date: 2026-05-01T21:26:43Z Rating: important References: Affected Products: * SUSE Linux Micro 6.1 An update that can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_19 fixes the following issues: This is the initial livepatch for Update 19. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-369=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_19-debugsource-1-1.1 * kernel-livepatch-6_4_0-42-default-debuginfo-1-1.1 * kernel-livepatch-6_4_0-42-default-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:47 -0000 Subject: SUSE-SU-2026:21457-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_20 Message-ID: <177788362790.1375.8247031511495902907@dde0e951fc7e> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_20 Announcement ID: SUSE-SU-2026:21457-1 Release Date: 2026-05-02T08:51:37Z Rating: important References: Affected Products: * SUSE Linux Micro 6.1 An update that can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_20 fixes the following issues: This is the initial kernel RT livepatch for update 20. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-371=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_20-debugsource-1-1.1 * kernel-livepatch-6_4_0-42-rt-debuginfo-1-1.1 * kernel-livepatch-6_4_0-42-rt-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:33:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:33:56 -0000 Subject: SUSE-SU-2026:21455-1: moderate: Security update for openCryptoki Message-ID: <177788363680.1375.7279675628092875993@dde0e951fc7e> # Security update for openCryptoki Announcement ID: SUSE-SU-2026:21455-1 Release Date: 2026-04-27T12:00:49Z Rating: moderate References: * bsc#1248002 * bsc#1257116 * bsc#1262283 Cross-References: * CVE-2026-23893 * CVE-2026-40253 CVSS scores: * CVE-2026-23893 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L * CVE-2026-23893 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L * CVE-2026-40253 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40253 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for openCryptoki fixes the following issues: * CVE-2026-23893: use of symlinks in group-writable token directories can lead to privilege escalation and data exposure (bsc#1257116). * CVE-2026-40253: malformed BER-encoded cryptographic objects can lead to information disclosure and denial of service (bsc#1262283). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-511=1 ## Package List: * SUSE Linux Micro 6.1 (s390x) * openCryptoki-3.23.0-slfo.1.1_2.1 * openCryptoki-debuginfo-3.23.0-slfo.1.1_2.1 * openCryptoki-debugsource-3.23.0-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23893.html * https://www.suse.com/security/cve/CVE-2026-40253.html * https://bugzilla.suse.com/show_bug.cgi?id=1248002 * https://bugzilla.suse.com/show_bug.cgi?id=1257116 * https://bugzilla.suse.com/show_bug.cgi?id=1262283 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:00 -0000 Subject: SUSE-SU-2026:21454-1: important: Security update for the Linux Kernel Message-ID: <177788364028.1375.3958716456625486258@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21454-1 Release Date: 2026-05-02T10:03:34Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Micro 6.0 and 6.1 RT kernel was updated to fix one security issue. The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-370=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * kernel-devel-rt-6.4.0-42.1 * kernel-source-rt-6.4.0-42.1 * SUSE Linux Micro 6.1 (aarch64 nosrc x86_64) * kernel-rt-6.4.0-42.1 * SUSE Linux Micro 6.1 (aarch64 x86_64) * kernel-rt-devel-6.4.0-42.1 * kernel-rt-debugsource-6.4.0-42.1 * kernel-rt-debuginfo-6.4.0-42.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-rt-devel-debuginfo-6.4.0-42.1 * kernel-rt-livepatch-6.4.0-42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:04 -0000 Subject: SUSE-SU-2026:21453-1: important: Security update for the Linux Kernel Message-ID: <177788364482.1375.10122026708809516831@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21453-1 Release Date: 2026-05-01T23:16:53Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-368=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-42.1.21.19 * SUSE Linux Micro 6.1 (noarch) * kernel-macros-6.4.0-42.1 * kernel-devel-6.4.0-42.1 * kernel-source-6.4.0-42.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-42.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-6.4.0-42.1 * kernel-default-debuginfo-6.4.0-42.1 * kernel-default-devel-6.4.0-42.1 * SUSE Linux Micro 6.1 (ppc64le x86_64) * kernel-default-devel-debuginfo-6.4.0-42.1 * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-default-livepatch-6.4.0-42.1 * SUSE Linux Micro 6.1 (nosrc x86_64) * kernel-kvmsmall-6.4.0-42.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-kvmsmall-debugsource-6.4.0-42.1 * kernel-kvmsmall-debuginfo-6.4.0-42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:17 -0000 Subject: SUSE-SU-2026:21452-1: important: Security update for curl Message-ID: <177788365707.1375.3633182882075440824@dde0e951fc7e> # Security update for curl Announcement ID: SUSE-SU-2026:21452-1 Release Date: 2026-04-30T14:47:08Z Rating: important References: * bsc#1259362 * bsc#1262631 * bsc#1262632 * bsc#1262635 * bsc#1262636 * bsc#1262638 Cross-References: * CVE-2026-1965 * CVE-2026-4873 * CVE-2026-5545 * CVE-2026-6253 * CVE-2026-6276 * CVE-2026-6429 CVSS scores: * CVE-2026-1965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-1965 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-1965 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4873 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-5545 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-5545 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-6253 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6253 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6276 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6276 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6429 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6429 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: Security issues fixed: * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: * sws: prevent "connection monitor" to say disconnect twice (bsc#1259362). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-517=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * curl-8.14.1-slfo.1.1_7.1 * libcurl4-8.14.1-slfo.1.1_7.1 * curl-debugsource-8.14.1-slfo.1.1_7.1 * libcurl4-debuginfo-8.14.1-slfo.1.1_7.1 * curl-debuginfo-8.14.1-slfo.1.1_7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1965.html * https://www.suse.com/security/cve/CVE-2026-4873.html * https://www.suse.com/security/cve/CVE-2026-5545.html * https://www.suse.com/security/cve/CVE-2026-6253.html * https://www.suse.com/security/cve/CVE-2026-6276.html * https://www.suse.com/security/cve/CVE-2026-6429.html * https://bugzilla.suse.com/show_bug.cgi?id=1259362 * https://bugzilla.suse.com/show_bug.cgi?id=1262631 * https://bugzilla.suse.com/show_bug.cgi?id=1262632 * https://bugzilla.suse.com/show_bug.cgi?id=1262635 * https://bugzilla.suse.com/show_bug.cgi?id=1262636 * https://bugzilla.suse.com/show_bug.cgi?id=1262638 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:29 -0000 Subject: SUSE-SU-2026:21450-1: moderate: Security update for vim Message-ID: <177788366933.1375.7645933280544825231@dde0e951fc7e> # Security update for vim Announcement ID: SUSE-SU-2026:21450-1 Release Date: 2026-04-29T11:29:57Z Rating: moderate References: * bsc#1261833 Cross-References: * CVE-2026-39881 CVSS scores: * CVE-2026-39881 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39881 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2026-39881 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-39881 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for vim fixes the following issue: Update to version 9.2.0398. Security issues fixed: * CVE-2026-39881: missing sanitization in `defineAnnoType` and `specialKeys` can lead to arbitrary Ex command injection via a malicious NetBeans server (bsc#1261833). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-515=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * vim-data-common-9.2.0398-slfo.1.1_1.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * vim-small-9.2.0398-slfo.1.1_1.1 * vim-small-debuginfo-9.2.0398-slfo.1.1_1.1 * vim-debugsource-9.2.0398-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-39881.html * https://bugzilla.suse.com/show_bug.cgi?id=1261833 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:35 -0000 Subject: SUSE-SU-2026:21448-1: moderate: Security update for sed Message-ID: <177788367528.1375.13447169597431739665@dde0e951fc7e> # Security update for sed Announcement ID: SUSE-SU-2026:21448-1 Release Date: 2026-04-27T17:14:51Z Rating: moderate References: * bsc#1262144 Cross-References: * CVE-2026-5958 CVSS scores: * CVE-2026-5958 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N * CVE-2026-5958 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N * CVE-2026-5958 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for sed fixes the following issue: * CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-513=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * sed-4.9-slfo.1.1_2.1 * sed-debugsource-4.9-slfo.1.1_2.1 * sed-debuginfo-4.9-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5958.html * https://bugzilla.suse.com/show_bug.cgi?id=1262144 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:38 -0000 Subject: SUSE-SU-2026:21447-1: moderate: Security update for python311 Message-ID: <177788367828.1375.17250609894327596014@dde0e951fc7e> # Security update for python311 Announcement ID: SUSE-SU-2026:21447-1 Release Date: 2026-04-27T12:30:50Z Rating: moderate References: * bsc#1261970 Cross-References: * CVE-2026-3446 CVSS scores: * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for python311 fixes the following issue: * CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-510=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-3.11.15-slfo.1.1_4.1 * python311-curses-debuginfo-3.11.15-slfo.1.1_4.1 * python311-base-debuginfo-3.11.15-slfo.1.1_4.1 * python311-debuginfo-3.11.15-slfo.1.1_4.1 * libpython3_11-1_0-debuginfo-3.11.15-slfo.1.1_4.1 * python311-base-3.11.15-slfo.1.1_4.1 * python311-curses-3.11.15-slfo.1.1_4.1 * python311-debugsource-3.11.15-slfo.1.1_4.1 * python311-core-debugsource-3.11.15-slfo.1.1_4.1 * python311-3.11.15-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1261970 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:41 -0000 Subject: SUSE-SU-2026:21446-1: important: Security update for freeipmi Message-ID: <177788368166.1375.16440751098536387171@dde0e951fc7e> # Security update for freeipmi Announcement ID: SUSE-SU-2026:21446-1 Release Date: 2026-04-27T12:27:43Z Rating: important References: * bsc#1260414 Cross-References: * CVE-2026-33554 CVSS scores: * CVE-2026-33554 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33554 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-33554 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for freeipmi fixes the following issue: * CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses (bsc#1260414). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-512=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 x86_64) * libfreeipmi17-1.6.14-slfo.1.1_2.1 * libfreeipmi17-debuginfo-1.6.14-slfo.1.1_2.1 * freeipmi-debugsource-1.6.14-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33554.html * https://bugzilla.suse.com/show_bug.cgi?id=1260414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:50 -0000 Subject: SUSE-SU-2026:21445-1: moderate: Security update for avahi Message-ID: <177788369045.1375.14044219447102678831@dde0e951fc7e> # Security update for avahi Announcement ID: SUSE-SU-2026:21445-1 Release Date: 2026-04-27T12:27:43Z Rating: moderate References: * bsc#1256498 * bsc#1256499 * bsc#1256500 Cross-References: * CVE-2025-68276 * CVE-2025-68468 * CVE-2025-68471 CVSS scores: * CVE-2025-68276 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68276 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68276 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68468 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-68468 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-68471 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68471 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-68471 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2025-68276: reachable assertion in `avahi_wide_area_scan_cache` can lead to an `avahi-daemon` crash (bsc#1256498). * CVE-2025-68468: reachable assertion in `lookup_multicast_callback` can lead to an `avahi-daemon` crash (bsc#1256499). * CVE-2025-68471: reachable assertion in `lookup_start` can lead to an `avahi- daemon` crash (bsc#1256500). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-509=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libavahi-common3-0.8-slfo.1.1_6.1 * avahi-0.8-slfo.1.1_6.1 * avahi-debuginfo-0.8-slfo.1.1_6.1 * libavahi-core7-debuginfo-0.8-slfo.1.1_6.1 * libavahi-client3-0.8-slfo.1.1_6.1 * avahi-debugsource-0.8-slfo.1.1_6.1 * libavahi-client3-debuginfo-0.8-slfo.1.1_6.1 * libavahi-core7-0.8-slfo.1.1_6.1 * libavahi-common3-debuginfo-0.8-slfo.1.1_6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68276.html * https://www.suse.com/security/cve/CVE-2025-68468.html * https://www.suse.com/security/cve/CVE-2025-68471.html * https://bugzilla.suse.com/show_bug.cgi?id=1256498 * https://bugzilla.suse.com/show_bug.cgi?id=1256499 * https://bugzilla.suse.com/show_bug.cgi?id=1256500 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:51 -0000 Subject: SUSE-SU-2026:21444-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_20 Message-ID: <177788369176.1375.2648912939041362600@dde0e951fc7e> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_20 Announcement ID: SUSE-SU-2026:21444-1 Release Date: 2026-05-02T08:51:37Z Rating: important References: Affected Products: * SUSE Linux Micro 6.0 An update that can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_20 fixes the following issues: This is the initial kernel RT livepatch for update 20. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-371=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_20-debugsource-1-1.1 * kernel-livepatch-6_4_0-42-rt-debuginfo-1-1.1 * kernel-livepatch-6_4_0-42-rt-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:55 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:55 -0000 Subject: SUSE-SU-2026:21443-1: important: Security update for the Linux Kernel Message-ID: <177788369596.1375.12213839988202575136@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21443-1 Release Date: 2026-05-02T08:47:22Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Micro 6.0 and 6.1 RT kernel was updated to fix one security issue. The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-370=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * kernel-devel-rt-6.4.0-42.1 * kernel-source-rt-6.4.0-42.1 * SUSE Linux Micro 6.0 (nosrc x86_64) * kernel-rt-6.4.0-42.1 * SUSE Linux Micro 6.0 (x86_64) * kernel-rt-livepatch-6.4.0-42.1 * kernel-rt-debugsource-6.4.0-42.1 * kernel-rt-debuginfo-6.4.0-42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:34:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:34:59 -0000 Subject: SUSE-SU-2026:21442-1: important: Security update for the Linux Kernel Message-ID: <177788369918.1375.9114401751506832938@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21442-1 Release Date: 2026-05-01T21:55:29Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-368=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 x86_64) * kernel-default-base-6.4.0-42.1.21.19 * SUSE Linux Micro 6.0 (noarch) * kernel-macros-6.4.0-42.1 * kernel-devel-6.4.0-42.1 * kernel-source-6.4.0-42.1 * SUSE Linux Micro 6.0 (aarch64 nosrc s390x x86_64) * kernel-default-6.4.0-42.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * kernel-default-debugsource-6.4.0-42.1 * kernel-default-debuginfo-6.4.0-42.1 * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-default-livepatch-6.4.0-42.1 * SUSE Linux Micro 6.0 (nosrc x86_64) * kernel-kvmsmall-6.4.0-42.1 * SUSE Linux Micro 6.0 (x86_64) * kernel-kvmsmall-debugsource-6.4.0-42.1 * kernel-kvmsmall-debuginfo-6.4.0-42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:35:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:35:00 -0000 Subject: SUSE-SU-2026:21441-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_19 Message-ID: <177788370060.1375.7071012434702177707@dde0e951fc7e> # Security update for kernel-livepatch-MICRO-6-0_Update_19 Announcement ID: SUSE-SU-2026:21441-1 Release Date: 2026-05-01T21:54:55Z Rating: important References: Affected Products: * SUSE Linux Micro 6.0 An update that can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_19 fixes the following issues: This is the initial livepatch for Update 19. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-369=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_19-debugsource-1-1.1 * kernel-livepatch-6_4_0-42-default-debuginfo-1-1.1 * kernel-livepatch-6_4_0-42-default-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:35:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:35:17 -0000 Subject: SUSE-SU-2026:21440-1: important: Security update for ovmf Message-ID: <177788371780.1375.560611125118848509@dde0e951fc7e> # Security update for ovmf Announcement ID: SUSE-SU-2026:21440-1 Release Date: 2026-04-24T13:08:28Z Rating: important References: * bsc#1259362 * bsc#1261469 * bsc#1261476 * bsc#1261477 * bsc#1261478 * bsc#1262631 * bsc#1262632 * bsc#1262635 * bsc#1262636 * bsc#1262638 Cross-References: * CVE-2026-1965 * CVE-2026-25833 * CVE-2026-25834 * CVE-2026-25835 * CVE-2026-34874 * CVE-2026-4873 * CVE-2026-5545 * CVE-2026-6253 * CVE-2026-6276 * CVE-2026-6429 CVSS scores: * CVE-2026-1965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-1965 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-1965 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25833 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25833 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25833 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25834 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25834 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-25834 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-25835 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25835 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-25835 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34874 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34874 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34874 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4873 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-5545 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-5545 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-6253 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6253 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6276 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6276 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6429 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6429 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro 6.1 An update that solves 10 vulnerabilities can now be installed. ## Security update for ovmf ### Description: This update for ovmf fixes the following issues: * CVE-2026-25833: mbedtls: buffer overflow in the `x509_inet_pton_ipv6()` function (bsc#1261476). * CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello (bsc#1261477). * CVE-2026-25835: mbedtls: no pseudo-random number generator reseed when cloning an application (bsc#1261478). * CVE-2026-34874: mbedtls: NULL pointer dereference in distinguished name parsing (bsc#1261469). ## Security update for curl ### Description: This update for curl fixes the following issues: Security issues fixed: * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: * sws: prevent "connection monitor" to say disconnect twice (bsc#1259362). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-508=1 * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-695=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * qemu-ovmf-x86_64-202402-slfo.1.1_3.1 * qemu-uefi-aarch64-202402-slfo.1.1_3.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * curl-debuginfo-8.14.1-6.1 * curl-debugsource-8.14.1-6.1 * libcurl4-debuginfo-8.14.1-6.1 * libcurl4-8.14.1-6.1 * curl-8.14.1-6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1965.html * https://www.suse.com/security/cve/CVE-2026-25833.html * https://www.suse.com/security/cve/CVE-2026-25834.html * https://www.suse.com/security/cve/CVE-2026-25835.html * https://www.suse.com/security/cve/CVE-2026-34874.html * https://www.suse.com/security/cve/CVE-2026-4873.html * https://www.suse.com/security/cve/CVE-2026-5545.html * https://www.suse.com/security/cve/CVE-2026-6253.html * https://www.suse.com/security/cve/CVE-2026-6276.html * https://www.suse.com/security/cve/CVE-2026-6429.html * https://bugzilla.suse.com/show_bug.cgi?id=1259362 * https://bugzilla.suse.com/show_bug.cgi?id=1261469 * https://bugzilla.suse.com/show_bug.cgi?id=1261476 * https://bugzilla.suse.com/show_bug.cgi?id=1261477 * https://bugzilla.suse.com/show_bug.cgi?id=1261478 * https://bugzilla.suse.com/show_bug.cgi?id=1262631 * https://bugzilla.suse.com/show_bug.cgi?id=1262632 * https://bugzilla.suse.com/show_bug.cgi?id=1262635 * https://bugzilla.suse.com/show_bug.cgi?id=1262636 * https://bugzilla.suse.com/show_bug.cgi?id=1262638 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:35:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:35:22 -0000 Subject: SUSE-SU-2026:21439-1: important: Security update for the Linux Kernel Message-ID: <177788372277.1375.17973360986082986014@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21439-1 Release Date: 2026-05-02T07:27:55Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-666=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-666=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * cluster-md-kmp-default-6.12.0-160000.29.1 * dlm-kmp-default-debuginfo-6.12.0-160000.29.1 * cluster-md-kmp-default-debuginfo-6.12.0-160000.29.1 * kernel-kvmsmall-debugsource-6.12.0-160000.29.1 * kernel-default-base-6.12.0-160000.29.1.160000.2.9 * dlm-kmp-default-6.12.0-160000.29.1 * kernel-default-devel-6.12.0-160000.29.1 * kernel-default-extra-debuginfo-6.12.0-160000.29.1 * gfs2-kmp-default-debuginfo-6.12.0-160000.29.1 * kernel-kvmsmall-debuginfo-6.12.0-160000.29.1 * kernel-default-extra-6.12.0-160000.29.1 * kernel-obs-qa-6.12.0-160000.29.1 * kernel-default-debuginfo-6.12.0-160000.29.1 * gfs2-kmp-default-6.12.0-160000.29.1 * kernel-syms-6.12.0-160000.29.1 * kernel-default-debugsource-6.12.0-160000.29.1 * kernel-kvmsmall-devel-6.12.0-160000.29.1 * kernel-default-livepatch-6.12.0-160000.29.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * kernel-docs-html-6.12.0-160000.29.1 * kernel-source-vanilla-6.12.0-160000.29.1 * kernel-source-6.12.0-160000.29.1 * kernel-devel-6.12.0-160000.29.1 * kernel-macros-6.12.0-160000.29.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (nosrc x86_64) * kernel-azure-6.12.0-160000.29.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.29.1 * kernel-azure-devel-6.12.0-160000.29.1 * kernel-azure-extra-6.12.0-160000.29.1 * kernel-azure-vdso-6.12.0-160000.29.1 * kernel-default-vdso-debuginfo-6.12.0-160000.29.1 * kernel-azure-debugsource-6.12.0-160000.29.1 * kernel-default-vdso-6.12.0-160000.29.1 * kernel-default-devel-debuginfo-6.12.0-160000.29.1 * kernel-azure-extra-debuginfo-6.12.0-160000.29.1 * kernel-azure-vdso-debuginfo-6.12.0-160000.29.1 * kernel-azure-devel-debuginfo-6.12.0-160000.29.1 * kernel-azure-debuginfo-6.12.0-160000.29.1 * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.29.1 * kernel-kvmsmall-vdso-6.12.0-160000.29.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (nosrc ppc64le x86_64) * kernel-default-6.12.0-160000.29.1 * kernel-kvmsmall-6.12.0-160000.29.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debuginfo-6.12.0-160000.29.1 * kernel-kvmsmall-debugsource-6.12.0-160000.29.1 * kernel-default-base-6.12.0-160000.29.1.160000.2.9 * kernel-kvmsmall-devel-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (noarch) * kernel-docs-html-6.12.0-160000.29.1 * kernel-source-vanilla-6.12.0-160000.29.1 * kernel-source-6.12.0-160000.29.1 * kernel-devel-6.12.0-160000.29.1 * kernel-macros-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (aarch64) * kernel-64kb-extra-6.12.0-160000.29.1 * kernel-64kb-debuginfo-6.12.0-160000.29.1 * kernel-64kb-extra-debuginfo-6.12.0-160000.29.1 * kernel-64kb-debugsource-6.12.0-160000.29.1 * kernel-64kb-devel-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc x86_64) * kernel-azure-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * kernel-azure-devel-6.12.0-160000.29.1 * kernel-azure-extra-6.12.0-160000.29.1 * kernel-azure-debugsource-6.12.0-160000.29.1 * kernel-azure-extra-debuginfo-6.12.0-160000.29.1 * kernel-azure-debuginfo-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * kernel-obs-qa-6.12.0-160000.29.1 * kernel-default-devel-6.12.0-160000.29.1 * kernel-default-extra-debuginfo-6.12.0-160000.29.1 * kernel-default-extra-6.12.0-160000.29.1 * kernel-default-debuginfo-6.12.0-160000.29.1 * kernel-syms-6.12.0-160000.29.1 * kernel-default-debugsource-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.29.1 * kernel-azure-vdso-6.12.0-160000.29.1 * kernel-default-vdso-debuginfo-6.12.0-160000.29.1 * kernel-default-vdso-6.12.0-160000.29.1 * kernel-default-devel-debuginfo-6.12.0-160000.29.1 * kernel-azure-vdso-debuginfo-6.12.0-160000.29.1 * kernel-azure-devel-debuginfo-6.12.0-160000.29.1 * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.29.1 * kernel-kvmsmall-vdso-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (nosrc s390x) * kernel-zfcpdump-6.12.0-160000.29.1 * SUSE Linux Enterprise Server 16.0 (s390x) * kernel-zfcpdump-debuginfo-6.12.0-160000.29.1 * kernel-zfcpdump-debugsource-6.12.0-160000.29.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:35:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:35:29 -0000 Subject: SUSE-SU-2026:21437-1: moderate: Security update for himmelblau Message-ID: <177788372952.1375.12721475152681803711@dde0e951fc7e> # Security update for himmelblau Announcement ID: SUSE-SU-2026:21437-1 Release Date: 2026-04-30T17:06:48Z Rating: moderate References: * bsc#1261324 * bsc#1261613 Cross-References: * CVE-2026-34397 CVSS scores: * CVE-2026-34397 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34397 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: * CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation (bsc#1261324). Other updates and bugfixes: * update aws-lc-sys to 0.39.0 for security fixes * update rustls-webpki to 0.103.10 for CRL revocation fix * Version 2.3.9: * packaging: fix if/else block for debian's postrm * Update apparmor.unix-chkpwd.local (Issue #1252) * When Hello user encounters SSPR demand, be permissive * add tests for sudo_groups functionality * Fix config tests to ignore local host config * Do not clear $NOTIFY_SOCKET when calling sd_ready * Fix token cache 24h purge * broker: use SSO server nonce for PRT only when provided * Fix pam_himmelblau blocking local user password changes (#1199) * Remove unused File import * Use is_ascii_alphanumeric() for account_id validation * Fix path traversal in LoadProfilePhoto AccountsService writes * Drop initialization tracing span * himmelblau-hsm-pin-init: drop RemainAfterExit=yes * Add fallback behavior when consent is required * qr-greeter: enable extension without socket noise * debian: make install/remove noninteractive; reduce QR postinst noise; soften missing hello prt * Never respond with BadRequest without error detail * deps(rust): bump the all-cargo-updates group across 1 directory with 7 updates ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-664=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-664=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * himmelblau-sso-2.3.9+git0.a9fd29b-160000.1.1 * libnss_himmelblau2-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-debuginfo-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-sso-debuginfo-2.3.9+git0.a9fd29b-160000.1.1 * pam-himmelblau-2.3.9+git0.a9fd29b-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * himmelblau-sshd-config-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-qr-greeter-2.3.9+git0.a9fd29b-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * himmelblau-sso-2.3.9+git0.a9fd29b-160000.1.1 * libnss_himmelblau2-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-debuginfo-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-sso-debuginfo-2.3.9+git0.a9fd29b-160000.1.1 * pam-himmelblau-2.3.9+git0.a9fd29b-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * himmelblau-sshd-config-2.3.9+git0.a9fd29b-160000.1.1 * himmelblau-qr-greeter-2.3.9+git0.a9fd29b-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34397.html * https://bugzilla.suse.com/show_bug.cgi?id=1261324 * https://bugzilla.suse.com/show_bug.cgi?id=1261613 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:36:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:36:13 -0000 Subject: SUSE-SU-2026:21436-1: important: Security update for freerdp Message-ID: <177788377397.1375.3209739671841720490@dde0e951fc7e> # Security update for freerdp Announcement ID: SUSE-SU-2026:21436-1 Release Date: 2026-04-30T16:52:03Z Rating: important References: * bsc#1258919 * bsc#1258920 * bsc#1258921 * bsc#1258923 * bsc#1258924 * bsc#1258973 * bsc#1258976 * bsc#1258977 * bsc#1258979 * bsc#1258982 * bsc#1258985 * bsc#1259653 * bsc#1259679 * bsc#1259680 * bsc#1259684 * bsc#1259686 * bsc#1259689 * bsc#1259692 * bsc#1259693 * bsc#1261196 * bsc#1261198 * bsc#1261200 * bsc#1261211 * bsc#1261217 * bsc#1261222 * bsc#1261223 * bsc#1261226 * bsc#1261227 Cross-References: * CVE-2026-25941 * CVE-2026-25942 * CVE-2026-25952 * CVE-2026-25953 * CVE-2026-25954 * CVE-2026-25955 * CVE-2026-25959 * CVE-2026-25997 * CVE-2026-26271 * CVE-2026-26955 * CVE-2026-26965 * CVE-2026-29774 * CVE-2026-29775 * CVE-2026-29776 * CVE-2026-31806 * CVE-2026-31883 * CVE-2026-31884 * CVE-2026-31885 * CVE-2026-31897 * CVE-2026-33952 * CVE-2026-33977 * CVE-2026-33982 * CVE-2026-33983 * CVE-2026-33984 * CVE-2026-33985 * CVE-2026-33986 * CVE-2026-33987 * CVE-2026-33995 CVSS scores: * CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25942 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25952 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25953 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25953 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25954 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25955 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25955 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-25955 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25955 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25959 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25959 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25959 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-25997 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-26271 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-29774 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29775 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-29776 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-31884 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H * CVE-2026-31897 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2026-33952 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33952 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33952 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33952 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33952 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33977 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33977 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33977 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33977 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-33982 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-33982 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-33983 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33984 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33984 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33984 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33985 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33985 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-33985 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-33985 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-33986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-33987 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-33987 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2026-33995 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33995 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 28 vulnerabilities can now be installed. ## Description: This update for freerdp fixes the following issues: Update to version 3.24.2. Security issues fixed: * CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel (bsc#1258919). * CVE-2026-25942: buffer overflow of global array in `xf_rail_server_execute_result` (bsc#1258920). * CVE-2026-25952: heap use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921). * CVE-2026-25953: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923). * CVE-2026-25954: heap use-after-free in `xf_rail_server_local_move_size` (bsc#1258924). * CVE-2026-25955: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258973). * CVE-2026-25959: heap use-after-free in `xf_cliprdr_provide_data_` (bsc#1258976). * CVE-2026-25997: heap use-after-free in `xf_clipboard_format_equal` (bsc#1258977). * CVE-2026-26271: buffer overread in FreeRDP icon processing (bsc#1258979). * CVE-2026-26955: out-of-bounds write in FreeRDP clients using the GDI surface pipeline (bsc#1258982). * CVE-2026-26965: out-of-bounds write in FreeRDP client RLE planar decode path (bsc#1258985). * CVE-2026-29774: heap buffer overflow in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path (bsc#1259689). * CVE-2026-29775: out-of-bounds access in the FreeRDP client bitmap cache subsystem (bsc#1259684). * CVE-2026-29776: integer underflow in `update_read_cache_bitmap_order` (bsc#1259692). * CVE-2026-31806: heap buffer overflow in `nsc_process_message` (bsc#1259653). * CVE-2026-31883: heap buffer overwrite due to a `size_t` underflow in the IMA-ADPCM and MS-ADPCM audio decoders (bsc#1259679). * CVE-2026-31884: division by zero in MS-ADPCM and IMA-ADPCM decoders (bsc#1259680). * CVE-2026-31885: out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders (bsc#1259686). * CVE-2026-31897: out-of-bounds read in `freerdp_bitmap_decompress_planar` (bsc#1259693). * CVE-2026-33952: client-side crash due to `WINPR_ASSERT()` failure in `rts_read_auth_verifier_no_checks()` (bsc#1261196). * CVE-2026-33977: client-side crash due to `WINPR_ASSERT()` failure in IMA ADPCM audio decoder (bsc#1261198). * CVE-2026-33982: heap buffer overread in in `winpr_aligned_offset_recalloc` (bsc#1261222). * CVE-2026-33983: undefined behavior and resource exhaustion via 80 billion iteration loop in `progressive_decompress_tile_upgrade` (bsc#1261200). * CVE-2026-33984: heap buffer overflow in ClearCodec `resize_vbar_entry` (bsc#1261211). * CVE-2026-33985: heap out-of-bounds read in `clear_decompress_glyph_data` (bsc#1261217). * CVE-2026-33986: heap out-of-bounds write due to H.264 YUV buffer dimension desync (bsc#1261223). * CVE-2026-33987: heap out-of-bounds write due to persistent cache bmpSize desync (bsc#1261226). * CVE-2026-33995: double-free vulnerability in `kerberos_AcceptSecurityContext` and `kerberos_InitializeSecurityContextA` (bsc#1261227). Other updates and bugfixes: * Version 3.24.2: * [channels,video] fix wrong cast (#12511) * [codec,openh264] reject encoder ABI mismatch on runtime-loaded library (#12510) * [client,sdl] create a copy of rdpPointer (#12512) * [codec,video] properly pass intermediate format (#12518) * [utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX static mutex behavior (#12520) winpr: improve libunwind backtraces (#12530) * [server,shadow] remember selected caps (#12528) * Zero credential data before free in NLA and NTLM context (#12532) * [server,proxy] ignore missing client in input channel (#12536) * [server,proxy] ignore rdpdr messages (#12537) * [winpr,sspi] improve kerberos logging (#12538) * Codec fixes (#12542) * Version 3.24.1: * [warnings] fix various sign and cast warnings (#12480) * [client,x11] start with xfc->remote_app = TRUE; (#12491) * Sam file read regression fix (#12484) * [ncrypt,smartcardlogon] support ECC keys in PKCS#11 smartcard enumeration (#12490) * Fix: memory leak in rdp_client_establish_keys() (#12494) * Fix memory leak in freerdp_settings_int_buffer_copy() on error paths (libfreerdp/core/settings.c) (#12486) * Code Cleanups (#12493) * Fix: memory leak in PCSC_SCardListReadersW() (#12495) * [channels,telemetry] use dynamic logging (#12496) * [channel,gfx] use generic plugin log (@12498, #12499) * [channels,audin] set error when audio_format_read fails (#12500) * [channels,video] unify error handling (#12502) * Fastpath fine grained lock (#12503) * [core,update] make the PlaySound callback non-mandatory (#12504) * Refinements: RPM build updates, FIPS improvements (#12506) * Version 3.24.0: * Completed the [[nodiscard]] marking of the API to warn about problematic * unchecked use of functions * Added full C23 support (default stays at C11) to allow new compilers * to do stricter checking * Improved X11 and SDL3 clients * Improved smartcard support * proxy now supports RFX graphics mode * Attribute nodiscard related chanes (#12325, #12360, #12395, #12406, #12421, #12426, #12177, #12403, #12405, #12407, #12409, #12408, #12412, #12413) * c23 related improvements (#12368, #12371, #12379, #12381, #12383, #12385, #12386, #12387, #12384) * Generic code cleanups (#12382, #12439, #12455, #12462, #12399, #12473) [core,utils] ignore NULL values in remove_rdpdr_type (#12372) * [codec,fdk] revert use of WinPR types (#12373) * [core,gateway] ignore incomplete rpc header (#12375, #12376) * [warnings] make function declaration names consistent (#12377) * [libfreerdp] Add new define for logon error info (#12380) * [client,x11] improve rails window locking (#12392) * Reload fix missing null checks (#12396) * Bounds checks (#12400) * [server,proxy] check for nullptr before using scard_call_context (#12404) * [uwac] fix rectangular glitch around surface damage regions (#12410) * Address various error handling inconsistencies (#12411) * [core,server] Improve WTS API locking (#12414) * Address some GCC compile issues (#12415, #12420) * Winpr atexit (#12416) * [winpr,smartcard] fix function pointer casts (#12422) * Xf timer fix (#12423) * [client,sdl] workaround for wlroots compositors (#12425) * [client,sdl] fix SdlWindow::query (#12378) * [winpr,smartcard] fix PCSC_ReleaseCardContext (#12427) * [client,x11] eliminate obsolete compile flags (#12428) * [client,common] skip sending input events when not connected (#12429) * Input connected checks (#12430) * Floatbar and display channel improvements (#12431) * [winpr,platform] fix WINPR_ATTR_NODISCARD definition (#12432) * [client] Fix writing of gatewayusagemethod to .rdp files (#12433) * Nodiscard finetune (#12435) * [core] fix missing gateway credential sync (#12436) * [client,sdl3] limit FREERDP_WLROOTS_HACK (#12441) * [core,settings] Allow FreeRDP_instance in setter (#12442) * [codec,h264] make log message trace (#12444) * X11 rails improve (#12440) * [codec,nsc] limit copy area in nsc_process_message (#12448) * Proxy support RFX and NSC settings (#12449) * [client,common] display a shortened help on parsing issues (#12450) * [winpr,smartcard] refine locking for pcsc layer (#12451) * [codec,swscale] allow runtime loading of swscale (#12452) * Swscale fallback (#12454) * Sdl multi scaling support (#12456) * [packaging,flatpak] update runtime and dependencies (#12457) * [codec,video] add doxygen version details (#12458) * [github,templates] update templates (#12460) * [client,sdl] allow FREERDP_WLROOTS_HACK for all sessions (#12461) * [warnings,nodiscard] add log messages for failures (#12463) * [gdi,gdi] ignore empty rectangles (#12467) * Smartcard fix smartcard-login, pass rdpContext for abort (#12466) * [winpr,smartcard] fix compiler warnings (#12469) * [winpr,timezone] fix search for transition dates (#12468) * [client,common] improve /p help (#12471) * Scard logging refactored (#12472) * [emu,scard] fix smartcard emulation (#12475) * Sdl null cursor (#12474) * Version 3.23.0: * Sdl cleanup (#12202) * [client,sdl] do not apply window offset (#12205) * [client,sdl] add SDL_Error to exceptions (#12214) * Rdp monitor log (#12215) * [winpr,smartcard] implement some attributes (#12213) * [client,windows] Fix return value checks for mouse event functions (#12279) * [channels,rdpecam] fix sws context checks (#12272) * [client,windows] Enhance error handling and context validation (#12264) * [client,windows] Add window handle validation in RDP_EVENT_TYPE_WINDOW_NEW (#12261) * [client,sdl] fix multimon/fullscreen on wayland (#12248) * Vendor by app (#12207) * [core,gateway] relax TSG parsing (#12283) * [winpr,smartcard] simplify PCSC_ReadDeviceSystemName (#12273) * [client,windows] Implement complete keyboard indicator synchronization (#12268) * Fixes more more more (#12286) * Use application details for names (#12285) * warning cleanups (#12289) * Warning cleanup (#12291) * [client,windows] Enhance memory safety with NULL checks and resource protection (#12271) * [client,x11] apply /size:xx% only once (#12293) * Freerdp config test (#12295) * [winpr,smartcard] fix returned attribute length (#12296) * [client,SDL3] Fix properly handle smart-sizing with fullscreen (#12298) * [core,test] fix use after free (#12299) * Sign warnings (#12300) * [cmake,compiler] disable -Wjump-misses-init (#12301) * [codec,color] fix input length checks (#12302) * [client,sdl] improve cursor updates, fix surface sizes (#12303) * Sdl fullscreen (#12217) * [client,sdl] fix move constructor of SdlWindow (#12305) * [utils,smartcard] check stream length on padding (#12306) * [android] Fix invert scrolling default value mismatch (#12309) * Clear fix bounds checks (#12310) * Winpr attr nodiscard fkt ptr (#12311) * [codec,planar] fix missing destination bounds checks (#12312) * [codec,clear] fix destination checks (#12315) * NSC Codec fixes (#12317) * Freerdp api nodiscard (#12313) * [allocations] fix growth of preallocated buffers (#12319) * Rdpdr simplify (#12320) * Resource fix (#12323) * [winpr,utils] ensure message queue capacity (#12322) * [server,shadow] fix return and parameter checks (#12330) * Shadow fixes (#12331) * [rdtk,nodiscard] mark rdtk API nodiscard (#12329) * [client,x11] fix XGetWindowProperty return handling (#12334) * Win32 signal (#12335) * [channel,usb] fix message parsing and creation (#12336) * [cmake] Define WINPR_DEFINE_ATTR_NODISCARD (#12338) * Proxy config fix (#12345) * [codec,progressive] refine progressive decoding (#12347) * [client,sdl] fix sdl_Pointer_New (#12350) * [core,gateway] parse [MS-TSGU] 2.2.10.5 HTTP_CHANNEL_RESPONSE_OPTIONAL (#12353) * X11 kbd sym (#12354) * Windows compile warning fixes (#12357,#12358,#12359) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-663=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-663=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * freerdp-debuginfo-3.24.2-160000.1.1 * libuwac0-0-debuginfo-3.24.2-160000.1.1 * freerdp-server-3.24.2-160000.1.1 * libwinpr3-3-debuginfo-3.24.2-160000.1.1 * freerdp-server-debuginfo-3.24.2-160000.1.1 * freerdp-proxy-plugins-3.24.2-160000.1.1 * freerdp-wayland-3.24.2-160000.1.1 * libfreerdp-server-proxy3-3-3.24.2-160000.1.1 * winpr-devel-3.24.2-160000.1.1 * freerdp-proxy-plugins-debuginfo-3.24.2-160000.1.1 * freerdp-3.24.2-160000.1.1 * freerdp-proxy-debuginfo-3.24.2-160000.1.1 * freerdp-wayland-debuginfo-3.24.2-160000.1.1 * freerdp-sdl-3.24.2-160000.1.1 * freerdp-devel-3.24.2-160000.1.1 * libfreerdp3-3-debuginfo-3.24.2-160000.1.1 * librdtk0-0-3.24.2-160000.1.1 * librdtk0-0-debuginfo-3.24.2-160000.1.1 * libfreerdp-server-proxy3-3-debuginfo-3.24.2-160000.1.1 * freerdp-sdl-debuginfo-3.24.2-160000.1.1 * libuwac0-0-3.24.2-160000.1.1 * libfreerdp3-3-3.24.2-160000.1.1 * libwinpr3-3-3.24.2-160000.1.1 * freerdp-proxy-3.24.2-160000.1.1 * freerdp-debugsource-3.24.2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * freerdp-debuginfo-3.24.2-160000.1.1 * libuwac0-0-debuginfo-3.24.2-160000.1.1 * freerdp-server-3.24.2-160000.1.1 * libwinpr3-3-debuginfo-3.24.2-160000.1.1 * freerdp-server-debuginfo-3.24.2-160000.1.1 * freerdp-proxy-plugins-3.24.2-160000.1.1 * freerdp-wayland-3.24.2-160000.1.1 * libfreerdp-server-proxy3-3-3.24.2-160000.1.1 * winpr-devel-3.24.2-160000.1.1 * freerdp-proxy-plugins-debuginfo-3.24.2-160000.1.1 * freerdp-3.24.2-160000.1.1 * freerdp-proxy-debuginfo-3.24.2-160000.1.1 * freerdp-wayland-debuginfo-3.24.2-160000.1.1 * freerdp-sdl-3.24.2-160000.1.1 * freerdp-devel-3.24.2-160000.1.1 * libfreerdp3-3-debuginfo-3.24.2-160000.1.1 * librdtk0-0-3.24.2-160000.1.1 * librdtk0-0-debuginfo-3.24.2-160000.1.1 * libfreerdp-server-proxy3-3-debuginfo-3.24.2-160000.1.1 * freerdp-sdl-debuginfo-3.24.2-160000.1.1 * libuwac0-0-3.24.2-160000.1.1 * libfreerdp3-3-3.24.2-160000.1.1 * libwinpr3-3-3.24.2-160000.1.1 * freerdp-proxy-3.24.2-160000.1.1 * freerdp-debugsource-3.24.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25941.html * https://www.suse.com/security/cve/CVE-2026-25942.html * https://www.suse.com/security/cve/CVE-2026-25952.html * https://www.suse.com/security/cve/CVE-2026-25953.html * https://www.suse.com/security/cve/CVE-2026-25954.html * https://www.suse.com/security/cve/CVE-2026-25955.html * https://www.suse.com/security/cve/CVE-2026-25959.html * https://www.suse.com/security/cve/CVE-2026-25997.html * https://www.suse.com/security/cve/CVE-2026-26271.html * https://www.suse.com/security/cve/CVE-2026-26955.html * https://www.suse.com/security/cve/CVE-2026-26965.html * https://www.suse.com/security/cve/CVE-2026-29774.html * https://www.suse.com/security/cve/CVE-2026-29775.html * https://www.suse.com/security/cve/CVE-2026-29776.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31883.html * https://www.suse.com/security/cve/CVE-2026-31884.html * https://www.suse.com/security/cve/CVE-2026-31885.html * https://www.suse.com/security/cve/CVE-2026-31897.html * https://www.suse.com/security/cve/CVE-2026-33952.html * https://www.suse.com/security/cve/CVE-2026-33977.html * https://www.suse.com/security/cve/CVE-2026-33982.html * https://www.suse.com/security/cve/CVE-2026-33983.html * https://www.suse.com/security/cve/CVE-2026-33984.html * https://www.suse.com/security/cve/CVE-2026-33985.html * https://www.suse.com/security/cve/CVE-2026-33986.html * https://www.suse.com/security/cve/CVE-2026-33987.html * https://www.suse.com/security/cve/CVE-2026-33995.html * https://bugzilla.suse.com/show_bug.cgi?id=1258919 * https://bugzilla.suse.com/show_bug.cgi?id=1258920 * https://bugzilla.suse.com/show_bug.cgi?id=1258921 * https://bugzilla.suse.com/show_bug.cgi?id=1258923 * https://bugzilla.suse.com/show_bug.cgi?id=1258924 * https://bugzilla.suse.com/show_bug.cgi?id=1258973 * https://bugzilla.suse.com/show_bug.cgi?id=1258976 * https://bugzilla.suse.com/show_bug.cgi?id=1258977 * https://bugzilla.suse.com/show_bug.cgi?id=1258979 * https://bugzilla.suse.com/show_bug.cgi?id=1258982 * https://bugzilla.suse.com/show_bug.cgi?id=1258985 * https://bugzilla.suse.com/show_bug.cgi?id=1259653 * https://bugzilla.suse.com/show_bug.cgi?id=1259679 * https://bugzilla.suse.com/show_bug.cgi?id=1259680 * https://bugzilla.suse.com/show_bug.cgi?id=1259684 * https://bugzilla.suse.com/show_bug.cgi?id=1259686 * https://bugzilla.suse.com/show_bug.cgi?id=1259689 * https://bugzilla.suse.com/show_bug.cgi?id=1259692 * https://bugzilla.suse.com/show_bug.cgi?id=1259693 * https://bugzilla.suse.com/show_bug.cgi?id=1261196 * https://bugzilla.suse.com/show_bug.cgi?id=1261198 * https://bugzilla.suse.com/show_bug.cgi?id=1261200 * https://bugzilla.suse.com/show_bug.cgi?id=1261211 * https://bugzilla.suse.com/show_bug.cgi?id=1261217 * https://bugzilla.suse.com/show_bug.cgi?id=1261222 * https://bugzilla.suse.com/show_bug.cgi?id=1261223 * https://bugzilla.suse.com/show_bug.cgi?id=1261226 * https://bugzilla.suse.com/show_bug.cgi?id=1261227 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:36:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:36:19 -0000 Subject: SUSE-SU-2026:21434-1: moderate: Security update for helm Message-ID: <177788377965.1375.9433841504750661199@dde0e951fc7e> # Security update for helm Announcement ID: SUSE-SU-2026:21434-1 Release Date: 2026-04-30T13:26:15Z Rating: moderate References: * bsc#1248093 * bsc#1261938 Cross-References: * CVE-2025-55199 * CVE-2026-35206 CVSS scores: * CVE-2025-55199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55199 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-35206 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-35206 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for helm fixes the following issues: Update to version 3.20.2. Security issued fixed: * CVE-2025-55199: specially crafted JSON Schema can lead to out of memory (OOM) termination (bsc#1248093). * CVE-2026-35206: specially crafted Chart will have contents extracted to immediate output directory rather than to expected output directory suffixed by the Chart's name (bsc#1261938). Other updates and bugfixes: * Version 3.20.1: * chore(deps): bump the k8s-io group with 7 updates a2369ca (dependabot[bot]) * add image index test 90e1056 (Pedro T?rres) * fix pulling charts from OCI indices 911f2e9 (Pedro T?rres) * Remove refactorring changes from coalesce_test.go 76dad33 (Evans Mungai) * Fix import 45c12f7 (Evans Mungai) * Update pkg/chart/common/util/coalesce_test.go 26c6f19 (Evans Mungai) * Fix lint warning 09f5129 (Evans Mungai) * Preserve nil values in chart already 417deb2 (Evans Mungai) * fix(values): preserve nil values when chart default is empty map 5417bfa (Evans Mungai) * Version 3.20.0: * SDK: bump k8s API versions to v0.35.0 * v3 backport: Fixed a bug where helm uninstall with --keep-history did not suspend previous deployed releases #12564 * v3 backport: Bump Go version to v1.25 * bump version to v3.20 * chore(deps): bump golang.org/x/text from 0.32.0 to 0.33.0 * chore(deps): bump golang.org/x/term from 0.38.0 to 0.39.0 * chore(deps): bump github.com/foxcpp/go-mockdns from 1.1.0 to 1.2.0 * chore(deps): bump the k8s-io group with 7 updates * [dev-v3] Replace deprecated `NewSimpleClientset` * [dev-v3] Bump Go v1.25, `golangci-lint` v2 * chore(deps): bump github.com/BurntSushi/toml from 1.5.0 to 1.6.0 * chore(deps): bump github.com/containerd/containerd from 1.7.29 to 1.7.30 * fix(rollback): `errors.Is` instead of string comp * fix(uninstall): supersede deployed releases * Use latest patch release of Go in releases * chore(deps): bump golang.org/x/crypto from 0.45.0 to 0.46.0 * chore(deps): bump golang.org/x/text from 0.31.0 to 0.32.0 * chore(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 * chore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 * chore(deps): bump github.com/rubenv/sql-migrate from 1.8.0 to 1.8.1 * chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 * chore(deps): bump github.com/cyphar/filepath-securejoin * chore(deps): bump golang.org/x/text from 0.30.0 to 0.31.0 * chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.44.0 * Remove dev-v3 `helm-latest-version` publish * chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 1.7.28 to 1.7.29 * Revert "pkg/registry: Login option for passing TLS config in memory" * jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 * Fix `helm pull` untar dir check with repo urls * chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 * chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0 * chore(deps): bump golang.org/x/text from 0.29.0 to 0.30.0 * [backport] fix: get-helm-3 script use helm3-latest-version * pkg/registry: Login option for passing TLS config in memory * Fix deprecation warning * chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.42.0 * chore(deps): bump golang.org/x/term from 0.34.0 to 0.35.0 * Avoid "panic: interface conversion: interface {} is nil" * bump version to v3.19.0 * chore(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 * fix: set repo authorizer in registry.Client.Resolve() * fix null merge * Add timeout flag to repo add and update flags * Version 3.19.5: * Fixed bug where removing subchart value via override resulted in warning #31118 * Fixed bug where helm uninstall with --keep-history did not suspend previous deployed releases #12556 * fix(rollback): errors.Is instead of string comp 4a19a5b (Hidde Beydals) * fix(uninstall): supersede deployed releases 7a00235 (Hidde Beydals) * fix null merge 578564e (Ben Foster) * Version 3.19.4: * Use latest patch release of Go in releases 7cfb6e4 (Matt Farina) * chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0 59c951f (dependabot[bot]) * chore(deps): bump github.com/cyphar/filepath-securejoin d45f3f1 * chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 d459544 (dependabot[bot]) * chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 becd387 (dependabot[bot]) * chore(deps): bump the k8s-io group with 7 updates edb1579 * Version 3.19.3: * Bump golang.org/x/crypto to v0.45.0 * Version 3.19.2: * [backport] fix: get-helm-3 script use helm3-latest-version 8766e71 (George Jenkins) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-661=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-661=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * helm-3.20.2-160000.1.1 * helm-debuginfo-3.20.2-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * helm-fish-completion-3.20.2-160000.1.1 * helm-bash-completion-3.20.2-160000.1.1 * helm-zsh-completion-3.20.2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * helm-3.20.2-160000.1.1 * helm-debuginfo-3.20.2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * helm-fish-completion-3.20.2-160000.1.1 * helm-bash-completion-3.20.2-160000.1.1 * helm-zsh-completion-3.20.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55199.html * https://www.suse.com/security/cve/CVE-2026-35206.html * https://bugzilla.suse.com/show_bug.cgi?id=1248093 * https://bugzilla.suse.com/show_bug.cgi?id=1261938 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:36:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:36:25 -0000 Subject: SUSE-SU-2026:21433-1: important: Security update for openexr Message-ID: <177788378589.1375.18305141761250887968@dde0e951fc7e> # Security update for openexr Announcement ID: SUSE-SU-2026:21433-1 Release Date: 2026-04-29T14:36:18Z Rating: important References: * bsc#1262425 * bsc#1262426 Cross-References: * CVE-2026-40244 * CVE-2026-40250 CVSS scores: * CVE-2026-40244 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40244 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40244 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40244 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-40250 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40250 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40250 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40250 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for openexr fixes the following issues: * CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (bsc#1262426). * CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic (bsc#1262425). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-660=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-660=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libIex-3_2-31-debuginfo-3.2.2-160000.7.1 * libOpenEXR-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-debugsource-3.2.2-160000.7.1 * libIlmThread-3_2-31-debuginfo-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-3.2.2-160000.7.1 * libOpenEXR-3_2-31-3.2.2-160000.7.1 * libIlmThread-3_2-31-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-debuginfo-3.2.2-160000.7.1 * libIex-3_2-31-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-3.2.2-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIex-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libIex-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libOpenEXR-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIlmThread-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * openexr-doc-3.2.2-160000.7.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libIex-3_2-31-debuginfo-3.2.2-160000.7.1 * libOpenEXR-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-debugsource-3.2.2-160000.7.1 * libIlmThread-3_2-31-debuginfo-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-3.2.2-160000.7.1 * libOpenEXR-3_2-31-3.2.2-160000.7.1 * libIlmThread-3_2-31-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-debuginfo-3.2.2-160000.7.1 * openexr-debuginfo-3.2.2-160000.7.1 * libIex-3_2-31-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-3.2.2-160000.7.1 * SUSE Linux Enterprise Server 16.0 (noarch) * openexr-doc-3.2.2-160000.7.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIex-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libIex-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libOpenEXR-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRUtil-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 * libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.7.1 * libIlmThread-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40244.html * https://www.suse.com/security/cve/CVE-2026-40250.html * https://bugzilla.suse.com/show_bug.cgi?id=1262425 * https://bugzilla.suse.com/show_bug.cgi?id=1262426 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:36:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:36:28 -0000 Subject: SUSE-SU-2026:21432-1: important: Security update for ntfs-3g_ntfsprogs Message-ID: <177788378892.1375.15361457001681702937@dde0e951fc7e> # Security update for ntfs-3g_ntfsprogs Announcement ID: SUSE-SU-2026:21432-1 Release Date: 2026-04-29T14:18:47Z Rating: important References: * bsc#1262216 Cross-References: * CVE-2026-40706 CVSS scores: * CVE-2026-40706 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40706 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40706 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ntfs-3g_ntfsprogs fixes the following issue: * CVE-2026-40706: heap buffer overflow in ntfs_build_permissions_posix() in acls.c (bsc#1262216). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-659=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-659=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * ntfsprogs-extra-debuginfo-2022.10.3-160000.3.1 * ntfsprogs-debuginfo-2022.10.3-160000.3.1 * ntfs-3g-debuginfo-2022.10.3-160000.3.1 * libntfs-3g89-2022.10.3-160000.3.1 * ntfs-3g_ntfsprogs-debuginfo-2022.10.3-160000.3.1 * libntfs-3g89-debuginfo-2022.10.3-160000.3.1 * ntfsprogs-extra-2022.10.3-160000.3.1 * ntfs-3g_ntfsprogs-debugsource-2022.10.3-160000.3.1 * ntfsprogs-2022.10.3-160000.3.1 * ntfs-3g-2022.10.3-160000.3.1 * libntfs-3g-devel-2022.10.3-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * ntfsprogs-extra-debuginfo-2022.10.3-160000.3.1 * ntfsprogs-debuginfo-2022.10.3-160000.3.1 * ntfs-3g-debuginfo-2022.10.3-160000.3.1 * libntfs-3g89-2022.10.3-160000.3.1 * ntfs-3g_ntfsprogs-debuginfo-2022.10.3-160000.3.1 * libntfs-3g89-debuginfo-2022.10.3-160000.3.1 * ntfsprogs-extra-2022.10.3-160000.3.1 * ntfs-3g_ntfsprogs-debugsource-2022.10.3-160000.3.1 * ntfsprogs-2022.10.3-160000.3.1 * ntfs-3g-2022.10.3-160000.3.1 * libntfs-3g-devel-2022.10.3-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40706.html * https://bugzilla.suse.com/show_bug.cgi?id=1262216 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:36:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:36:35 -0000 Subject: SUSE-SU-2026:21431-1: moderate: Security update for python-PyNaCl Message-ID: <177788379551.1375.11621884151211510583@dde0e951fc7e> # Security update for python-PyNaCl Announcement ID: SUSE-SU-2026:21431-1 Release Date: 2026-04-29T14:15:43Z Rating: moderate References: * bsc#1161557 * bsc#1199282 * bsc#1255764 * jsc#SLE-24629 Cross-References: * CVE-2025-69277 CVSS scores: * CVE-2025-69277 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-69277 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-69277 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability, contains one feature and has two fixes can now be installed. ## Description: This update for python-PyNaCl fixes the following issues: Security fixes: * CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point function (bsc#1255764). Other fixes: * update to 1.6.2 (bsc#1255764, CVE-2025-69277): * Updated libsodium to 1.0.20-stable (2025-12-31 build) * Update to 1.6.1 * The `MAKE` environment variable can now be used to specify the `make` binary that should be used in the build process. * update to 1.6.0: * BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7. * Added support for the low level AEAD AES bindings. * Added support for crypto_core_ed25519_from_uniform. * Update libsodium to 1.0.20-stable (2025-08-27 build). * Added support for free-threaded Python 3.14. * Added support for Windows on ARM wheels. * Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * python-PyNaCl requires python-cffi [bsc#1161557] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-658=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-658=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python313-PyNaCl-debuginfo-1.6.2-160000.1.1 * python-PyNaCl-debugsource-1.6.2-160000.1.1 * python313-PyNaCl-1.6.2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python313-PyNaCl-debuginfo-1.6.2-160000.1.1 * python-PyNaCl-debugsource-1.6.2-160000.1.1 * python313-PyNaCl-1.6.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-69277.html * https://bugzilla.suse.com/show_bug.cgi?id=1161557 * https://bugzilla.suse.com/show_bug.cgi?id=1199282 * https://bugzilla.suse.com/show_bug.cgi?id=1255764 * https://jira.suse.com/browse/SLE-24629 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:36:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:36:59 -0000 Subject: SUSE-SU-2026:21428-1: moderate: Security update for libssh Message-ID: <177788381902.1375.16546592630596856262@dde0e951fc7e> # Security update for libssh Announcement ID: SUSE-SU-2026:21428-1 Release Date: 2026-04-29T11:06:27Z Rating: moderate References: * bsc#1246974 * bsc#1249375 * bsc#1258045 * bsc#1258049 * bsc#1258054 * bsc#1258080 * bsc#1258081 Cross-References: * CVE-2025-8114 * CVE-2025-8277 * CVE-2026-0964 * CVE-2026-0965 * CVE-2026-0966 * CVE-2026-0967 * CVE-2026-0968 CVSS scores: * CVE-2025-8114 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-8114 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-8114 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-8114 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-8277 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-8277 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0964 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-0964 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-0964 ( NVD ): 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-0965 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0965 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0966 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-0966 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-0966 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-0967 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0967 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0967 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0967 ( NVD ): 2.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities can now be installed. ## Description: This update for libssh fixes the following issues: * Update to version 0.11.4: * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049) * CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files (bsc#1258045) * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054) * CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081) * CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080) * CVE-2025-8114: Fix NULL pointer dereference after allocation failure (bsc#1246974) * CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX (bsc#1249375) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-655=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-655=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * libssh-config-0.11.4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libssh-devel-0.11.4-160000.1.1 * libssh4-0.11.4-160000.1.1 * libssh4-debuginfo-0.11.4-160000.1.1 * libssh-debugsource-0.11.4-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * libssh-config-0.11.4-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libssh-devel-0.11.4-160000.1.1 * libssh4-0.11.4-160000.1.1 * libssh4-debuginfo-0.11.4-160000.1.1 * libssh-debugsource-0.11.4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8114.html * https://www.suse.com/security/cve/CVE-2025-8277.html * https://www.suse.com/security/cve/CVE-2026-0964.html * https://www.suse.com/security/cve/CVE-2026-0965.html * https://www.suse.com/security/cve/CVE-2026-0966.html * https://www.suse.com/security/cve/CVE-2026-0967.html * https://www.suse.com/security/cve/CVE-2026-0968.html * https://bugzilla.suse.com/show_bug.cgi?id=1246974 * https://bugzilla.suse.com/show_bug.cgi?id=1249375 * https://bugzilla.suse.com/show_bug.cgi?id=1258045 * https://bugzilla.suse.com/show_bug.cgi?id=1258049 * https://bugzilla.suse.com/show_bug.cgi?id=1258054 * https://bugzilla.suse.com/show_bug.cgi?id=1258080 * https://bugzilla.suse.com/show_bug.cgi?id=1258081 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:01 -0000 Subject: SUSE-SU-2026:21427-1: important: Security update for PackageKit Message-ID: <177788382180.1375.5305907640445369749@dde0e951fc7e> # Security update for PackageKit Announcement ID: SUSE-SU-2026:21427-1 Release Date: 2026-04-29T09:44:07Z Rating: important References: * bsc#1262220 Cross-References: * CVE-2026-41651 CVSS scores: * CVE-2026-41651 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-41651 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-41651 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for PackageKit fixes the following issues: * CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE (bsc#1262220). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-654=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-654=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libpackagekit-glib2-18-1.2.8-160000.4.1 * libpackagekit-glib2-18-debuginfo-1.2.8-160000.4.1 * PackageKit-devel-1.2.8-160000.4.1 * typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.4.1 * PackageKit-devel-debuginfo-1.2.8-160000.4.1 * PackageKit-debuginfo-1.2.8-160000.4.1 * PackageKit-backend-zypp-1.2.8-160000.4.1 * PackageKit-debugsource-1.2.8-160000.4.1 * PackageKit-backend-zypp-debuginfo-1.2.8-160000.4.1 * PackageKit-1.2.8-160000.4.1 * libpackagekit-glib2-devel-1.2.8-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * PackageKit-branding-upstream-1.2.8-160000.4.1 * PackageKit-lang-1.2.8-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libpackagekit-glib2-18-1.2.8-160000.4.1 * libpackagekit-glib2-18-debuginfo-1.2.8-160000.4.1 * PackageKit-devel-1.2.8-160000.4.1 * typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.4.1 * PackageKit-devel-debuginfo-1.2.8-160000.4.1 * PackageKit-debuginfo-1.2.8-160000.4.1 * PackageKit-backend-zypp-1.2.8-160000.4.1 * PackageKit-debugsource-1.2.8-160000.4.1 * PackageKit-backend-zypp-debuginfo-1.2.8-160000.4.1 * PackageKit-1.2.8-160000.4.1 * libpackagekit-glib2-devel-1.2.8-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * PackageKit-branding-upstream-1.2.8-160000.4.1 * PackageKit-lang-1.2.8-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41651.html * https://bugzilla.suse.com/show_bug.cgi?id=1262220 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:08 -0000 Subject: SUSE-SU-2026:21426-1: important: Security update for python-Mako Message-ID: <177788382852.1375.5881281272994897859@dde0e951fc7e> # Security update for python-Mako Announcement ID: SUSE-SU-2026:21426-1 Release Date: 2026-04-29T08:17:18Z Rating: important References: * bsc#1262716 Cross-References: * CVE-2026-41205 CVSS scores: * CVE-2026-41205 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41205 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-41205 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41205 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-Mako fixes the following issue: * CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-653=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-653=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * python313-Mako-1.3.10-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * python313-Mako-1.3.10-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41205.html * https://bugzilla.suse.com/show_bug.cgi?id=1262716 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:11 -0000 Subject: SUSE-SU-2026:21425-1: important: Security update for python-jwcrypto Message-ID: <177788383126.1375.10328847616984724856@dde0e951fc7e> # Security update for python-jwcrypto Announcement ID: SUSE-SU-2026:21425-1 Release Date: 2026-04-29T08:15:26Z Rating: important References: * bsc#1261802 Cross-References: * CVE-2026-39373 CVSS scores: * CVE-2026-39373 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39373 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39373 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-jwcrypto fixes the following issues: * CVE-2026-39373: weak mitigation for JWT bomb attack in the `deserialize` function can lead to memory exhaustion via crafted compressed JWE tokens (bsc#1261802). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-652=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-652=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * python313-jwcrypto-1.5.6-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * python313-jwcrypto-1.5.6-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-39373.html * https://bugzilla.suse.com/show_bug.cgi?id=1261802 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:14 -0000 Subject: SUSE-SU-2026:21424-1: important: Security update for glibc-livepatches Message-ID: <177788383490.1375.10814249694628895760@dde0e951fc7e> # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:21424-1 Release Date: 2026-04-28T16:23:13Z Rating: important References: * bsc#1261209 Cross-References: * CVE-2026-4046 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for glibc-livepatches fixes the following issue: * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-651=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-651=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * glibc-livepatches-debugsource-0.4-160000.1.1 * glibc-livepatches-0.4-160000.1.1 * glibc-livepatches-debuginfo-0.4-160000.1.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * glibc-livepatches-debugsource-0.4-160000.1.1 * glibc-livepatches-0.4-160000.1.1 * glibc-livepatches-debuginfo-0.4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://bugzilla.suse.com/show_bug.cgi?id=1261209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:21 -0000 Subject: SUSE-SU-2026:21422-1: moderate: Security update for libsodium Message-ID: <177788384113.1375.12459148226684881277@dde0e951fc7e> # Security update for libsodium Announcement ID: SUSE-SU-2026:21422-1 Release Date: 2026-04-28T15:27:44Z Rating: moderate References: * bsc#1255764 * bsc#1256070 Cross-References: * CVE-2025-15444 * CVE-2025-69277 CVSS scores: * CVE-2025-15444 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-15444 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-69277 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-69277 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-69277 ( NVD ): 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libsodium fixes the following issues: Security fixes: * CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation (bsc#1256070). * CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point function (bsc#1255764). Other fixes: * Update to 1.0.21 * The new crypto_ipcrypt_* functions implement mechanisms for securely encrypting and anonymizing IP addresses. * The sodium_bin2ip and sodium_ip2bin helper functions have been added to complement the crypto_ipcrypt_* functions and easily convert addresses between bytes and strings. * XOF: the crypto_xof_shake _and crypto_xof_turboshake_ functions are * standard extendable output functions. From input of any length, they can derive output of any length with the same properties as hash functions. These primitives are required by many post-quantum mechanisms, but can also be used for a wide range of applications, including key derivation, session encryption and more. * Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers * Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options. * Security: crypto_core_ed25519_is_valid_point() now properly rejects small- order points that are not in the main subgroup * ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero * A cross-compilation issue with old clang versions has been fixed * crypto_aead_aes256gcm_is_available is exported to JavaScript * Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete * Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-649=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-649=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libsodium26-debuginfo-1.0.21-160000.1.1 * libsodium26-1.0.21-160000.1.1 * libsodium-devel-1.0.21-160000.1.1 * libsodium-debugsource-1.0.21-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libsodium26-debuginfo-1.0.21-160000.1.1 * libsodium26-1.0.21-160000.1.1 * libsodium-devel-1.0.21-160000.1.1 * libsodium-debugsource-1.0.21-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15444.html * https://www.suse.com/security/cve/CVE-2025-69277.html * https://bugzilla.suse.com/show_bug.cgi?id=1255764 * https://bugzilla.suse.com/show_bug.cgi?id=1256070 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:25 -0000 Subject: SUSE-SU-2026:21421-1: important: Security update for the Linux Kernel Message-ID: <177788384527.1375.8524720415614486703@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21421-1 Release Date: 2026-05-02T07:09:30Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server High Availability Extension 16.0 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server High Availability Extension 16.0 zypper in -t patch SUSE-SLES-HA-16.0-666=1 ## Package List: * SUSE Linux Enterprise Server High Availability Extension 16.0 (ppc64le s390x x86_64) * cluster-md-kmp-default-6.12.0-160000.29.1 * dlm-kmp-default-debuginfo-6.12.0-160000.29.1 * cluster-md-kmp-default-debuginfo-6.12.0-160000.29.1 * dlm-kmp-default-6.12.0-160000.29.1 * gfs2-kmp-default-debuginfo-6.12.0-160000.29.1 * kernel-default-debuginfo-6.12.0-160000.29.1 * gfs2-kmp-default-6.12.0-160000.29.1 * kernel-default-debugsource-6.12.0-160000.29.1 * SUSE Linux Enterprise Server High Availability Extension 16.0 (nosrc) * kernel-default-6.12.0-160000.29.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:34 -0000 Subject: SUSE-SU-2026:1678-1: important: Security update for the Linux Kernel Message-ID: <177788385465.1375.7520425830652582512@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1678-1 Release Date: 2026-05-02T10:27:11Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Real Time Module 15-SP7 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1678=1 * SUSE Real Time Module 15-SP7 zypper in -t patch SUSE-SLE-Module-RT-15-SP7-2026-1678=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_40-rt-1-150700.1.3.2 * kernel-livepatch-6_4_0-150700_7_40-rt-debuginfo-1-150700.1.3.2 * kernel-livepatch-SLE15-SP7-RT_Update_12-debugsource-1-150700.1.3.2 * SUSE Real Time Module 15-SP7 (x86_64) * ocfs2-kmp-rt-debuginfo-6.4.0-150700.7.40.1 * dlm-kmp-rt-6.4.0-150700.7.40.1 * cluster-md-kmp-rt-debuginfo-6.4.0-150700.7.40.1 * dlm-kmp-rt-debuginfo-6.4.0-150700.7.40.1 * kernel-rt-debugsource-6.4.0-150700.7.40.1 * kernel-rt-devel-debuginfo-6.4.0-150700.7.40.1 * kernel-rt-debuginfo-6.4.0-150700.7.40.1 * kernel-syms-rt-6.4.0-150700.7.40.1 * cluster-md-kmp-rt-6.4.0-150700.7.40.1 * ocfs2-kmp-rt-6.4.0-150700.7.40.1 * gfs2-kmp-rt-6.4.0-150700.7.40.1 * kernel-rt-devel-6.4.0-150700.7.40.1 * gfs2-kmp-rt-debuginfo-6.4.0-150700.7.40.1 * SUSE Real Time Module 15-SP7 (noarch) * kernel-devel-rt-6.4.0-150700.7.40.1 * kernel-source-rt-6.4.0-150700.7.40.1 * SUSE Real Time Module 15-SP7 (nosrc x86_64) * kernel-rt-6.4.0-150700.7.40.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:38 -0000 Subject: SUSE-SU-2026:1677-1: important: Security update for the Linux Kernel Message-ID: <177788385888.1375.1881944138760051358@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1677-1 Release Date: 2026-05-02T10:26:11Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1677=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1677=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1677=1 ## Package List: * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (noarch) * kernel-source-vanilla-5.3.18-150300.59.246.1 * kernel-macros-5.3.18-150300.59.246.1 * kernel-docs-html-5.3.18-150300.59.246.1 * kernel-source-5.3.18-150300.59.246.1 * kernel-devel-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.3.18-150300.59.246.1 * kernel-default-optional-debuginfo-5.3.18-150300.59.246.1 * gfs2-kmp-default-5.3.18-150300.59.246.1 * kernel-default-livepatch-5.3.18-150300.59.246.1 * kernel-default-extra-5.3.18-150300.59.246.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.246.1 * kernel-syms-5.3.18-150300.59.246.1 * kernel-default-base-rebuild-5.3.18-150300.59.246.1.150300.18.146.2 * kernel-default-devel-debuginfo-5.3.18-150300.59.246.1 * kernel-default-devel-5.3.18-150300.59.246.1 * kernel-default-debuginfo-5.3.18-150300.59.246.1 * kernel-default-debugsource-5.3.18-150300.59.246.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.246.1 * kselftests-kmp-default-5.3.18-150300.59.246.1 * dlm-kmp-default-5.3.18-150300.59.246.1 * ocfs2-kmp-default-5.3.18-150300.59.246.1 * cluster-md-kmp-default-5.3.18-150300.59.246.1 * kernel-obs-build-5.3.18-150300.59.246.1 * kernel-obs-qa-5.3.18-150300.59.246.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.246.1 * kernel-default-base-5.3.18-150300.59.246.1.150300.18.146.2 * kernel-default-extra-debuginfo-5.3.18-150300.59.246.1 * kernel-default-optional-5.3.18-150300.59.246.1 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.246.1 * kernel-obs-build-debugsource-5.3.18-150300.59.246.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.246.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-kvmsmall-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-kvmsmall-debuginfo-5.3.18-150300.59.246.1 * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.246.1 * kernel-kvmsmall-devel-5.3.18-150300.59.246.1 * kernel-kvmsmall-debugsource-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (aarch64 x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.246.1 * cluster-md-kmp-preempt-5.3.18-150300.59.246.1 * reiserfs-kmp-preempt-5.3.18-150300.59.246.1 * ocfs2-kmp-preempt-5.3.18-150300.59.246.1 * kernel-preempt-extra-5.3.18-150300.59.246.1 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.246.1 * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.246.1 * kernel-preempt-debuginfo-5.3.18-150300.59.246.1 * kernel-preempt-devel-5.3.18-150300.59.246.1 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.246.1 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.246.1 * kernel-preempt-debugsource-5.3.18-150300.59.246.1 * kselftests-kmp-preempt-5.3.18-150300.59.246.1 * kernel-preempt-optional-5.3.18-150300.59.246.1 * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.246.1 * dlm-kmp-preempt-5.3.18-150300.59.246.1 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.246.1 * gfs2-kmp-preempt-5.3.18-150300.59.246.1 * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.246.1 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.246.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.246.1 * dtb-amd-5.3.18-150300.59.246.1 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.246.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.246.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.246.1 * dtb-renesas-5.3.18-150300.59.246.1 * dtb-mediatek-5.3.18-150300.59.246.1 * kselftests-kmp-64kb-5.3.18-150300.59.246.1 * kernel-64kb-extra-5.3.18-150300.59.246.1 * dtb-exynos-5.3.18-150300.59.246.1 * dtb-zte-5.3.18-150300.59.246.1 * dtb-broadcom-5.3.18-150300.59.246.1 * dlm-kmp-64kb-5.3.18-150300.59.246.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.246.1 * gfs2-kmp-64kb-5.3.18-150300.59.246.1 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.246.1 * dtb-amlogic-5.3.18-150300.59.246.1 * dtb-freescale-5.3.18-150300.59.246.1 * dtb-qcom-5.3.18-150300.59.246.1 * dtb-rockchip-5.3.18-150300.59.246.1 * dtb-lg-5.3.18-150300.59.246.1 * dtb-nvidia-5.3.18-150300.59.246.1 * dtb-altera-5.3.18-150300.59.246.1 * reiserfs-kmp-64kb-5.3.18-150300.59.246.1 * dtb-arm-5.3.18-150300.59.246.1 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.246.1 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.246.1 * dtb-allwinner-5.3.18-150300.59.246.1 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.246.1 * dtb-cavium-5.3.18-150300.59.246.1 * kernel-64kb-optional-5.3.18-150300.59.246.1 * ocfs2-kmp-64kb-5.3.18-150300.59.246.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.246.1 * dtb-xilinx-5.3.18-150300.59.246.1 * dtb-al-5.3.18-150300.59.246.1 * dtb-marvell-5.3.18-150300.59.246.1 * dtb-socionext-5.3.18-150300.59.246.1 * cluster-md-kmp-64kb-5.3.18-150300.59.246.1 * dtb-sprd-5.3.18-150300.59.246.1 * kernel-64kb-devel-5.3.18-150300.59.246.1 * dtb-hisilicon-5.3.18-150300.59.246.1 * dtb-apm-5.3.18-150300.59.246.1 * kernel-64kb-debugsource-5.3.18-150300.59.246.1 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.246.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.246.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.246.1.150300.18.146.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.246.1 * kernel-default-debuginfo-5.3.18-150300.59.246.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-source-5.3.18-150300.59.246.1 * kernel-macros-5.3.18-150300.59.246.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.246.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.246.1.150300.18.146.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.246.1 * kernel-default-debuginfo-5.3.18-150300.59.246.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-source-5.3.18-150300.59.246.1 * kernel-macros-5.3.18-150300.59.246.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:43 -0000 Subject: SUSE-SU-2026:1669-1: important: Security update for the Linux Kernel Message-ID: <177788386379.1375.13633261920067948641@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1669-1 Release Date: 2026-05-02T06:12:42Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * Legacy Module 15-SP7 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP7 kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1673=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1673=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1673=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-1673=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1673=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1673=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1669=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1669=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1669=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1673=1 ## Package List: * Development Tools Module 15-SP7 (noarch nosrc) * kernel-docs-6.4.0-150700.53.40.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-6.4.0-150700.53.40.1 * kernel-obs-build-debugsource-6.4.0-150700.53.40.1 * kernel-syms-6.4.0-150700.53.40.1 * Development Tools Module 15-SP7 (noarch) * kernel-source-6.4.0-150700.53.40.1 * Legacy Module 15-SP7 (nosrc) * kernel-default-6.4.0-150700.53.40.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-6.4.0-150700.53.40.1 * reiserfs-kmp-default-6.4.0-150700.53.40.1 * kernel-default-debuginfo-6.4.0-150700.53.40.1 * kernel-default-debugsource-6.4.0-150700.53.40.1 * Public Cloud Module 15-SP7 (aarch64 nosrc x86_64) * kernel-azure-6.4.0-150700.53.40.1 * Public Cloud Module 15-SP7 (aarch64 x86_64) * kernel-azure-devel-debuginfo-6.4.0-150700.53.40.1 * kernel-azure-debugsource-6.4.0-150700.53.40.1 * kernel-azure-devel-6.4.0-150700.53.40.1 * kernel-azure-debuginfo-6.4.0-150700.53.40.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-6.4.0-150700.53.40.1 * gfs2-kmp-default-6.4.0-150700.53.40.1 * kernel-default-debuginfo-6.4.0-150700.53.40.1 * kernel-default-debugsource-6.4.0-150700.53.40.1 * ocfs2-kmp-default-debuginfo-6.4.0-150700.53.40.1 * cluster-md-kmp-default-debuginfo-6.4.0-150700.53.40.1 * gfs2-kmp-default-debuginfo-6.4.0-150700.53.40.1 * cluster-md-kmp-default-6.4.0-150700.53.40.1 * dlm-kmp-default-6.4.0-150700.53.40.1 * ocfs2-kmp-default-6.4.0-150700.53.40.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (nosrc) * kernel-default-6.4.0-150700.53.40.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (nosrc) * kernel-default-6.4.0-150700.53.40.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * kernel-default-extra-debuginfo-6.4.0-150700.53.40.1 * kernel-default-extra-6.4.0-150700.53.40.1 * kernel-default-debuginfo-6.4.0-150700.53.40.1 * kernel-default-debugsource-6.4.0-150700.53.40.1 * SUSE Linux Enterprise Live Patching 15-SP7 (nosrc) * kernel-default-6.4.0-150700.53.40.1 * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-150700.53.40.1 * kernel-default-debugsource-6.4.0-150700.53.40.1 * kernel-livepatch-SLE15-SP7_Update_12-debugsource-1-150700.15.3.1 * kernel-default-livepatch-devel-6.4.0-150700.53.40.1 * kernel-livepatch-6_4_0-150700_53_40-default-1-150700.15.3.1 * kernel-default-livepatch-6.4.0-150700.53.40.1 * kernel-livepatch-6_4_0-150700_53_40-default-debuginfo-1-150700.15.3.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.302.1 * dlm-kmp-default-debuginfo-4.12.14-122.302.1 * kernel-default-base-debuginfo-4.12.14-122.302.1 * kernel-default-devel-4.12.14-122.302.1 * dlm-kmp-default-4.12.14-122.302.1 * kernel-default-debugsource-4.12.14-122.302.1 * ocfs2-kmp-default-4.12.14-122.302.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.302.1 * kernel-default-base-4.12.14-122.302.1 * gfs2-kmp-default-4.12.14-122.302.1 * kernel-syms-4.12.14-122.302.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.302.1 * gfs2-kmp-default-debuginfo-4.12.14-122.302.1 * cluster-md-kmp-default-4.12.14-122.302.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.302.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * kernel-source-4.12.14-122.302.1 * kernel-macros-4.12.14-122.302.1 * kernel-devel-4.12.14-122.302.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x) * kernel-default-man-4.12.14-122.302.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.302.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * kernel-default-debuginfo-4.12.14-122.302.1 * dlm-kmp-default-debuginfo-4.12.14-122.302.1 * kernel-default-base-debuginfo-4.12.14-122.302.1 * kernel-default-devel-4.12.14-122.302.1 * dlm-kmp-default-4.12.14-122.302.1 * kernel-default-debugsource-4.12.14-122.302.1 * kernel-default-devel-debuginfo-4.12.14-122.302.1 * ocfs2-kmp-default-4.12.14-122.302.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.302.1 * kernel-default-base-4.12.14-122.302.1 * gfs2-kmp-default-4.12.14-122.302.1 * kernel-syms-4.12.14-122.302.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.302.1 * gfs2-kmp-default-debuginfo-4.12.14-122.302.1 * cluster-md-kmp-default-4.12.14-122.302.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (nosrc x86_64) * kernel-default-4.12.14-122.302.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * kernel-source-4.12.14-122.302.1 * kernel-macros-4.12.14-122.302.1 * kernel-devel-4.12.14-122.302.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.302.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.302.1 * kgraft-patch-4_12_14-122_302-default-1-8.3.1 * kernel-default-kgraft-devel-4.12.14-122.302.1 * kernel-default-debugsource-4.12.14-122.302.1 * kernel-default-kgraft-4.12.14-122.302.1 * Basesystem Module 15-SP7 (aarch64 nosrc) * kernel-64kb-6.4.0-150700.53.40.1 * Basesystem Module 15-SP7 (aarch64) * kernel-64kb-devel-debuginfo-6.4.0-150700.53.40.1 * kernel-64kb-debugsource-6.4.0-150700.53.40.1 * kernel-64kb-devel-6.4.0-150700.53.40.1 * kernel-64kb-debuginfo-6.4.0-150700.53.40.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150700.53.40.1 * Basesystem Module 15-SP7 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-150700.53.40.1.150700.17.27.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-6.4.0-150700.53.40.1 * kernel-default-devel-debuginfo-6.4.0-150700.53.40.1 * kernel-default-debuginfo-6.4.0-150700.53.40.1 * kernel-default-debugsource-6.4.0-150700.53.40.1 * Basesystem Module 15-SP7 (noarch) * kernel-macros-6.4.0-150700.53.40.1 * kernel-devel-6.4.0-150700.53.40.1 * Basesystem Module 15-SP7 (nosrc s390x) * kernel-zfcpdump-6.4.0-150700.53.40.1 * Basesystem Module 15-SP7 (s390x) * kernel-zfcpdump-debugsource-6.4.0-150700.53.40.1 * kernel-zfcpdump-debuginfo-6.4.0-150700.53.40.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:49 -0000 Subject: SUSE-SU-2026:1676-1: important: Security update for the Linux Kernel Message-ID: <177788386966.1375.5791721987645245469@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1676-1 Release Date: 2026-05-02T07:19:34Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1676=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1676=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.130.1 * kernel-devel-rt-5.14.21-150500.13.130.1 * openSUSE Leap 15.5 (x86_64) * kernel-rt-vdso-5.14.21-150500.13.130.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.130.1 * dlm-kmp-rt-5.14.21-150500.13.130.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.130.1 * kselftests-kmp-rt-5.14.21-150500.13.130.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.130.1 * ocfs2-kmp-rt-5.14.21-150500.13.130.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.130.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.130.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.130.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.130.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.130.1 * kernel-rt-debugsource-5.14.21-150500.13.130.1 * kernel-rt-optional-5.14.21-150500.13.130.1 * cluster-md-kmp-rt-5.14.21-150500.13.130.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.130.1 * kernel-rt-extra-5.14.21-150500.13.130.1 * kernel-rt_debug-vdso-5.14.21-150500.13.130.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.130.1 * reiserfs-kmp-rt-5.14.21-150500.13.130.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.130.1 * kernel-rt_debug-devel-5.14.21-150500.13.130.1 * kernel-syms-rt-5.14.21-150500.13.130.1 * kernel-rt-devel-5.14.21-150500.13.130.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.130.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.130.1 * gfs2-kmp-rt-5.14.21-150500.13.130.1 * kernel-rt-livepatch-5.14.21-150500.13.130.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.130.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.130.1 * kernel-rt-debuginfo-5.14.21-150500.13.130.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.130.1 * kernel-rt_debug-5.14.21-150500.13.130.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-source-rt-5.14.21-150500.13.130.1 * kernel-devel-rt-5.14.21-150500.13.130.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.130.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.130.1 * kernel-rt-debugsource-5.14.21-150500.13.130.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:53 -0000 Subject: SUSE-SU-2026:1675-1: important: Security update for the Linux Kernel Message-ID: <177788387370.1375.5668680558540950506@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1675-1 Release Date: 2026-05-02T07:19:20Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1675=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1675=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1675=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1675=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.151.1 * kernel-rt-debugsource-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-source-rt-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.151.1 * kernel-rt-debugsource-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-source-rt-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.151.1 * kernel-rt-debugsource-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-source-rt-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.151.1 * kernel-rt-debugsource-5.14.21-150400.15.151.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-source-rt-5.14.21-150400.15.151.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:37:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:37:57 -0000 Subject: SUSE-SU-2026:1674-1: important: Security update for the Linux Kernel Message-ID: <177788387723.1375.2079039743556950333@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1674-1 Release Date: 2026-05-02T07:19:12Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1674=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1674=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.244.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.244.1 * kernel-rt-debugsource-5.3.18-150300.244.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-source-rt-5.3.18-150300.244.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.244.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.244.1 * kernel-rt-debugsource-5.3.18-150300.244.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-source-rt-5.3.18-150300.244.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:38:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:38:00 -0000 Subject: SUSE-SU-2026:1672-1: important: Security update for the Linux Kernel Message-ID: <177788388097.1375.9798016049459307056@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1672-1 Release Date: 2026-05-02T06:02:59Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one security issue. The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1672=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1672=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1672=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1672=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1672=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-1672=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1672=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1672=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1672=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1672=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1672=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.205.1 * openSUSE Leap 15.4 (noarch) * kernel-macros-5.14.21-150400.24.205.1 * kernel-source-vanilla-5.14.21-150400.24.205.1 * kernel-source-5.14.21-150400.24.205.1 * kernel-docs-html-5.14.21-150400.24.205.1 * kernel-devel-5.14.21-150400.24.205.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150400.24.205.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.205.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.205.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.205.1 * kernel-default-base-rebuild-5.14.21-150400.24.205.1.150400.24.104.2 * kernel-default-base-5.14.21-150400.24.205.1.150400.24.104.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-default-livepatch-5.14.21-150400.24.205.1 * kernel-default-extra-5.14.21-150400.24.205.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.205.1 * dlm-kmp-default-5.14.21-150400.24.205.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.205.1 * kernel-obs-build-5.14.21-150400.24.205.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.205.1 * ocfs2-kmp-default-5.14.21-150400.24.205.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.205.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.205.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.205.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.205.1 * reiserfs-kmp-default-5.14.21-150400.24.205.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.205.1 * kselftests-kmp-default-5.14.21-150400.24.205.1 * kernel-syms-5.14.21-150400.24.205.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.205.1 * kernel-default-devel-5.14.21-150400.24.205.1 * cluster-md-kmp-default-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * kernel-default-optional-5.14.21-150400.24.205.1 * kernel-obs-build-debugsource-5.14.21-150400.24.205.1 * gfs2-kmp-default-5.14.21-150400.24.205.1 * kernel-obs-qa-5.14.21-150400.24.205.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.205.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.14.21-150400.24.205.1 * kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-1-150400.9.5.1 * kernel-livepatch-5_14_21-150400_24_205-default-1-150400.9.5.1 * kernel-livepatch-SLE15-SP4_Update_51-debugsource-1-150400.9.5.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.205.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.205.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.205.1 * kernel-zfcpdump-debugsource-5.14.21-150400.24.205.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.205.1 * openSUSE Leap 15.4 (aarch64) * dtb-exynos-5.14.21-150400.24.205.1 * dtb-qcom-5.14.21-150400.24.205.1 * dtb-allwinner-5.14.21-150400.24.205.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.205.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.205.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.205.1 * dtb-mediatek-5.14.21-150400.24.205.1 * gfs2-kmp-64kb-5.14.21-150400.24.205.1 * kselftests-kmp-64kb-5.14.21-150400.24.205.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.205.1 * dtb-rockchip-5.14.21-150400.24.205.1 * dtb-hisilicon-5.14.21-150400.24.205.1 * dtb-amd-5.14.21-150400.24.205.1 * dtb-apple-5.14.21-150400.24.205.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.205.1 * dtb-amlogic-5.14.21-150400.24.205.1 * dtb-cavium-5.14.21-150400.24.205.1 * dtb-renesas-5.14.21-150400.24.205.1 * dtb-nvidia-5.14.21-150400.24.205.1 * dtb-broadcom-5.14.21-150400.24.205.1 * dtb-lg-5.14.21-150400.24.205.1 * dtb-freescale-5.14.21-150400.24.205.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.205.1 * ocfs2-kmp-64kb-5.14.21-150400.24.205.1 * dtb-socionext-5.14.21-150400.24.205.1 * cluster-md-kmp-64kb-5.14.21-150400.24.205.1 * dlm-kmp-64kb-5.14.21-150400.24.205.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.205.1 * kernel-64kb-debugsource-5.14.21-150400.24.205.1 * dtb-amazon-5.14.21-150400.24.205.1 * dtb-apm-5.14.21-150400.24.205.1 * kernel-64kb-optional-5.14.21-150400.24.205.1 * reiserfs-kmp-64kb-5.14.21-150400.24.205.1 * dtb-altera-5.14.21-150400.24.205.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.205.1 * dtb-xilinx-5.14.21-150400.24.205.1 * kernel-64kb-devel-5.14.21-150400.24.205.1 * dtb-sprd-5.14.21-150400.24.205.1 * dtb-arm-5.14.21-150400.24.205.1 * kernel-64kb-extra-5.14.21-150400.24.205.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.205.1 * dtb-marvell-5.14.21-150400.24.205.1 * kernel-64kb-debuginfo-5.14.21-150400.24.205.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.205.1.150400.24.104.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-macros-5.14.21-150400.24.205.1 * kernel-source-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.205.1.150400.24.104.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-macros-5.14.21-150400.24.205.1 * kernel-source-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.205.1.150400.24.104.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-macros-5.14.21-150400.24.205.1 * kernel-source-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.205.1.150400.24.104.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-macros-5.14.21-150400.24.205.1 * kernel-source-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-5.14.21-150400.24.205.1 * kernel-default-debugsource-5.14.21-150400.24.205.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.205.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.205.1 * gfs2-kmp-default-5.14.21-150400.24.205.1 * cluster-md-kmp-default-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * dlm-kmp-default-5.14.21-150400.24.205.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.205.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.205.1 * kernel-64kb-debuginfo-5.14.21-150400.24.205.1 * kernel-64kb-devel-5.14.21-150400.24.205.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * kernel-syms-5.14.21-150400.24.205.1 * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-obs-build-5.14.21-150400.24.205.1 * kernel-default-devel-5.14.21-150400.24.205.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * kernel-obs-build-debugsource-5.14.21-150400.24.205.1 * reiserfs-kmp-default-5.14.21-150400.24.205.1 * kernel-default-base-5.14.21-150400.24.205.1.150400.24.104.2 * kernel-default-devel-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * kernel-devel-5.14.21-150400.24.205.1 * kernel-macros-5.14.21-150400.24.205.1 * kernel-source-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.205.1 * kernel-64kb-debuginfo-5.14.21-150400.24.205.1 * kernel-64kb-devel-5.14.21-150400.24.205.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * kernel-syms-5.14.21-150400.24.205.1 * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-obs-build-5.14.21-150400.24.205.1 * kernel-default-devel-5.14.21-150400.24.205.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * kernel-obs-build-debugsource-5.14.21-150400.24.205.1 * reiserfs-kmp-default-5.14.21-150400.24.205.1 * kernel-default-base-5.14.21-150400.24.205.1.150400.24.104.2 * kernel-default-devel-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * kernel-devel-5.14.21-150400.24.205.1 * kernel-macros-5.14.21-150400.24.205.1 * kernel-source-5.14.21-150400.24.205.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.205.1 * kernel-64kb-debuginfo-5.14.21-150400.24.205.1 * kernel-64kb-devel-5.14.21-150400.24.205.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.205.1.150400.24.104.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.205.1 * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-default-devel-5.14.21-150400.24.205.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * kernel-obs-build-debugsource-5.14.21-150400.24.205.1 * reiserfs-kmp-default-5.14.21-150400.24.205.1 * kernel-obs-build-5.14.21-150400.24.205.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * kernel-devel-5.14.21-150400.24.205.1 * kernel-macros-5.14.21-150400.24.205.1 * kernel-source-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc) * kernel-docs-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.205.1 * kernel-zfcpdump-debugsource-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * kernel-syms-5.14.21-150400.24.205.1 * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-obs-build-5.14.21-150400.24.205.1 * kernel-default-devel-5.14.21-150400.24.205.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.205.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 * kernel-obs-build-debugsource-5.14.21-150400.24.205.1 * reiserfs-kmp-default-5.14.21-150400.24.205.1 * kernel-default-base-5.14.21-150400.24.205.1.150400.24.104.2 * kernel-default-devel-debuginfo-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * kernel-devel-5.14.21-150400.24.205.1 * kernel-macros-5.14.21-150400.24.205.1 * kernel-source-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.205.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_51-debugsource-1-150400.9.5.1 * kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-1-150400.9.5.1 * kernel-default-debugsource-5.14.21-150400.24.205.1 * kernel-default-livepatch-5.14.21-150400.24.205.1 * kernel-default-livepatch-devel-5.14.21-150400.24.205.1 * kernel-livepatch-5_14_21-150400_24_205-default-1-150400.9.5.1 * kernel-default-debuginfo-5.14.21-150400.24.205.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:38:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:38:05 -0000 Subject: SUSE-SU-2026:1671-1: important: Security update for the Linux Kernel Message-ID: <177788388572.1375.5132604271750642249@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1671-1 Release Date: 2026-05-02T06:01:09Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1671=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1671=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1671=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1671=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1671=1 ## Package List: * openSUSE Leap 15.6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (noarch) * kernel-source-vanilla-6.4.0-150600.23.100.1 * kernel-macros-6.4.0-150600.23.100.1 * kernel-devel-6.4.0-150600.23.100.1 * kernel-source-6.4.0-150600.23.100.1 * kernel-docs-html-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (nosrc ppc64le x86_64) * kernel-debug-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (ppc64le x86_64) * kernel-debug-devel-6.4.0-150600.23.100.1 * kernel-debug-devel-debuginfo-6.4.0-150600.23.100.1 * kernel-debug-debugsource-6.4.0-150600.23.100.1 * kernel-debug-debuginfo-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (x86_64) * kernel-debug-vdso-debuginfo-6.4.0-150600.23.100.1 * kernel-default-vdso-debuginfo-6.4.0-150600.23.100.1 * kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.100.1 * kernel-kvmsmall-vdso-6.4.0-150600.23.100.1 * kernel-default-vdso-6.4.0-150600.23.100.1 * kernel-debug-vdso-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-6.4.0-150600.23.100.1 * kernel-kvmsmall-debugsource-6.4.0-150600.23.100.1 * kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.100.1 * kernel-default-base-rebuild-6.4.0-150600.23.100.1.150600.12.46.2 * kernel-default-base-6.4.0-150600.23.100.1.150600.12.46.2 * kernel-kvmsmall-debuginfo-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-extra-6.4.0-150600.23.100.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-debugsource-6.4.0-150600.23.100.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kselftests-kmp-default-6.4.0-150600.23.100.1 * dlm-kmp-default-6.4.0-150600.23.100.1 * ocfs2-kmp-default-6.4.0-150600.23.100.1 * kernel-obs-build-6.4.0-150600.23.100.1 * gfs2-kmp-default-6.4.0-150600.23.100.1 * kernel-default-optional-debuginfo-6.4.0-150600.23.100.1 * kernel-default-devel-6.4.0-150600.23.100.1 * kernel-syms-6.4.0-150600.23.100.1 * kernel-obs-qa-6.4.0-150600.23.100.1 * kernel-obs-build-debugsource-6.4.0-150600.23.100.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.100.1 * kernel-default-extra-debuginfo-6.4.0-150600.23.100.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-livepatch-6.4.0-150600.23.100.1 * cluster-md-kmp-default-6.4.0-150600.23.100.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-optional-6.4.0-150600.23.100.1 * kselftests-kmp-default-debuginfo-6.4.0-150600.23.100.1 * reiserfs-kmp-default-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_23-debugsource-1-150600.13.5.1 * kernel-livepatch-6_4_0-150600_23_100-default-1-150600.13.5.1 * kernel-livepatch-6_4_0-150600_23_100-default-debuginfo-1-150600.13.5.1 * kernel-default-livepatch-devel-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (s390x) * kernel-zfcpdump-debugsource-6.4.0-150600.23.100.1 * kernel-zfcpdump-debuginfo-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (nosrc) * dtb-aarch64-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64) * dtb-mediatek-6.4.0-150600.23.100.1 * cluster-md-kmp-64kb-6.4.0-150600.23.100.1 * kernel-64kb-devel-debuginfo-6.4.0-150600.23.100.1 * dtb-lg-6.4.0-150600.23.100.1 * dtb-apple-6.4.0-150600.23.100.1 * reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * ocfs2-kmp-64kb-6.4.0-150600.23.100.1 * dtb-marvell-6.4.0-150600.23.100.1 * kselftests-kmp-64kb-6.4.0-150600.23.100.1 * gfs2-kmp-64kb-6.4.0-150600.23.100.1 * dtb-hisilicon-6.4.0-150600.23.100.1 * gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * reiserfs-kmp-64kb-6.4.0-150600.23.100.1 * kernel-64kb-extra-debuginfo-6.4.0-150600.23.100.1 * dtb-exynos-6.4.0-150600.23.100.1 * dtb-sprd-6.4.0-150600.23.100.1 * dtb-apm-6.4.0-150600.23.100.1 * dtb-amazon-6.4.0-150600.23.100.1 * kernel-64kb-optional-6.4.0-150600.23.100.1 * dtb-freescale-6.4.0-150600.23.100.1 * kernel-64kb-extra-6.4.0-150600.23.100.1 * ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * dtb-arm-6.4.0-150600.23.100.1 * dtb-amlogic-6.4.0-150600.23.100.1 * dtb-nvidia-6.4.0-150600.23.100.1 * dtb-allwinner-6.4.0-150600.23.100.1 * dtb-rockchip-6.4.0-150600.23.100.1 * dlm-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * dtb-broadcom-6.4.0-150600.23.100.1 * kernel-64kb-debugsource-6.4.0-150600.23.100.1 * cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * dtb-socionext-6.4.0-150600.23.100.1 * dtb-xilinx-6.4.0-150600.23.100.1 * dtb-qcom-6.4.0-150600.23.100.1 * dtb-renesas-6.4.0-150600.23.100.1 * dtb-amd-6.4.0-150600.23.100.1 * kernel-64kb-debuginfo-6.4.0-150600.23.100.1 * kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * dlm-kmp-64kb-6.4.0-150600.23.100.1 * dtb-cavium-6.4.0-150600.23.100.1 * kernel-64kb-devel-6.4.0-150600.23.100.1 * kernel-64kb-optional-debuginfo-6.4.0-150600.23.100.1 * dtb-altera-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.100.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc) * kernel-default-6.4.0-150600.23.100.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-debugsource-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.100.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kernel-syms-6.4.0-150600.23.100.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.100.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.100.1 * dlm-kmp-default-6.4.0-150600.23.100.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.100.1 * kernel-obs-build-6.4.0-150600.23.100.1 * kernel-obs-build-debugsource-6.4.0-150600.23.100.1 * ocfs2-kmp-default-6.4.0-150600.23.100.1 * gfs2-kmp-default-6.4.0-150600.23.100.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-devel-6.4.0-150600.23.100.1 * cluster-md-kmp-default-6.4.0-150600.23.100.1 * kernel-default-debugsource-6.4.0-150600.23.100.1 * reiserfs-kmp-default-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64) * kernel-64kb-devel-debuginfo-6.4.0-150600.23.100.1 * kernel-64kb-debuginfo-6.4.0-150600.23.100.1 * kernel-64kb-devel-6.4.0-150600.23.100.1 * kernel-64kb-debugsource-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-150600.23.100.1.150600.12.46.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * kernel-devel-6.4.0-150600.23.100.1 * kernel-source-6.4.0-150600.23.100.1 * kernel-macros-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch nosrc) * kernel-docs-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x) * kernel-zfcpdump-debugsource-6.4.0-150600.23.100.1 * kernel-zfcpdump-debuginfo-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.100.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kernel-syms-6.4.0-150600.23.100.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.100.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.100.1 * dlm-kmp-default-6.4.0-150600.23.100.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.100.1 * kernel-obs-build-6.4.0-150600.23.100.1 * kernel-obs-build-debugsource-6.4.0-150600.23.100.1 * ocfs2-kmp-default-6.4.0-150600.23.100.1 * gfs2-kmp-default-6.4.0-150600.23.100.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-base-6.4.0-150600.23.100.1.150600.12.46.2 * kernel-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-devel-6.4.0-150600.23.100.1 * cluster-md-kmp-default-6.4.0-150600.23.100.1 * kernel-default-debugsource-6.4.0-150600.23.100.1 * reiserfs-kmp-default-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (nosrc ppc64le x86_64) * kernel-default-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * kernel-devel-6.4.0-150600.23.100.1 * kernel-source-6.4.0-150600.23.100.1 * kernel-macros-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Live Patching 15-SP6 (nosrc) * kernel-default-6.4.0-150600.23.100.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_100-default-1-150600.13.5.1 * kernel-livepatch-SLE15-SP6_Update_23-debugsource-1-150600.13.5.1 * kernel-default-debuginfo-6.4.0-150600.23.100.1 * kernel-livepatch-6_4_0-150600_23_100-default-debuginfo-1-150600.13.5.1 * kernel-default-livepatch-6.4.0-150600.23.100.1 * kernel-default-debugsource-6.4.0-150600.23.100.1 * kernel-default-livepatch-devel-6.4.0-150600.23.100.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 08:38:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 08:38:16 -0000 Subject: SUSE-SU-2026:1670-1: important: Security update for the Linux Kernel Message-ID: <177788389654.1375.6459545660049535242@dde0e951fc7e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1670-1 Release Date: 2026-05-02T05:53:43Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1670=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1670=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1670=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1670=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1670=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1670=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1670=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.149.1.150500.6.73.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.149.1 * kernel-default-debuginfo-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-macros-5.14.21-150500.55.149.1 * kernel-source-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.149.1.150500.6.73.2 * gfs2-kmp-default-5.14.21-150500.55.149.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-obs-build-5.14.21-150500.55.149.1 * dlm-kmp-default-5.14.21-150500.55.149.1 * ocfs2-kmp-default-5.14.21-150500.55.149.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-debugsource-5.14.21-150500.55.149.1 * kernel-obs-build-debugsource-5.14.21-150500.55.149.1 * kernel-default-devel-5.14.21-150500.55.149.1 * kernel-syms-5.14.21-150500.55.149.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.149.1 * cluster-md-kmp-default-5.14.21-150500.55.149.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.149.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150500.55.149.1 * kernel-64kb-devel-5.14.21-150500.55.149.1 * kernel-64kb-debuginfo-5.14.21-150500.55.149.1 * kernel-64kb-debugsource-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * kernel-devel-5.14.21-150500.55.149.1 * kernel-macros-5.14.21-150500.55.149.1 * kernel-source-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.149.1.150500.6.73.2 * gfs2-kmp-default-5.14.21-150500.55.149.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-obs-build-5.14.21-150500.55.149.1 * dlm-kmp-default-5.14.21-150500.55.149.1 * ocfs2-kmp-default-5.14.21-150500.55.149.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-debugsource-5.14.21-150500.55.149.1 * kernel-obs-build-debugsource-5.14.21-150500.55.149.1 * kernel-default-devel-5.14.21-150500.55.149.1 * kernel-syms-5.14.21-150500.55.149.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.149.1 * cluster-md-kmp-default-5.14.21-150500.55.149.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.149.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150500.55.149.1 * kernel-64kb-devel-5.14.21-150500.55.149.1 * kernel-64kb-debuginfo-5.14.21-150500.55.149.1 * kernel-64kb-debugsource-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * kernel-devel-5.14.21-150500.55.149.1 * kernel-macros-5.14.21-150500.55.149.1 * kernel-source-5.14.21-150500.55.149.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.14.21-150500.55.149.1 * gfs2-kmp-default-5.14.21-150500.55.149.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * ocfs2-kmp-default-5.14.21-150500.55.149.1 * dlm-kmp-default-5.14.21-150500.55.149.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-debugsource-5.14.21-150500.55.149.1 * kernel-obs-build-debugsource-5.14.21-150500.55.149.1 * kernel-default-devel-5.14.21-150500.55.149.1 * kernel-syms-5.14.21-150500.55.149.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.149.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.149.1 * cluster-md-kmp-default-5.14.21-150500.55.149.1 * reiserfs-kmp-default-5.14.21-150500.55.149.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.149.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150500.55.149.1 * kernel-64kb-devel-5.14.21-150500.55.149.1 * kernel-64kb-debuginfo-5.14.21-150500.55.149.1 * kernel-64kb-debugsource-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.149.1.150500.6.73.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * kernel-devel-5.14.21-150500.55.149.1 * kernel-macros-5.14.21-150500.55.149.1 * kernel-source-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch nosrc) * kernel-docs-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.149.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.149.1.150500.6.73.2 * gfs2-kmp-default-5.14.21-150500.55.149.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-obs-build-5.14.21-150500.55.149.1 * dlm-kmp-default-5.14.21-150500.55.149.1 * ocfs2-kmp-default-5.14.21-150500.55.149.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-debugsource-5.14.21-150500.55.149.1 * kernel-obs-build-debugsource-5.14.21-150500.55.149.1 * kernel-default-devel-5.14.21-150500.55.149.1 * kernel-syms-5.14.21-150500.55.149.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.149.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.149.1 * cluster-md-kmp-default-5.14.21-150500.55.149.1 * reiserfs-kmp-default-5.14.21-150500.55.149.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.149.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * kernel-devel-5.14.21-150500.55.149.1 * kernel-macros-5.14.21-150500.55.149.1 * kernel-source-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.149.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.14.21-150500.55.149.1 * kernel-default-debugsource-5.14.21-150500.55.149.1 * kernel-default-livepatch-5.14.21-150500.55.149.1 * kernel-default-debuginfo-5.14.21-150500.55.149.1 * kernel-livepatch-5_14_21-150500_55_149-default-1-150500.11.5.1 * kernel-livepatch-SLE15-SP5_Update_38-debugsource-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_55_149-default-debuginfo-1-150500.11.5.1 * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (noarch) * kernel-devel-5.14.21-150500.55.149.1 * kernel-source-vanilla-5.14.21-150500.55.149.1 * kernel-docs-html-5.14.21-150500.55.149.1 * kernel-macros-5.14.21-150500.55.149.1 * kernel-source-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.149.1.150500.6.73.2 * kernel-kvmsmall-devel-5.14.21-150500.55.149.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.149.1 * kernel-default-base-rebuild-5.14.21-150500.55.149.1.150500.6.73.2 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.149.1 * kernel-kvmsmall-debugsource-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-default-optional-5.14.21-150500.55.149.1 * kernel-default-debugsource-5.14.21-150500.55.149.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.149.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * gfs2-kmp-default-5.14.21-150500.55.149.1 * kernel-default-extra-5.14.21-150500.55.149.1 * kernel-default-devel-5.14.21-150500.55.149.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kselftests-kmp-default-5.14.21-150500.55.149.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.149.1 * kernel-obs-qa-5.14.21-150500.55.149.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.149.1 * ocfs2-kmp-default-5.14.21-150500.55.149.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-default-debuginfo-5.14.21-150500.55.149.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.149.1 * kernel-obs-build-5.14.21-150500.55.149.1 * dlm-kmp-default-5.14.21-150500.55.149.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.149.1 * kernel-default-livepatch-5.14.21-150500.55.149.1 * kernel-obs-build-debugsource-5.14.21-150500.55.149.1 * kernel-syms-5.14.21-150500.55.149.1 * cluster-md-kmp-default-5.14.21-150500.55.149.1 * reiserfs-kmp-default-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_149-default-1-150500.11.5.1 * kernel-default-livepatch-devel-5.14.21-150500.55.149.1 * kernel-livepatch-5_14_21-150500_55_149-default-debuginfo-1-150500.11.5.1 * kernel-livepatch-SLE15-SP5_Update_38-debugsource-1-150500.11.5.1 * openSUSE Leap 15.5 (x86_64) * kernel-kvmsmall-vdso-5.14.21-150500.55.149.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.149.1 * kernel-default-vdso-debuginfo-5.14.21-150500.55.149.1 * kernel-default-vdso-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.149.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (aarch64) * dtb-cavium-5.14.21-150500.55.149.1 * dtb-hisilicon-5.14.21-150500.55.149.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.149.1 * kernel-64kb-optional-5.14.21-150500.55.149.1 * dtb-arm-5.14.21-150500.55.149.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.149.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.149.1 * dtb-nvidia-5.14.21-150500.55.149.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.149.1 * cluster-md-kmp-64kb-5.14.21-150500.55.149.1 * dtb-xilinx-5.14.21-150500.55.149.1 * dtb-amd-5.14.21-150500.55.149.1 * dtb-allwinner-5.14.21-150500.55.149.1 * dtb-marvell-5.14.21-150500.55.149.1 * kernel-64kb-devel-5.14.21-150500.55.149.1 * kernel-64kb-extra-5.14.21-150500.55.149.1 * ocfs2-kmp-64kb-5.14.21-150500.55.149.1 * dtb-amlogic-5.14.21-150500.55.149.1 * dtb-apm-5.14.21-150500.55.149.1 * dtb-exynos-5.14.21-150500.55.149.1 * dtb-mediatek-5.14.21-150500.55.149.1 * dtb-altera-5.14.21-150500.55.149.1 * dlm-kmp-64kb-5.14.21-150500.55.149.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.149.1 * dtb-sprd-5.14.21-150500.55.149.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.149.1 * dtb-rockchip-5.14.21-150500.55.149.1 * dtb-apple-5.14.21-150500.55.149.1 * dtb-renesas-5.14.21-150500.55.149.1 * gfs2-kmp-64kb-5.14.21-150500.55.149.1 * kernel-64kb-debugsource-5.14.21-150500.55.149.1 * kselftests-kmp-64kb-5.14.21-150500.55.149.1 * dtb-freescale-5.14.21-150500.55.149.1 * reiserfs-kmp-64kb-5.14.21-150500.55.149.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.149.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.149.1 * dtb-socionext-5.14.21-150500.55.149.1 * kernel-64kb-debuginfo-5.14.21-150500.55.149.1 * dtb-lg-5.14.21-150500.55.149.1 * dtb-broadcom-5.14.21-150500.55.149.1 * dtb-qcom-5.14.21-150500.55.149.1 * dtb-amazon-5.14.21-150500.55.149.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.149.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.149.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 4 16:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 04 May 2026 16:30:05 -0000 Subject: SUSE-SU-2026:1671-2: important: Security update for the Linux Kernel Message-ID: <177791220596.1800.9476005931741384355@9f1e1d6b19fe> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1671-2 Release Date: 2026-05-04T09:19:32Z Rating: important References: * bsc#1262573 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to fix one security issue The following security issue was fixed: * CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1671=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-6.4.0-150600.23.100.1 * kernel-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-extra-debuginfo-6.4.0-150600.23.100.1 * kernel-default-debugsource-6.4.0-150600.23.100.1 * kernel-syms-6.4.0-150600.23.100.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.100.1 * gfs2-kmp-default-6.4.0-150600.23.100.1 * kernel-default-optional-debuginfo-6.4.0-150600.23.100.1 * kselftests-kmp-default-debuginfo-6.4.0-150600.23.100.1 * cluster-md-kmp-default-6.4.0-150600.23.100.1 * kernel-obs-qa-6.4.0-150600.23.100.1 * kernel-default-devel-6.4.0-150600.23.100.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.100.1 * dlm-kmp-default-6.4.0-150600.23.100.1 * kernel-obs-build-debugsource-6.4.0-150600.23.100.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.100.1 * reiserfs-kmp-default-6.4.0-150600.23.100.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.100.1 * kselftests-kmp-default-6.4.0-150600.23.100.1 * ocfs2-kmp-default-6.4.0-150600.23.100.1 * kernel-default-livepatch-6.4.0-150600.23.100.1 * kernel-default-optional-6.4.0-150600.23.100.1 * kernel-default-extra-6.4.0-150600.23.100.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (nosrc ppc64le x86_64) * kernel-debug-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (ppc64le x86_64) * kernel-debug-devel-debuginfo-6.4.0-150600.23.100.1 * kernel-debug-debugsource-6.4.0-150600.23.100.1 * kernel-debug-debuginfo-6.4.0-150600.23.100.1 * kernel-debug-devel-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (x86_64) * kernel-debug-vdso-debuginfo-6.4.0-150600.23.100.1 * kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.100.1 * kernel-default-vdso-6.4.0-150600.23.100.1 * kernel-debug-vdso-6.4.0-150600.23.100.1 * kernel-kvmsmall-vdso-6.4.0-150600.23.100.1 * kernel-default-vdso-debuginfo-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.100.1 * kernel-default-base-6.4.0-150600.23.100.1.150600.12.46.2 * kernel-kvmsmall-devel-6.4.0-150600.23.100.1 * kernel-kvmsmall-debugsource-6.4.0-150600.23.100.1 * kernel-default-base-rebuild-6.4.0-150600.23.100.1.150600.12.46.2 * kernel-kvmsmall-debuginfo-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (noarch) * kernel-devel-6.4.0-150600.23.100.1 * kernel-docs-html-6.4.0-150600.23.100.1 * kernel-source-6.4.0-150600.23.100.1 * kernel-macros-6.4.0-150600.23.100.1 * kernel-source-vanilla-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (s390x) * kernel-zfcpdump-debuginfo-6.4.0-150600.23.100.1 * kernel-zfcpdump-debugsource-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64) * cluster-md-kmp-64kb-6.4.0-150600.23.100.1 * gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * dtb-nvidia-6.4.0-150600.23.100.1 * dtb-allwinner-6.4.0-150600.23.100.1 * kselftests-kmp-64kb-6.4.0-150600.23.100.1 * kernel-64kb-debugsource-6.4.0-150600.23.100.1 * kernel-64kb-extra-debuginfo-6.4.0-150600.23.100.1 * dtb-amlogic-6.4.0-150600.23.100.1 * dtb-lg-6.4.0-150600.23.100.1 * dtb-qcom-6.4.0-150600.23.100.1 * kernel-64kb-devel-6.4.0-150600.23.100.1 * gfs2-kmp-64kb-6.4.0-150600.23.100.1 * dtb-marvell-6.4.0-150600.23.100.1 * dtb-cavium-6.4.0-150600.23.100.1 * dtb-renesas-6.4.0-150600.23.100.1 * dtb-sprd-6.4.0-150600.23.100.1 * dtb-socionext-6.4.0-150600.23.100.1 * dtb-amazon-6.4.0-150600.23.100.1 * ocfs2-kmp-64kb-6.4.0-150600.23.100.1 * cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * dtb-apple-6.4.0-150600.23.100.1 * dtb-mediatek-6.4.0-150600.23.100.1 * dtb-xilinx-6.4.0-150600.23.100.1 * dtb-exynos-6.4.0-150600.23.100.1 * kernel-64kb-optional-debuginfo-6.4.0-150600.23.100.1 * dtb-arm-6.4.0-150600.23.100.1 * dlm-kmp-64kb-6.4.0-150600.23.100.1 * dtb-broadcom-6.4.0-150600.23.100.1 * dtb-amd-6.4.0-150600.23.100.1 * dlm-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * kernel-64kb-debuginfo-6.4.0-150600.23.100.1 * ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * dtb-apm-6.4.0-150600.23.100.1 * reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.100.1 * dtb-rockchip-6.4.0-150600.23.100.1 * kernel-64kb-optional-6.4.0-150600.23.100.1 * kernel-64kb-devel-debuginfo-6.4.0-150600.23.100.1 * reiserfs-kmp-64kb-6.4.0-150600.23.100.1 * dtb-hisilicon-6.4.0-150600.23.100.1 * kernel-64kb-extra-6.4.0-150600.23.100.1 * dtb-freescale-6.4.0-150600.23.100.1 * dtb-altera-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (nosrc) * dtb-aarch64-6.4.0-150600.23.100.1 * openSUSE Leap 15.6 (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.100.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1262573 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue May 5 12:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 05 May 2026 12:30:18 -0000 Subject: SUSE-SU-2026:1691-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Message-ID: <177798421897.2105.8326704090381185212@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1691-1 Release Date: 2026-05-05T07:04:40Z Rating: important References: * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.28 fixes various security issues The following security issues were fixed: * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1691=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_28-rt-debuginfo-5-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_8-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_28-rt-5-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue May 5 12:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 05 May 2026 12:30:26 -0000 Subject: SUSE-SU-2026:1689-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177798422677.2105.11294825980742158985@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1689-1 Release Date: 2026-05-05T06:34:34Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.31 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1689=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_31-rt-4-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_9-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-debuginfo-4-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue May 5 12:30:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 05 May 2026 12:30:29 -0000 Subject: SUSE-SU-2026:1690-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise 15 SP7) Message-ID: <177798422970.2105.688272119716447031@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1690-1 Release Date: 2026-05-05T06:34:37Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.37 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1690=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1683=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_37-rt-debuginfo-2-150700.2.1 * kernel-livepatch-6_4_0-150700_7_37-rt-2-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_11-debugsource-2-150700.2.1 * kernel-livepatch-6_4_0-150700_7_34-rt-debuginfo-2-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_10-debugsource-2-150700.2.1 * kernel-livepatch-6_4_0-150700_7_34-rt-2-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue May 5 12:30:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 05 May 2026 12:30:38 -0000 Subject: SUSE-SU-2026:1686-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Message-ID: <177798423839.2105.18197076245613885012@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1686-1 Release Date: 2026-05-05T06:34:31Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.25 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1686=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1681=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1682=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1687=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1688=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_19-rt-7-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-6-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-5-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-10-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-10-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-7-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-10-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-10-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-10-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-7-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-6-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-6-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-10-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue May 5 12:30:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 05 May 2026 12:30:52 -0000 Subject: SUSE-SU-2026:1684-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7) Message-ID: <177798425276.2105.13074770036354134165@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1684-1 Release Date: 2026-05-05T06:34:23Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1684=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1685=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1680=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-15-150700.3.1 * kernel-livepatch-6_4_0-150700_5-rt-15-150700.3.1 * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-15-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-15-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-15-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-15-150700.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue May 5 16:30:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Tue, 05 May 2026 16:30:11 -0000 Subject: SUSE-SU-2026:1692-1: moderate: Security update for xen Message-ID: <177799861149.2418.7827781856684424900@1f74500a55eb> # Security update for xen Announcement ID: SUSE-SU-2026:1692-1 Release Date: 2026-05-05T08:03:59Z Rating: moderate References: * bsc#1262178 * bsc#1262180 * bsc#1262428 Cross-References: * CVE-2025-54505 * CVE-2026-23557 * CVE-2026-23558 CVSS scores: * CVE-2025-54505 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-54505 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-54505 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23557 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23558 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23558 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves three vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD- SN-7053 (bsc#1262428). * CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178). * CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1692=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1692=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1692=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1692=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1692=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-debugsource-4.16.7_08-150400.4.81.2 * xen-libs-4.16.7_08-150400.4.81.2 * xen-libs-debuginfo-4.16.7_08-150400.4.81.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-debugsource-4.16.7_08-150400.4.81.2 * xen-libs-4.16.7_08-150400.4.81.2 * xen-libs-debuginfo-4.16.7_08-150400.4.81.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-debugsource-4.16.7_08-150400.4.81.2 * xen-libs-4.16.7_08-150400.4.81.2 * xen-libs-debuginfo-4.16.7_08-150400.4.81.2 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-debugsource-4.16.7_08-150400.4.81.2 * xen-libs-4.16.7_08-150400.4.81.2 * xen-libs-debuginfo-4.16.7_08-150400.4.81.2 * openSUSE Leap 15.4 (aarch64 x86_64 i586) * xen-libs-debuginfo-4.16.7_08-150400.4.81.2 * xen-devel-4.16.7_08-150400.4.81.2 * xen-tools-domU-4.16.7_08-150400.4.81.2 * xen-tools-domU-debuginfo-4.16.7_08-150400.4.81.2 * xen-libs-4.16.7_08-150400.4.81.2 * xen-debugsource-4.16.7_08-150400.4.81.2 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-debuginfo-4.16.7_08-150400.4.81.2 * xen-libs-32bit-4.16.7_08-150400.4.81.2 * openSUSE Leap 15.4 (aarch64 x86_64) * xen-tools-debuginfo-4.16.7_08-150400.4.81.2 * xen-doc-html-4.16.7_08-150400.4.81.2 * xen-4.16.7_08-150400.4.81.2 * xen-tools-4.16.7_08-150400.4.81.2 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.7_08-150400.4.81.2 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.16.7_08-150400.4.81.2 * xen-libs-64bit-4.16.7_08-150400.4.81.2 ## References: * https://www.suse.com/security/cve/CVE-2025-54505.html * https://www.suse.com/security/cve/CVE-2026-23557.html * https://www.suse.com/security/cve/CVE-2026-23558.html * https://bugzilla.suse.com/show_bug.cgi?id=1262178 * https://bugzilla.suse.com/show_bug.cgi?id=1262180 * https://bugzilla.suse.com/show_bug.cgi?id=1262428 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 12:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 12:30:16 -0000 Subject: SUSE-SU-2026:1698-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Message-ID: <177807061605.1556.4704128629478098767@3b8fe1ea1822> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1698-1 Release Date: 2026-05-06T01:49:45Z Rating: important References: * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1698=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_28-default-5-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_8-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_28-default-debuginfo-5-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 12:30:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 12:30:25 -0000 Subject: SUSE-SU-2026:1694-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Message-ID: <177807062545.1556.7177178129338035791@3b8fe1ea1822> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1694-1 Release Date: 2026-05-06T00:22:33Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.25 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1696=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1697=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1694=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1695=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_7-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_22-default-debuginfo-5-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_6-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_11-default-debuginfo-10-150700.2.1 * kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_25-default-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_11-default-10-150700.2.1 * kernel-livepatch-6_4_0-150700_53_22-default-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_16-default-10-150700.2.1 * kernel-livepatch-6_4_0-150700_53_16-default-debuginfo-10-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_4-debugsource-10-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_3-debugsource-10-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 12:30:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 12:30:30 -0000 Subject: SUSE-SU-2026:1702-1: important: Security update for libpng12 Message-ID: <177807063004.1556.17856064225342734554@3b8fe1ea1822> # Security update for libpng12 Announcement ID: SUSE-SU-2026:1702-1 Release Date: 2026-05-06T07:43:00Z Rating: important References: * bsc#1260754 * bsc#1261957 * jsc#PED-16191 Cross-References: * CVE-2026-33416 * CVE-2026-34757 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for libpng12 fixes the following issues: Update to version 1.2.59 (jsc#PED-16191). * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-34757: use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` can lead to corrupted chunk data and potential heap information disclosure (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1702=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1702=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng12-0-1.2.59-20.14.1 * libpng12-devel-1.2.59-20.14.1 * libpng12-compat-devel-1.2.59-20.14.1 * libpng12-0-debuginfo-1.2.59-20.14.1 * libpng12-debugsource-1.2.59-20.14.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpng12-0-32bit-1.2.59-20.14.1 * libpng12-0-debuginfo-32bit-1.2.59-20.14.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng12-0-debuginfo-32bit-1.2.59-20.14.1 * libpng12-0-1.2.59-20.14.1 * libpng12-devel-1.2.59-20.14.1 * libpng12-debugsource-1.2.59-20.14.1 * libpng12-compat-devel-1.2.59-20.14.1 * libpng12-0-debuginfo-1.2.59-20.14.1 * libpng12-0-32bit-1.2.59-20.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1261957 * https://jira.suse.com/browse/PED-16191 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 12:30:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 12:30:33 -0000 Subject: SUSE-SU-2026:1701-1: important: Security update for PackageKit Message-ID: <177807063332.1556.7473025445584157367@3b8fe1ea1822> # Security update for PackageKit Announcement ID: SUSE-SU-2026:1701-1 Release Date: 2026-05-06T07:42:47Z Rating: important References: * bsc#1262220 Cross-References: * CVE-2026-41651 CVSS scores: * CVE-2026-41651 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-41651 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-41651 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for PackageKit fixes the following issue: * CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE (bsc#1262220). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1701=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1701=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * PackageKit-backend-zypp-1.1.3-24.23.1 * PackageKit-devel-1.1.3-24.23.1 * typelib-1_0-PackageKitGlib-1_0-1.1.3-24.23.1 * libpackagekit-glib2-18-debuginfo-1.1.3-24.23.1 * PackageKit-debuginfo-1.1.3-24.23.1 * libpackagekit-glib2-devel-1.1.3-24.23.1 * PackageKit-1.1.3-24.23.1 * PackageKit-debugsource-1.1.3-24.23.1 * libpackagekit-glib2-18-1.1.3-24.23.1 * PackageKit-devel-debuginfo-1.1.3-24.23.1 * PackageKit-backend-zypp-debuginfo-1.1.3-24.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * PackageKit-lang-1.1.3-24.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * PackageKit-backend-zypp-1.1.3-24.23.1 * PackageKit-devel-1.1.3-24.23.1 * typelib-1_0-PackageKitGlib-1_0-1.1.3-24.23.1 * libpackagekit-glib2-18-debuginfo-1.1.3-24.23.1 * PackageKit-debuginfo-1.1.3-24.23.1 * libpackagekit-glib2-devel-1.1.3-24.23.1 * PackageKit-1.1.3-24.23.1 * PackageKit-debugsource-1.1.3-24.23.1 * libpackagekit-glib2-18-1.1.3-24.23.1 * PackageKit-devel-debuginfo-1.1.3-24.23.1 * PackageKit-backend-zypp-debuginfo-1.1.3-24.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * PackageKit-lang-1.1.3-24.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41651.html * https://bugzilla.suse.com/show_bug.cgi?id=1262220 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 12:30:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 12:30:37 -0000 Subject: SUSE-SU-2026:1700-1: important: Security update for PackageKit Message-ID: <177807063756.1556.8283181987850009798@3b8fe1ea1822> # Security update for PackageKit Announcement ID: SUSE-SU-2026:1700-1 Release Date: 2026-05-06T07:42:37Z Rating: important References: * bsc#1262220 Cross-References: * CVE-2026-41651 CVSS scores: * CVE-2026-41651 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-41651 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-41651 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for PackageKit fixes the following issue: * CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE (bsc#1262220). ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1700=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1700=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1700=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1700=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1700=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libpackagekit-glib2-18-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-devel-1.2.4-150400.3.31.1 * PackageKit-backend-dnf-1.2.4-150400.3.31.1 * PackageKit-gtk3-module-1.2.4-150400.3.31.1 * typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.31.1 * PackageKit-gtk3-module-debuginfo-1.2.4-150400.3.31.1 * PackageKit-backend-dnf-debuginfo-1.2.4-150400.3.31.1 * PackageKit-devel-debuginfo-1.2.4-150400.3.31.1 * PackageKit-devel-1.2.4-150400.3.31.1 * PackageKit-debugsource-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-debuginfo-1.2.4-150400.3.31.1 * PackageKit-gstreamer-plugin-1.2.4-150400.3.31.1 * PackageKit-gstreamer-plugin-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-18-1.2.4-150400.3.31.1 * PackageKit-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-1.2.4-150400.3.31.1 * PackageKit-debuginfo-1.2.4-150400.3.31.1 * openSUSE Leap 15.4 (noarch) * PackageKit-lang-1.2.4-150400.3.31.1 * PackageKit-branding-upstream-1.2.4-150400.3.31.1 * openSUSE Leap 15.4 (x86_64) * libpackagekit-glib2-18-32bit-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-devel-32bit-1.2.4-150400.3.31.1 * libpackagekit-glib2-18-32bit-1.2.4-150400.3.31.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpackagekit-glib2-18-64bit-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-devel-64bit-1.2.4-150400.3.31.1 * libpackagekit-glib2-18-64bit-1.2.4-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libpackagekit-glib2-18-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-devel-1.2.4-150400.3.31.1 * typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.31.1 * PackageKit-devel-debuginfo-1.2.4-150400.3.31.1 * PackageKit-devel-1.2.4-150400.3.31.1 * PackageKit-debugsource-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-18-1.2.4-150400.3.31.1 * PackageKit-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-1.2.4-150400.3.31.1 * PackageKit-debuginfo-1.2.4-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * PackageKit-lang-1.2.4-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libpackagekit-glib2-18-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-devel-1.2.4-150400.3.31.1 * typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.31.1 * PackageKit-devel-debuginfo-1.2.4-150400.3.31.1 * PackageKit-devel-1.2.4-150400.3.31.1 * PackageKit-debugsource-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-18-1.2.4-150400.3.31.1 * PackageKit-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-1.2.4-150400.3.31.1 * PackageKit-debuginfo-1.2.4-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * PackageKit-lang-1.2.4-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libpackagekit-glib2-18-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-devel-1.2.4-150400.3.31.1 * typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.31.1 * PackageKit-devel-debuginfo-1.2.4-150400.3.31.1 * PackageKit-devel-1.2.4-150400.3.31.1 * PackageKit-debugsource-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-18-1.2.4-150400.3.31.1 * PackageKit-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-1.2.4-150400.3.31.1 * PackageKit-debuginfo-1.2.4-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * PackageKit-lang-1.2.4-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libpackagekit-glib2-18-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-devel-1.2.4-150400.3.31.1 * typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.31.1 * PackageKit-devel-debuginfo-1.2.4-150400.3.31.1 * PackageKit-devel-1.2.4-150400.3.31.1 * PackageKit-debugsource-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-debuginfo-1.2.4-150400.3.31.1 * libpackagekit-glib2-18-1.2.4-150400.3.31.1 * PackageKit-1.2.4-150400.3.31.1 * PackageKit-backend-zypp-1.2.4-150400.3.31.1 * PackageKit-debuginfo-1.2.4-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * PackageKit-lang-1.2.4-150400.3.31.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41651.html * https://bugzilla.suse.com/show_bug.cgi?id=1262220 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 12:30:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 12:30:40 -0000 Subject: SUSE-SU-2026:1699-1: moderate: Security update for sed Message-ID: <177807064088.1556.14036984088406653383@3b8fe1ea1822> # Security update for sed Announcement ID: SUSE-SU-2026:1699-1 Release Date: 2026-05-06T07:26:45Z Rating: moderate References: * bsc#1262144 Cross-References: * CVE-2026-5958 CVSS scores: * CVE-2026-5958 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N * CVE-2026-5958 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N * CVE-2026-5958 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for sed fixes the following issue: * CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file (bsc#1262144). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1699=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * sed-4.2.2-7.6.1 * sed-debugsource-4.2.2-7.6.1 * sed-debuginfo-4.2.2-7.6.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * sed-lang-4.2.2-7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5958.html * https://bugzilla.suse.com/show_bug.cgi?id=1262144 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 16:30:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 16:30:14 -0000 Subject: SUSE-SU-2026:1710-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) Message-ID: <177808501433.3066.2647488178287789750@9f1e1d6b19fe> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1710-1 Release Date: 2026-05-06T11:38:10Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1710=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_5-debugsource-7-150700.2.1 * kernel-livepatch-6_4_0-150700_53_19-default-7-150700.2.1 * kernel-livepatch-6_4_0-150700_53_19-default-debuginfo-7-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 16:30:25 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 16:30:25 -0000 Subject: SUSE-SU-2026:1708-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7) Message-ID: <177808502506.3066.6559345169983527158@9f1e1d6b19fe> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1708-1 Release Date: 2026-05-06T11:04:11Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.6 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1709=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1708=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_3-default-15-150700.2.1 * kernel-livepatch-6_4_0-150700_53_6-default-debuginfo-14-150700.2.1 * kernel-livepatch-6_4_0-150700_53_6-default-14-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_1-debugsource-15-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_2-debugsource-14-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-15-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 16:30:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 16:30:28 -0000 Subject: SUSE-SU-2026:1706-1: important: Security update for the Linux Kernel (Live Patch 79 for SUSE Linux Enterprise 12 SP5) Message-ID: <177808502842.3066.14600684803027302137@9f1e1d6b19fe> # Security update for the Linux Kernel (Live Patch 79 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1706-1 Release Date: 2026-05-06T10:28:46Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.299 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1706=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_299-default-2-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 16:30:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 16:30:46 -0000 Subject: SUSE-SU-2026:1705-1: important: Security update for java-21-openjdk Message-ID: <177808504679.3066.2710238274237212095@9f1e1d6b19fe> # Security update for java-21-openjdk Announcement ID: SUSE-SU-2026:1705-1 Release Date: 2026-05-06T10:28:39Z Rating: important References: * bsc#1259118 * bsc#1262490 * bsc#1262494 * bsc#1262495 * bsc#1262496 * bsc#1262497 * bsc#1262500 * bsc#1262501 * jsc#PED-15898 Cross-References: * CVE-2026-22007 * CVE-2026-22013 * CVE-2026-22016 * CVE-2026-22018 * CVE-2026-22021 * CVE-2026-23865 * CVE-2026-34268 * CVE-2026-34282 CVSS scores: * CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22007 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22013 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22013 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22016 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22018 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-23865 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34268 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34282 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities and contains one feature can now be installed. ## Description: This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.11+10 (April 2026 CPU). Security issues fixed: * CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). * CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). * CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). * CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). * CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). * CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). * CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). * CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: * Provide the timezone-java and tzdata-java (jsc#PED-15898). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1705=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1705=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1705=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1705=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * java-21-openjdk-devel-21.0.11.0-150600.3.26.1 * java-21-openjdk-headless-21.0.11.0-150600.3.26.1 * java-21-openjdk-21.0.11.0-150600.3.26.1 * java-21-openjdk-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-headless-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-devel-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-debugsource-21.0.11.0-150600.3.26.1 * java-21-openjdk-demo-21.0.11.0-150600.3.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * java-21-openjdk-devel-21.0.11.0-150600.3.26.1 * java-21-openjdk-headless-21.0.11.0-150600.3.26.1 * java-21-openjdk-21.0.11.0-150600.3.26.1 * java-21-openjdk-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-headless-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-devel-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-debugsource-21.0.11.0-150600.3.26.1 * java-21-openjdk-demo-21.0.11.0-150600.3.26.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * java-21-openjdk-devel-21.0.11.0-150600.3.26.1 * java-21-openjdk-jmods-21.0.11.0-150600.3.26.1 * java-21-openjdk-headless-21.0.11.0-150600.3.26.1 * java-21-openjdk-src-21.0.11.0-150600.3.26.1 * java-21-openjdk-21.0.11.0-150600.3.26.1 * java-21-openjdk-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-headless-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-devel-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-debugsource-21.0.11.0-150600.3.26.1 * java-21-openjdk-demo-21.0.11.0-150600.3.26.1 * openSUSE Leap 15.6 (noarch) * java-21-openjdk-javadoc-21.0.11.0-150600.3.26.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * java-21-openjdk-devel-21.0.11.0-150600.3.26.1 * java-21-openjdk-headless-21.0.11.0-150600.3.26.1 * java-21-openjdk-21.0.11.0-150600.3.26.1 * java-21-openjdk-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-headless-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-devel-debuginfo-21.0.11.0-150600.3.26.1 * java-21-openjdk-debugsource-21.0.11.0-150600.3.26.1 * java-21-openjdk-demo-21.0.11.0-150600.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22007.html * https://www.suse.com/security/cve/CVE-2026-22013.html * https://www.suse.com/security/cve/CVE-2026-22016.html * https://www.suse.com/security/cve/CVE-2026-22018.html * https://www.suse.com/security/cve/CVE-2026-22021.html * https://www.suse.com/security/cve/CVE-2026-23865.html * https://www.suse.com/security/cve/CVE-2026-34268.html * https://www.suse.com/security/cve/CVE-2026-34282.html * https://bugzilla.suse.com/show_bug.cgi?id=1259118 * https://bugzilla.suse.com/show_bug.cgi?id=1262490 * https://bugzilla.suse.com/show_bug.cgi?id=1262494 * https://bugzilla.suse.com/show_bug.cgi?id=1262495 * https://bugzilla.suse.com/show_bug.cgi?id=1262496 * https://bugzilla.suse.com/show_bug.cgi?id=1262497 * https://bugzilla.suse.com/show_bug.cgi?id=1262500 * https://bugzilla.suse.com/show_bug.cgi?id=1262501 * https://jira.suse.com/browse/PED-15898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 16:31:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 16:31:02 -0000 Subject: SUSE-SU-2026:1704-1: important: Security update for java-25-openjdk Message-ID: <177808506232.3066.14437090995876446082@9f1e1d6b19fe> # Security update for java-25-openjdk Announcement ID: SUSE-SU-2026:1704-1 Release Date: 2026-05-06T10:28:15Z Rating: important References: * bsc#1259118 * bsc#1262490 * bsc#1262493 * bsc#1262494 * bsc#1262495 * bsc#1262496 * bsc#1262497 * bsc#1262500 * bsc#1262501 * jsc#PED-15898 Cross-References: * CVE-2026-22007 * CVE-2026-22008 * CVE-2026-22013 * CVE-2026-22016 * CVE-2026-22018 * CVE-2026-22021 * CVE-2026-23865 * CVE-2026-34268 * CVE-2026-34282 CVSS scores: * CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22007 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22008 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-22008 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-22008 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-22013 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22013 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22016 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22018 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-23865 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34268 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34282 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves nine vulnerabilities and contains one feature can now be installed. ## Description: This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.3+9 (April 2026 CPU). Security issues fixed: * CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). * CVE-2026-22008: Libraries: unauthenticated attacker with network access via multiple protocols can gain unauthorized update, insert or delete access to data (bsc#1262493). * CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). * CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). * CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). * CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). * CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). * CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). * CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: * Provide the timezone-java and tzdata-java (jsc#PED-15898). * Migrate to the new logic of FIPS patch developed by RedHat in https://github.com/rh-openjdk/jdk/tree/fips-25u. * Add the sources of /nss-native-fips-key-import-export-adapter. * This native library is an adapter for OpenJDK to use the NSS PKCS #11 software token (libsoftokn3.so) in FIPS mode. * Allow overriding of gcc name. * Don't make missing system crypto-policies fatal. * Add create-crypto-properties-files.bash that generates during the build the config files for different fips and non-fips scenarios. * Add TestSecurityProperties.java to test the loading of system security properties where applicable. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1704=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * java-25-openjdk-25.0.3.0-150700.15.10.1 * java-25-openjdk-headless-debuginfo-25.0.3.0-150700.15.10.1 * java-25-openjdk-debuginfo-25.0.3.0-150700.15.10.1 * java-25-openjdk-devel-debuginfo-25.0.3.0-150700.15.10.1 * java-25-openjdk-demo-25.0.3.0-150700.15.10.1 * java-25-openjdk-devel-25.0.3.0-150700.15.10.1 * java-25-openjdk-headless-25.0.3.0-150700.15.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22007.html * https://www.suse.com/security/cve/CVE-2026-22008.html * https://www.suse.com/security/cve/CVE-2026-22013.html * https://www.suse.com/security/cve/CVE-2026-22016.html * https://www.suse.com/security/cve/CVE-2026-22018.html * https://www.suse.com/security/cve/CVE-2026-22021.html * https://www.suse.com/security/cve/CVE-2026-23865.html * https://www.suse.com/security/cve/CVE-2026-34268.html * https://www.suse.com/security/cve/CVE-2026-34282.html * https://bugzilla.suse.com/show_bug.cgi?id=1259118 * https://bugzilla.suse.com/show_bug.cgi?id=1262490 * https://bugzilla.suse.com/show_bug.cgi?id=1262493 * https://bugzilla.suse.com/show_bug.cgi?id=1262494 * https://bugzilla.suse.com/show_bug.cgi?id=1262495 * https://bugzilla.suse.com/show_bug.cgi?id=1262496 * https://bugzilla.suse.com/show_bug.cgi?id=1262497 * https://bugzilla.suse.com/show_bug.cgi?id=1262500 * https://bugzilla.suse.com/show_bug.cgi?id=1262501 * https://jira.suse.com/browse/PED-15898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 16:31:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 16:31:16 -0000 Subject: SUSE-SU-2026:1703-1: important: Security update for java-11-openjdk Message-ID: <177808507601.3066.7249354160430532784@9f1e1d6b19fe> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2026:1703-1 Release Date: 2026-05-06T08:45:05Z Rating: important References: * bsc#1259118 * bsc#1262490 * bsc#1262494 * bsc#1262495 * bsc#1262496 * bsc#1262497 * bsc#1262500 * bsc#1262501 * jsc#PED-15898 Cross-References: * CVE-2026-22007 * CVE-2026-22013 * CVE-2026-22016 * CVE-2026-22018 * CVE-2026-22021 * CVE-2026-23865 * CVE-2026-34268 * CVE-2026-34282 CVSS scores: * CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22007 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22013 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22013 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22016 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22018 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-23865 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34268 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34282 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves eight vulnerabilities and contains one feature can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.31+11 (April 2026 CPU). Security issues fixed: * CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). * CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). * CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). * CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). * CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). * CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). * CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). * CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: * Provide the timezone-java and tzdata-java (jsc#PED-15898). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1703=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1703=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.31.0-3.99.1 * java-11-openjdk-debuginfo-11.0.31.0-3.99.1 * java-11-openjdk-11.0.31.0-3.99.1 * java-11-openjdk-demo-11.0.31.0-3.99.1 * java-11-openjdk-devel-11.0.31.0-3.99.1 * java-11-openjdk-debugsource-11.0.31.0-3.99.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * java-11-openjdk-headless-11.0.31.0-3.99.1 * java-11-openjdk-debuginfo-11.0.31.0-3.99.1 * java-11-openjdk-11.0.31.0-3.99.1 * java-11-openjdk-demo-11.0.31.0-3.99.1 * java-11-openjdk-devel-11.0.31.0-3.99.1 * java-11-openjdk-debugsource-11.0.31.0-3.99.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22007.html * https://www.suse.com/security/cve/CVE-2026-22013.html * https://www.suse.com/security/cve/CVE-2026-22016.html * https://www.suse.com/security/cve/CVE-2026-22018.html * https://www.suse.com/security/cve/CVE-2026-22021.html * https://www.suse.com/security/cve/CVE-2026-23865.html * https://www.suse.com/security/cve/CVE-2026-34268.html * https://www.suse.com/security/cve/CVE-2026-34282.html * https://bugzilla.suse.com/show_bug.cgi?id=1259118 * https://bugzilla.suse.com/show_bug.cgi?id=1262490 * https://bugzilla.suse.com/show_bug.cgi?id=1262494 * https://bugzilla.suse.com/show_bug.cgi?id=1262495 * https://bugzilla.suse.com/show_bug.cgi?id=1262496 * https://bugzilla.suse.com/show_bug.cgi?id=1262497 * https://bugzilla.suse.com/show_bug.cgi?id=1262500 * https://bugzilla.suse.com/show_bug.cgi?id=1262501 * https://jira.suse.com/browse/PED-15898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:30:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:30:06 -0000 Subject: SUSE-SU-2026:21492-1: moderate: Security update for openCryptoki Message-ID: <177809940626.3181.5293813843641289061@dde0e951fc7e> # Security update for openCryptoki Announcement ID: SUSE-SU-2026:21492-1 Release Date: 2026-05-05T13:42:13Z Rating: moderate References: * bsc#1263819 Cross-References: * CVE-2026-40253 CVSS scores: * CVE-2026-40253 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40253 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for openCryptoki fixes the following issues: * CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects (bsc#1263819) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-697=1 ## Package List: * SUSE Linux Micro 6.0 (s390x) * openCryptoki-debugsource-3.23.0-3.1 * openCryptoki-3.23.0-3.1 * openCryptoki-debuginfo-3.23.0-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40253.html * https://bugzilla.suse.com/show_bug.cgi?id=1263819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:30:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:30:18 -0000 Subject: SUSE-SU-2026:21491-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809941831.3181.7068214197921750268@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21491-1 Release Date: 2026-05-05T14:59:28Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-396=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_13-debugsource-7-1.1 * kernel-livepatch-6_4_0-36-default-debuginfo-7-1.1 * kernel-livepatch-6_4_0-36-default-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:30:21 -0000 Subject: SUSE-SU-2026:21490-1: important: Security update for containerd Message-ID: <177809942136.3181.11376361995852287957@dde0e951fc7e> # Security update for containerd Announcement ID: SUSE-SU-2026:21490-1 Release Date: 2026-05-05T13:36:19Z Rating: important References: * bsc#1260296 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for containerd fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 `:path` pseudo-header (bsc#1260296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-696=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * containerd-1.7.29-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260296 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:30:24 -0000 Subject: SUSE-SU-2026:21489-1: important: Security update for the Linux Kernel RT (Live Patch 19 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809942470.3181.17472903391782321404@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 19 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21489-1 Release Date: 2026-05-05T13:18:14Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-41.1 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-393=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-41-rt-2-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_19-debugsource-2-1.1 * kernel-livepatch-6_4_0-41-rt-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:30:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:30:29 -0000 Subject: SUSE-SU-2026:21488-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809942943.3181.16240352111041152107@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21488-1 Release Date: 2026-05-05T13:15:02Z Rating: important References: * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues The following security issues were fixed: * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-395=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-40-default-3-1.1 * kernel-livepatch-6_4_0-40-default-debuginfo-3-1.1 * kernel-livepatch-MICRO-6-0_Update_17-debugsource-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:30:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:30:40 -0000 Subject: SUSE-SU-2026:21487-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809944018.3181.6207721606316412188@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21487-1 Release Date: 2026-05-05T13:15:02Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-394=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_7-debugsource-17-1.2 * kernel-livepatch-6_4_0-29-default-17-1.2 * kernel-livepatch-6_4_0-29-default-debuginfo-17-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:30:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:30:45 -0000 Subject: SUSE-SU-2026:21486-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809944582.3181.10985173860613203787@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21486-1 Release Date: 2026-05-05T13:12:42Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-392=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_16-debugsource-4-1.1 * kernel-livepatch-6_4_0-39-default-debuginfo-4-1.1 * kernel-livepatch-6_4_0-39-default-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:30:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:30:54 -0000 Subject: SUSE-SU-2026:21485-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809945402.3181.15642090047816067319@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21485-1 Release Date: 2026-05-05T13:12:42Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-391=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-38-default-debuginfo-5-1.2 * kernel-livepatch-6_4_0-38-default-5-1.2 * kernel-livepatch-MICRO-6-0_Update_14-debugsource-5-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:31:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:31:02 -0000 Subject: SUSE-SU-2026:21484-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809946278.3181.7004957875319957112@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21484-1 Release Date: 2026-05-05T13:12:42Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-390=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-35-default-debuginfo-9-1.1 * kernel-livepatch-6_4_0-35-default-9-1.1 * kernel-livepatch-MICRO-6-0_Update_12-debugsource-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:31:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:31:11 -0000 Subject: SUSE-SU-2026:21483-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809947149.3181.14654615272124049726@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21483-1 Release Date: 2026-05-05T13:09:59Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-389=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-34-default-debuginfo-9-1.1 * kernel-livepatch-MICRO-6-0_Update_11-debugsource-9-1.1 * kernel-livepatch-6_4_0-34-default-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:31:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:31:20 -0000 Subject: SUSE-SU-2026:21482-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809948021.3181.15113559906056696834@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21482-1 Release Date: 2026-05-05T13:09:59Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-388=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-32-default-10-1.1 * kernel-livepatch-MICRO-6-0_Update_10-debugsource-10-1.1 * kernel-livepatch-6_4_0-32-default-debuginfo-10-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:31:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:31:29 -0000 Subject: SUSE-SU-2026:21481-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809948984.3181.1589419436055659521@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21481-1 Release Date: 2026-05-05T13:09:59Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-387=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_9-debugsource-16-1.2 * kernel-livepatch-6_4_0-31-default-16-1.2 * kernel-livepatch-6_4_0-31-default-debuginfo-16-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:31:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:31:39 -0000 Subject: SUSE-SU-2026:21480-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809949980.3181.6538457419702600556@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21480-1 Release Date: 2026-05-05T13:09:59Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-386=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-debuginfo-16-1.2 * kernel-livepatch-6_4_0-30-default-16-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-16-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:31:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:31:49 -0000 Subject: SUSE-SU-2026:21479-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809950982.3181.5305434614304691108@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21479-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-385=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-28-default-debuginfo-18-3.1 * kernel-livepatch-MICRO-6-0_Update_6-debugsource-18-3.1 * kernel-livepatch-6_4_0-28-default-18-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:31:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:31:54 -0000 Subject: SUSE-SU-2026:21478-1: important: Security update for the Linux Kernel RT (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809951409.3181.12366252484795958028@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21478-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues The following security issues were fixed: * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-384=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_18-debugsource-3-1.1 * kernel-livepatch-6_4_0-40-rt-3-1.1 * kernel-livepatch-6_4_0-40-rt-debuginfo-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:32:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:32:02 -0000 Subject: SUSE-SU-2026:21477-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809952257.3181.4817474263671384438@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21477-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-383=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-39-rt-4-1.1 * kernel-livepatch-6_4_0-39-rt-debuginfo-4-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_15-debugsource-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:32:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:32:11 -0000 Subject: SUSE-SU-2026:21476-1: important: Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809953100.3181.8094521659983638689@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21476-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-382=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-38-rt-5-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_14-debugsource-5-1.1 * kernel-livepatch-6_4_0-38-rt-debuginfo-5-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:32:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:32:19 -0000 Subject: SUSE-SU-2026:21475-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809953948.3181.5543327322932135640@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21475-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-37.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-381=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_13-debugsource-5-1.1 * kernel-livepatch-6_4_0-37-rt-5-1.1 * kernel-livepatch-6_4_0-37-rt-debuginfo-5-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:32:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:32:28 -0000 Subject: SUSE-SU-2026:21474-1: important: Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809954812.3181.10516147390145749861@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21474-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-380=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-36-rt-debuginfo-9-1.1 * kernel-livepatch-6_4_0-36-rt-9-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_12-debugsource-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:32:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:32:36 -0000 Subject: SUSE-SU-2026:21473-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809955649.3181.1717215024719628910@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21473-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-379=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-10-1.1 * kernel-livepatch-6_4_0-35-rt-10-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-10-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:32:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:32:46 -0000 Subject: SUSE-SU-2026:21472-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809956682.3181.11081703165984255768@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21472-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-378=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_10-debugsource-14-1.1 * kernel-livepatch-6_4_0-34-rt-14-1.1 * kernel-livepatch-6_4_0-34-rt-debuginfo-14-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:32:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:32:56 -0000 Subject: SUSE-SU-2026:21471-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809957684.3181.13781366878522794194@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21471-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-377=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-14-1.2 * kernel-livepatch-6_4_0-33-rt-14-1.2 * kernel-livepatch-6_4_0-33-rt-debuginfo-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:33:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:33:06 -0000 Subject: SUSE-SU-2026:21470-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809958663.3181.6813726190255846511@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21470-1 Release Date: 2026-05-05T13:07:20Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-376=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-16-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-16-1.2 * kernel-livepatch-6_4_0-31-rt-16-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:33:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:33:16 -0000 Subject: SUSE-SU-2026:21469-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809959648.3181.5335872000573701467@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21469-1 Release Date: 2026-05-05T13:07:20Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-375=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-30-rt-17-1.3 * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-17-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-17-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:33:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:33:26 -0000 Subject: SUSE-SU-2026:21468-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809960653.3181.9808934171267840101@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21468-1 Release Date: 2026-05-05T13:07:20Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-374=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-28-rt-debuginfo-17-3.1 * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-17-3.1 * kernel-livepatch-6_4_0-28-rt-17-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:33:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:33:29 -0000 Subject: SUSE-SU-2026:21467-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177809960986.3181.18416203165681597485@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21467-1 Release Date: 2026-05-05T12:49:59Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-41.1 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-373=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-41-default-2-1.1 * kernel-livepatch-MICRO-6-0_Update_18-debugsource-2-1.1 * kernel-livepatch-6_4_0-41-default-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:33:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:33:35 -0000 Subject: SUSE-SU-2026:1724-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7) Message-ID: <177809961565.3181.10708436519636091373@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1724-1 Release Date: 2026-05-06T15:05:00Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.34 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1724=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_34-default-debuginfo-2-150700.2.1 * kernel-livepatch-6_4_0-150700_53_34-default-2-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_10-debugsource-2-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:33:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:33:44 -0000 Subject: SUSE-SU-2026:1718-1: important: Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4) Message-ID: <177809962457.3181.15573821891020943136@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1718-1 Release Date: 2026-05-06T12:33:52Z Rating: important References: * bsc#1252048 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.164 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1718=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1718=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_40-debugsource-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-18-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_40-debugsource-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-18-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:33:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:33:49 -0000 Subject: SUSE-SU-2026:1723-1: moderate: Security update for openCryptoki Message-ID: <177809962947.3181.15502678296915273020@dde0e951fc7e> # Security update for openCryptoki Announcement ID: SUSE-SU-2026:1723-1 Release Date: 2026-05-06T14:57:31Z Rating: moderate References: * bsc#1263819 Cross-References: * CVE-2026-40253 CVSS scores: * CVE-2026-40253 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40253 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for openCryptoki fixes the following issues: * CVE-2026-40253: updated fix by IBM for malformed BER-encoded cryptographic objects (bsc#1263819) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1723=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1723=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openCryptoki-devel-debuginfo-3.23.0-150500.3.18.1 * openCryptoki-3.23.0-150500.3.18.1 * openCryptoki-debuginfo-3.23.0-150500.3.18.1 * openCryptoki-debugsource-3.23.0-150500.3.18.1 * openCryptoki-devel-3.23.0-150500.3.18.1 * openSUSE Leap 15.5 (i586) * openCryptoki-32bit-debuginfo-3.23.0-150500.3.18.1 * openCryptoki-32bit-3.23.0-150500.3.18.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openCryptoki-64bit-3.23.0-150500.3.18.1 * openCryptoki-64bit-debuginfo-3.23.0-150500.3.18.1 * SUSE Linux Enterprise Micro 5.5 (s390x) * openCryptoki-debuginfo-3.23.0-150500.3.18.1 * openCryptoki-3.23.0-150500.3.18.1 * openCryptoki-debugsource-3.23.0-150500.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40253.html * https://bugzilla.suse.com/show_bug.cgi?id=1263819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:34:10 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:34:10 -0000 Subject: SUSE-SU-2026:1717-1: important: Security update for curl Message-ID: <177809965084.3181.11153536852382184841@dde0e951fc7e> # Security update for curl Announcement ID: SUSE-SU-2026:1717-1 Release Date: 2026-05-06T12:14:02Z Rating: important References: * bsc#1259362 * bsc#1262631 * bsc#1262632 * bsc#1262635 * bsc#1262636 * bsc#1262638 Cross-References: * CVE-2026-1965 * CVE-2026-4873 * CVE-2026-5545 * CVE-2026-6253 * CVE-2026-6276 * CVE-2026-6429 CVSS scores: * CVE-2026-1965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-1965 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-1965 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4873 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-5545 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-5545 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-6253 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6253 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6276 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6276 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6429 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6429 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves six vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: Security issues fixed: * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: * sws: prevent "connection monitor" to say disconnect twice (bsc#1259362). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1 SUSE-SLE-Product- SLES_SAP-15-SP5-2026-1717=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1717=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1717=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1717=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1717=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1717=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1717=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1717=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1717=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1717=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1717=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1717=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1717=1 SUSE-SLE- INSTALLER-15-SP4-2026-1717=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1717=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libcurl-devel-8.14.1-150400.5.83.1 * curl-mini-debugsource-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl-mini4-debuginfo-8.14.1-150400.5.83.1 * libcurl-mini4-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * openSUSE Leap 15.4 (noarch) * curl-zsh-completion-8.14.1-150400.5.83.1 * curl-fish-completion-8.14.1-150400.5.83.1 * libcurl-devel-doc-8.14.1-150400.5.83.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * libcurl-devel-32bit-8.14.1-150400.5.83.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl4-64bit-8.14.1-150400.5.83.1 * libcurl-devel-64bit-8.14.1-150400.5.83.1 * libcurl4-64bit-debuginfo-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Manager Proxy 4.3 (x86_64) * libcurl4-8.14.1-150400.5.83.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1965.html * https://www.suse.com/security/cve/CVE-2026-4873.html * https://www.suse.com/security/cve/CVE-2026-5545.html * https://www.suse.com/security/cve/CVE-2026-6253.html * https://www.suse.com/security/cve/CVE-2026-6276.html * https://www.suse.com/security/cve/CVE-2026-6429.html * https://bugzilla.suse.com/show_bug.cgi?id=1259362 * https://bugzilla.suse.com/show_bug.cgi?id=1262631 * https://bugzilla.suse.com/show_bug.cgi?id=1262632 * https://bugzilla.suse.com/show_bug.cgi?id=1262635 * https://bugzilla.suse.com/show_bug.cgi?id=1262636 * https://bugzilla.suse.com/show_bug.cgi?id=1262638 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:34:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:34:22 -0000 Subject: SUSE-SU-2026:1716-1: important: Security update for libpng12 Message-ID: <177809966253.3181.17493790351398678416@dde0e951fc7e> # Security update for libpng12 Announcement ID: SUSE-SU-2026:1716-1 Release Date: 2026-05-06T12:11:56Z Rating: important References: * bsc#1141493 * bsc#1260754 * bsc#1261957 * jsc#PED-16191 Cross-References: * CVE-2017-12652 * CVE-2026-33416 * CVE-2026-34757 CVSS scores: * CVE-2017-12652 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2017-12652 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2017-12652 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2017-12652 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2017-12652 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for libpng12 fixes the following issues: Update to version 1.2.59 (jsc#PED-16191). Security issues : * CVE-2017-12652: missing chunk length check can lead to sensitive information disclosure, data corruption or crash (bsc#1141493). * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-34757: use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` can lead to corrupted chunk data and potential heap information disclosure (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1716=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1716=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1716=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1716=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1716=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1716=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1716=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1716=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1716=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1716=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1716=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 ## References: * https://www.suse.com/security/cve/CVE-2017-12652.html * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1141493 * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1261957 * https://jira.suse.com/browse/PED-16191 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:34:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:34:38 -0000 Subject: SUSE-SU-2026:1715-1: important: Security update for python3 Message-ID: <177809967849.3181.13903669386524687807@dde0e951fc7e> # Security update for python3 Announcement ID: SUSE-SU-2026:1715-1 Release Date: 2026-05-06T12:10:39Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 * bsc#1261969 * bsc#1261970 * bsc#1262098 * bsc#1262319 * bsc#1262654 Cross-References: * CVE-2025-13462 * CVE-2026-1502 * CVE-2026-3446 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 * CVE-2026-4786 * CVE-2026-6019 * CVE-2026-6100 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1502 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1502 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-4786 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-4786 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6019 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6100 ( NVD ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). * CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). * CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). * CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). * CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1715=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1715=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1715=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1715=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1715=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1715=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1715=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1715=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1715=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1715=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1715=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1715=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1715=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1715=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1715=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1715=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1715=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1715=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1715=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1715=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1715=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python3-base-3.6.15-150300.10.118.1 * python3-testsuite-debuginfo-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-3.6.15-150300.10.118.1 * python3-doc-devhelp-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-doc-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-testsuite-3.6.15-150300.10.118.1 * openSUSE Leap 15.3 (x86_64) * libpython3_6m1_0-32bit-3.6.15-150300.10.118.1 * libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.118.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libpython3_6m1_0-64bit-3.6.15-150300.10.118.1 * libpython3_6m1_0-64bit-debuginfo-3.6.15-150300.10.118.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python3-base-3.6.15-150300.10.118.1 * python3-testsuite-debuginfo-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-3.6.15-150300.10.118.1 * python3-doc-devhelp-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-doc-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-testsuite-3.6.15-150300.10.118.1 * openSUSE Leap 15.6 (x86_64) * libpython3_6m1_0-32bit-3.6.15-150300.10.118.1 * libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-tools-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-idle-3.6.15-150300.10.118.1 * python3-dbm-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * python3-curses-3.6.15-150300.10.118.1 * python3-tools-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-dbm-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * python3-tk-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-curses-debuginfo-3.6.15-150300.10.118.1 * python3-devel-debuginfo-3.6.15-150300.10.118.1 * python3-devel-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * python3-tk-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-3.6.15-150300.10.118.1 * python3-base-debuginfo-3.6.15-150300.10.118.1 * python3-base-3.6.15-150300.10.118.1 * python3-debuginfo-3.6.15-150300.10.118.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.118.1 * python3-debugsource-3.6.15-150300.10.118.1 * libpython3_6m1_0-3.6.15-150300.10.118.1 * python3-core-debugsource-3.6.15-150300.10.118.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-1502.html * https://www.suse.com/security/cve/CVE-2026-3446.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://www.suse.com/security/cve/CVE-2026-4786.html * https://www.suse.com/security/cve/CVE-2026-6019.html * https://www.suse.com/security/cve/CVE-2026-6100.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 * https://bugzilla.suse.com/show_bug.cgi?id=1261969 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 * https://bugzilla.suse.com/show_bug.cgi?id=1262098 * https://bugzilla.suse.com/show_bug.cgi?id=1262319 * https://bugzilla.suse.com/show_bug.cgi?id=1262654 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:34:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:34:48 -0000 Subject: SUSE-SU-2026:1714-1: important: Security update for erlang Message-ID: <177809968860.3181.16979361539854538450@dde0e951fc7e> # Security update for erlang Announcement ID: SUSE-SU-2026:1714-1 Release Date: 2026-05-06T12:08:16Z Rating: important References: * bsc#1258663 * bsc#1259681 * bsc#1259682 * bsc#1259687 * bsc#1261728 Cross-References: * CVE-2026-21620 * CVE-2026-23941 * CVE-2026-23942 * CVE-2026-23943 * CVE-2026-28808 CVSS scores: * CVE-2026-21620 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21620 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21620 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23941 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-23941 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-23941 ( NVD ): 7.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23942 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-23942 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-23942 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23943 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23943 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23943 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28808 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28808 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28808 ( NVD ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28808 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * Server Applications Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for erlang fixes the following issues: * CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal (bsc#1258663). * CVE-2026-23941: HTTP Request Smuggling in Erlang OTP (bsc#1259687). * CVE-2026-23942: path traversal vulnerability in Erlang OTP (bsc#1259681). * CVE-2026-23943: denial of service due to improper handling of highly compressed data in Erlang OTP ssh (bsc#1259682). * CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1714=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1714=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1714=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1714=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1714=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1714=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1714=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1714=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1714=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1714=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1714=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1714=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * erlang-debugger-23.3.4.19-150300.3.32.1 * erlang-reltool-23.3.4.19-150300.3.32.1 * erlang-jinterface-23.3.4.19-150300.3.32.1 * erlang-dialyzer-debuginfo-23.3.4.19-150300.3.32.1 * erlang-jinterface-src-23.3.4.19-150300.3.32.1 * erlang-reltool-src-23.3.4.19-150300.3.32.1 * erlang-diameter-src-23.3.4.19-150300.3.32.1 * erlang-et-23.3.4.19-150300.3.32.1 * erlang-src-23.3.4.19-150300.3.32.1 * erlang-diameter-23.3.4.19-150300.3.32.1 * erlang-observer-src-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * erlang-doc-23.3.4.19-150300.3.32.1 * erlang-wx-debuginfo-23.3.4.19-150300.3.32.1 * erlang-observer-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-et-src-23.3.4.19-150300.3.32.1 * erlang-wx-23.3.4.19-150300.3.32.1 * erlang-wx-src-23.3.4.19-150300.3.32.1 * erlang-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-dialyzer-23.3.4.19-150300.3.32.1 * erlang-debugger-src-23.3.4.19-150300.3.32.1 * erlang-dialyzer-src-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * erlang-23.3.4.19-150300.3.32.1 * erlang-epmd-23.3.4.19-150300.3.32.1 * erlang-debugsource-23.3.4.19-150300.3.32.1 * erlang-debuginfo-23.3.4.19-150300.3.32.1 * erlang-epmd-debuginfo-23.3.4.19-150300.3.32.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21620.html * https://www.suse.com/security/cve/CVE-2026-23941.html * https://www.suse.com/security/cve/CVE-2026-23942.html * https://www.suse.com/security/cve/CVE-2026-23943.html * https://www.suse.com/security/cve/CVE-2026-28808.html * https://bugzilla.suse.com/show_bug.cgi?id=1258663 * https://bugzilla.suse.com/show_bug.cgi?id=1259681 * https://bugzilla.suse.com/show_bug.cgi?id=1259682 * https://bugzilla.suse.com/show_bug.cgi?id=1259687 * https://bugzilla.suse.com/show_bug.cgi?id=1261728 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:34:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:34:53 -0000 Subject: SUSE-SU-2026:1713-1: important: Security update for flatpak Message-ID: <177809969343.3181.3844339427505910443@dde0e951fc7e> # Security update for flatpak Announcement ID: SUSE-SU-2026:1713-1 Release Date: 2026-05-06T12:06:56Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34078 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox- expose options (bsc#1261769). * CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation (bsc#1261770). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1713=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1713=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libflatpak0-1.4.2-3.12.2 * typelib-1_0-Flatpak-1_0-1.4.2-3.12.2 * flatpak-debugsource-1.4.2-3.12.2 * libflatpak0-debuginfo-1.4.2-3.12.2 * flatpak-debuginfo-1.4.2-3.12.2 * flatpak-1.4.2-3.12.2 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libflatpak0-1.4.2-3.12.2 * typelib-1_0-Flatpak-1_0-1.4.2-3.12.2 * flatpak-debugsource-1.4.2-3.12.2 * libflatpak0-debuginfo-1.4.2-3.12.2 * flatpak-debuginfo-1.4.2-3.12.2 * flatpak-1.4.2-3.12.2 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:34:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:34:58 -0000 Subject: SUSE-SU-2026:1712-1: important: Security update for openexr Message-ID: <177809969881.3181.4288197240154305549@dde0e951fc7e> # Security update for openexr Announcement ID: SUSE-SU-2026:1712-1 Release Date: 2026-05-06T12:06:45Z Rating: important References: * bsc#1262425 * bsc#1262426 Cross-References: * CVE-2026-40244 * CVE-2026-40250 CVSS scores: * CVE-2026-40244 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40244 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40244 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40244 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-40250 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40250 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40250 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40250 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for openexr fixes the following issues: * CVE-2026-40244: Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (bsc#1262426). * CVE-2026-40250: Integer overflow in DWA decoder outBufferEnd pointer arithmetic (bsc#1262425). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1712=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1712=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1712=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1712=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1712=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1712=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1712=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1712=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1712=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1712=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1712=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * openexr-devel-2.2.1-150000.3.46.1 * openexr-debugsource-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-debuginfo-2.2.1-150000.3.46.1 * libIlmImf-2_2-23-2.2.1-150000.3.46.1 * openexr-debuginfo-2.2.1-150000.3.46.1 * libIlmImfUtil-2_2-23-2.2.1-150000.3.46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40244.html * https://www.suse.com/security/cve/CVE-2026-40250.html * https://bugzilla.suse.com/show_bug.cgi?id=1262425 * https://bugzilla.suse.com/show_bug.cgi?id=1262426 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 6 20:35:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 06 May 2026 20:35:01 -0000 Subject: SUSE-SU-2026:1711-1: moderate: Security update for openssl-3 Message-ID: <177809970185.3181.4485835351029952849@dde0e951fc7e> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1711-1 Release Date: 2026-05-06T12:04:48Z Rating: moderate References: * bsc#1261678 Cross-References: * CVE-2026-28390 CVSS scores: * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issue: * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1711=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1711=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1711=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1711=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1711=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-3.0.8-150500.5.63.1 * libopenssl3-debuginfo-3.0.8-150500.5.63.1 * libopenssl-3-devel-3.0.8-150500.5.63.1 * openssl-3-3.0.8-150500.5.63.1 * openssl-3-debugsource-3.0.8-150500.5.63.1 * openssl-3-debuginfo-3.0.8-150500.5.63.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-debuginfo-3.0.8-150500.5.63.1 * libopenssl3-32bit-3.0.8-150500.5.63.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.63.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.63.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-3.0.8-150500.5.63.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.63.1 * libopenssl3-64bit-debuginfo-3.0.8-150500.5.63.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libopenssl3-3.0.8-150500.5.63.1 * libopenssl3-debuginfo-3.0.8-150500.5.63.1 * libopenssl-3-devel-3.0.8-150500.5.63.1 * openssl-3-3.0.8-150500.5.63.1 * openssl-3-debugsource-3.0.8-150500.5.63.1 * openssl-3-debuginfo-3.0.8-150500.5.63.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libopenssl3-3.0.8-150500.5.63.1 * libopenssl3-debuginfo-3.0.8-150500.5.63.1 * libopenssl-3-devel-3.0.8-150500.5.63.1 * openssl-3-3.0.8-150500.5.63.1 * openssl-3-debugsource-3.0.8-150500.5.63.1 * openssl-3-debuginfo-3.0.8-150500.5.63.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl3-3.0.8-150500.5.63.1 * libopenssl3-debuginfo-3.0.8-150500.5.63.1 * libopenssl-3-devel-3.0.8-150500.5.63.1 * openssl-3-3.0.8-150500.5.63.1 * openssl-3-debugsource-3.0.8-150500.5.63.1 * openssl-3-debuginfo-3.0.8-150500.5.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl3-3.0.8-150500.5.63.1 * libopenssl3-debuginfo-3.0.8-150500.5.63.1 * libopenssl-3-devel-3.0.8-150500.5.63.1 * openssl-3-3.0.8-150500.5.63.1 * openssl-3-debugsource-3.0.8-150500.5.63.1 * openssl-3-debuginfo-3.0.8-150500.5.63.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28390.html * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:30:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:30:06 -0000 Subject: SUSE-SU-2026:21517-1: important: Security update for the Linux Kernel RT (Live Patch 19 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814260645.3577.2852828128483291015@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 19 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21517-1 Release Date: 2026-05-05T13:18:14Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-41.1 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-393=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-41-rt-2-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_19-debugsource-2-1.1 * kernel-livepatch-6_4_0-41-rt-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:30:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:30:14 -0000 Subject: SUSE-SU-2026:21516-1: important: Security update for the Linux Kernel RT (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814261400.3577.12791158946950968622@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21516-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues The following security issues were fixed: * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-384=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_18-debugsource-3-1.1 * kernel-livepatch-6_4_0-40-rt-3-1.1 * kernel-livepatch-6_4_0-40-rt-debuginfo-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:30:24 -0000 Subject: SUSE-SU-2026:21515-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814262462.3577.7035452736555216476@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21515-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-383=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-39-rt-4-1.1 * kernel-livepatch-6_4_0-39-rt-debuginfo-4-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_15-debugsource-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:30:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:30:33 -0000 Subject: SUSE-SU-2026:21514-1: important: Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814263395.3577.12233458451553020920@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21514-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-382=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-38-rt-5-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_14-debugsource-5-1.1 * kernel-livepatch-6_4_0-38-rt-debuginfo-5-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:30:47 -0000 Subject: SUSE-SU-2026:21513-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814264757.3577.6285572008423753418@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21513-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-37.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-381=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_13-debugsource-5-1.1 * kernel-livepatch-6_4_0-37-rt-5-1.1 * kernel-livepatch-6_4_0-37-rt-debuginfo-5-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:30:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:30:57 -0000 Subject: SUSE-SU-2026:21512-1: important: Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814265795.3577.1537814021613470223@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21512-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-380=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-36-rt-debuginfo-9-1.1 * kernel-livepatch-6_4_0-36-rt-9-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_12-debugsource-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:31:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:31:07 -0000 Subject: SUSE-SU-2026:21511-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814266766.3577.15430829409782046423@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21511-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-379=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-10-1.1 * kernel-livepatch-6_4_0-35-rt-10-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-10-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:31:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:31:18 -0000 Subject: SUSE-SU-2026:21510-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814267835.3577.16377906332194585086@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21510-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-378=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_10-debugsource-14-1.1 * kernel-livepatch-6_4_0-34-rt-14-1.1 * kernel-livepatch-6_4_0-34-rt-debuginfo-14-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:31:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:31:29 -0000 Subject: SUSE-SU-2026:21509-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814268911.3577.677102117850686178@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21509-1 Release Date: 2026-05-05T13:07:21Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-377=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-14-1.2 * kernel-livepatch-6_4_0-33-rt-14-1.2 * kernel-livepatch-6_4_0-33-rt-debuginfo-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:31:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:31:39 -0000 Subject: SUSE-SU-2026:21508-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814269969.3577.15296149984127665181@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21508-1 Release Date: 2026-05-05T13:07:20Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-376=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-16-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-16-1.2 * kernel-livepatch-6_4_0-31-rt-16-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:31:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:31:50 -0000 Subject: SUSE-SU-2026:21507-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814271049.3577.36558241485332136@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21507-1 Release Date: 2026-05-05T13:07:20Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-375=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-30-rt-17-1.3 * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-17-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-17-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:32:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:32:02 -0000 Subject: SUSE-SU-2026:21506-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814272207.3577.17195983084636304618@dde0e951fc7e> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21506-1 Release Date: 2026-05-05T13:07:20Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-374=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-28-rt-debuginfo-17-3.1 * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-17-3.1 * kernel-livepatch-6_4_0-28-rt-17-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:32:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:32:11 -0000 Subject: SUSE-SU-2026:21505-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814273161.3577.10837416883446886757@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21505-1 Release Date: 2026-05-05T14:58:33Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-396=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_13-debugsource-7-1.1 * kernel-livepatch-6_4_0-36-default-debuginfo-7-1.1 * kernel-livepatch-6_4_0-36-default-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:32:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:32:21 -0000 Subject: SUSE-SU-2026:21504-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814274141.3577.2832075644646765020@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21504-1 Release Date: 2026-05-05T13:36:02Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-391=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-38-default-debuginfo-5-1.2 * kernel-livepatch-6_4_0-38-default-5-1.2 * kernel-livepatch-MICRO-6-0_Update_14-debugsource-5-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:32:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:32:30 -0000 Subject: SUSE-SU-2026:21503-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814275089.3577.13357179893549109757@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21503-1 Release Date: 2026-05-05T13:18:42Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-390=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-35-default-debuginfo-9-1.1 * kernel-livepatch-6_4_0-35-default-9-1.1 * kernel-livepatch-MICRO-6-0_Update_12-debugsource-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:32:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:32:36 -0000 Subject: SUSE-SU-2026:21502-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814275609.3577.14558640531670783306@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21502-1 Release Date: 2026-05-05T13:15:07Z Rating: important References: * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues The following security issues were fixed: * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-395=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-40-default-3-1.1 * kernel-livepatch-6_4_0-40-default-debuginfo-3-1.1 * kernel-livepatch-MICRO-6-0_Update_17-debugsource-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:32:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:32:48 -0000 Subject: SUSE-SU-2026:21501-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814276819.3577.1574068713019006009@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21501-1 Release Date: 2026-05-05T13:15:07Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-394=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_7-debugsource-17-1.2 * kernel-livepatch-6_4_0-29-default-17-1.2 * kernel-livepatch-6_4_0-29-default-debuginfo-17-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:32:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:32:54 -0000 Subject: SUSE-SU-2026:21500-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814277412.3577.270997005045198113@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21500-1 Release Date: 2026-05-05T13:14:11Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-392=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_16-debugsource-4-1.1 * kernel-livepatch-6_4_0-39-default-debuginfo-4-1.1 * kernel-livepatch-6_4_0-39-default-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:33:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:33:03 -0000 Subject: SUSE-SU-2026:21499-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814278319.3577.494747229401031925@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21499-1 Release Date: 2026-05-05T13:11:23Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-389=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-34-default-debuginfo-9-1.1 * kernel-livepatch-MICRO-6-0_Update_11-debugsource-9-1.1 * kernel-livepatch-6_4_0-34-default-9-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:33:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:33:12 -0000 Subject: SUSE-SU-2026:21498-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814279286.3577.8717929827796419019@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21498-1 Release Date: 2026-05-05T13:10:44Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-388=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-32-default-10-1.1 * kernel-livepatch-MICRO-6-0_Update_10-debugsource-10-1.1 * kernel-livepatch-6_4_0-32-default-debuginfo-10-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:33:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:33:23 -0000 Subject: SUSE-SU-2026:21497-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814280358.3577.11543699300362776193@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21497-1 Release Date: 2026-05-05T13:10:05Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-387=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_9-debugsource-16-1.2 * kernel-livepatch-6_4_0-31-default-16-1.2 * kernel-livepatch-6_4_0-31-default-debuginfo-16-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:33:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:33:34 -0000 Subject: SUSE-SU-2026:21496-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814281488.3577.4535243623936079550@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21496-1 Release Date: 2026-05-05T13:10:05Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-386=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-debuginfo-16-1.2 * kernel-livepatch-6_4_0-30-default-16-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-16-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:33:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:33:45 -0000 Subject: SUSE-SU-2026:21495-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814282503.3577.3389475207663920317@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21495-1 Release Date: 2026-05-05T13:10:05Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-385=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-28-default-debuginfo-18-3.1 * kernel-livepatch-MICRO-6-0_Update_6-debugsource-18-3.1 * kernel-livepatch-6_4_0-28-default-18-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:33:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:33:48 -0000 Subject: SUSE-SU-2026:21494-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177814282802.3577.18439199502657869722@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21494-1 Release Date: 2026-05-05T12:51:00Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-41.1 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-373=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-41-default-2-1.1 * kernel-livepatch-MICRO-6-0_Update_18-debugsource-2-1.1 * kernel-livepatch-6_4_0-41-default-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:33:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:33:56 -0000 Subject: SUSE-SU-2026:1726-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177814283676.3577.2974628950683088883@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1726-1 Release Date: 2026-05-06T16:04:15Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.31 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1726=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_31-default-debuginfo-4-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_9-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_31-default-4-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 08:34:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 08:34:08 -0000 Subject: SUSE-SU-2026:1725-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7) Message-ID: <177814284843.3577.16928695262543854747@dde0e951fc7e> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1725-1 Release Date: 2026-05-06T16:04:08Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.51 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1725=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_51-default-debuginfo-15-150700.3.42.1 * kernel-livepatch-6_4_0-150700_51-default-15-150700.3.42.1 * kernel-livepatch-SLE15-SP7_Update_0-debugsource-15-150700.3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:30:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:30:17 -0000 Subject: SUSE-SU-2026:1733-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5) Message-ID: <177817141721.210.38288987856445568@2df5abbbd056> # Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1733-1 Release Date: 2026-05-07T09:04:22Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1733=1 SUSE-2026-1734=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1733=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1734=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1739=1 SUSE-2026-1746=1 SUSE-2026-1747=1 SUSE-2026-1738=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1738=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1739=1 SUSE-SLE-Module-Live- Patching-15-SP5-2026-1746=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-1747=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_184-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_46-debugsource-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_44-debugsource-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-12-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_184-default-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_46-debugsource-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_44-debugsource-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-12-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-18-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_29-debugsource-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-11-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_30-debugsource-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-14-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-18-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-11-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_30-debugsource-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-14-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x) * kernel-livepatch-SLE15-SP5_Update_29-debugsource-14-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:30:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:30:20 -0000 Subject: SUSE-SU-2026:1736-1: important: Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP6) Message-ID: <177817142057.210.11213539367456792675@2df5abbbd056> # Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1736-1 Release Date: 2026-05-07T02:35:14Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.95 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1737=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1736=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1730=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1730=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1736=1 SUSE-2026-1737=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_197-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_200-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_50-debugsource-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_49-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-2-150400.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_95-default-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_22-debugsource-2-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_95-default-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_22-debugsource-2-150600.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_197-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_200-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_50-debugsource-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_49-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:30:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:30:29 -0000 Subject: SUSE-SU-2026:1728-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) Message-ID: <177817142929.210.14734637897806963713@2df5abbbd056> # Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1728-1 Release Date: 2026-05-06T21:38:02Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.78 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1728=1 SUSE-2026-1729=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1728=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1729=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-7-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_17-debugsource-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-7-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-7-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-5-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-7-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_17-debugsource-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-7-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-7-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-5-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:30:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:30:37 -0000 Subject: SUSE-SU-2026:1735-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Message-ID: <177817143725.210.13995853572081758282@2df5abbbd056> # Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1735-1 Release Date: 2026-05-07T02:34:47Z Rating: important References: * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.87 fixes various security issues The following security issues were fixed: * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1727=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1735=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1735=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1727=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_20-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-4-150600.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_48-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_48-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-4-150400.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_20-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-4-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:30:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:30:41 -0000 Subject: SUSE-SU-2026:1751-1: important: Security update for jetty-minimal Message-ID: <177817144176.210.2733052457435997576@2df5abbbd056> # Security update for jetty-minimal Announcement ID: SUSE-SU-2026:1751-1 Release Date: 2026-05-07T11:53:45Z Rating: important References: * bsc#1261997 * bsc#1262115 Cross-References: * CVE-2026-2332 * CVE-2026-5795 CVSS scores: * CVE-2026-2332 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-2332 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-2332 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-5795 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-5795 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-5795 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for jetty-minimal fixes the following issues: * CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques (bsc#1262115). * CVE-2026-5795: Fixed JaspiAuthenticator broken access control (bsc#1261997). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1751=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1751=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1751=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1751=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1751=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1751=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1751=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1751=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1751=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1751=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1751=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1751=1 ## Package List: * Development Tools Module 15-SP7 (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Package Hub 15 15-SP7 (noarch) * jetty-continuation-9.4.58-150200.3.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * jetty-http-9.4.58-150200.3.40.1 * jetty-security-9.4.58-150200.3.40.1 * jetty-servlet-9.4.58-150200.3.40.1 * jetty-io-9.4.58-150200.3.40.1 * jetty-util-9.4.58-150200.3.40.1 * jetty-util-ajax-9.4.58-150200.3.40.1 * jetty-server-9.4.58-150200.3.40.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2332.html * https://www.suse.com/security/cve/CVE-2026-5795.html * https://bugzilla.suse.com/show_bug.cgi?id=1261997 * https://bugzilla.suse.com/show_bug.cgi?id=1262115 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:30:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:30:44 -0000 Subject: SUSE-SU-2026:1750-1: important: Security update for librsvg Message-ID: <177817144477.210.8899567618250709098@2df5abbbd056> # Security update for librsvg Announcement ID: SUSE-SU-2026:1750-1 Release Date: 2026-05-07T11:52:26Z Rating: important References: * bsc#1257922 Cross-References: * CVE-2026-25727 CVSS scores: * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for librsvg fixes the following issue: * CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257922). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1750=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1750=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1750=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1750=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1750=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * rsvg-convert-debuginfo-2.57.4-150600.3.8.2 * rsvg-convert-2.57.4-150600.3.8.2 * librsvg-debugsource-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-2.57.4-150600.3.8.2 * librsvg-2-2-debuginfo-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-debuginfo-2.57.4-150600.3.8.2 * librsvg-devel-2.57.4-150600.3.8.2 * typelib-1_0-Rsvg-2_0-2.57.4-150600.3.8.2 * librsvg-2-2-2.57.4-150600.3.8.2 * openSUSE Leap 15.6 (noarch) * rsvg-thumbnailer-2.57.4-150600.3.8.2 * openSUSE Leap 15.6 (aarch64_ilp32) * librsvg-2-2-64bit-debuginfo-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-64bit-debuginfo-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-64bit-2.57.4-150600.3.8.2 * librsvg-2-2-64bit-2.57.4-150600.3.8.2 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * librsvg-debugsource-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-2.57.4-150600.3.8.2 * librsvg-2-2-debuginfo-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-debuginfo-2.57.4-150600.3.8.2 * librsvg-2-2-2.57.4-150600.3.8.2 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * typelib-1_0-Rsvg-2_0-2.57.4-150600.3.8.2 * librsvg-devel-2.57.4-150600.3.8.2 * librsvg-debugsource-2.57.4-150600.3.8.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * librsvg-debugsource-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-2.57.4-150600.3.8.2 * librsvg-2-2-debuginfo-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-debuginfo-2.57.4-150600.3.8.2 * librsvg-devel-2.57.4-150600.3.8.2 * typelib-1_0-Rsvg-2_0-2.57.4-150600.3.8.2 * librsvg-2-2-2.57.4-150600.3.8.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * librsvg-debugsource-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-2.57.4-150600.3.8.2 * librsvg-2-2-debuginfo-2.57.4-150600.3.8.2 * gdk-pixbuf-loader-rsvg-debuginfo-2.57.4-150600.3.8.2 * librsvg-devel-2.57.4-150600.3.8.2 * typelib-1_0-Rsvg-2_0-2.57.4-150600.3.8.2 * librsvg-2-2-2.57.4-150600.3.8.2 ## References: * https://www.suse.com/security/cve/CVE-2026-25727.html * https://bugzilla.suse.com/show_bug.cgi?id=1257922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:31:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:31:01 -0000 Subject: SUSE-SU-2026:1749-1: moderate: Security update for webkit2gtk3 Message-ID: <177817146129.210.8470945718142781319@2df5abbbd056> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:1749-1 Release Date: 2026-05-07T10:49:01Z Rating: moderate References: * bsc#1261172 * bsc#1261173 * bsc#1261174 * bsc#1261175 * bsc#1261176 * bsc#1261177 * bsc#1261178 * bsc#1261179 Cross-References: * CVE-2026-20643 * CVE-2026-20664 * CVE-2026-20665 * CVE-2026-20691 * CVE-2026-28857 * CVE-2026-28859 * CVE-2026-28861 * CVE-2026-28871 CVSS scores: * CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-20691 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 An update that solves eight vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: * CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy (bsc#1261172). * CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261173). * CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced (bsc#1261174). * CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint the user (bsc#1261175). * CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261176). * CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox (bsc#1261177). * CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins (bsc#1261178). * CVE-2026-28871: visiting a maliciously crafted website may lead to a cross- site scripting attack (bsc#1261179). Other updates and bugfixes: * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1749=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-4.1-lang-2.52.1-150400.4.140.2 * WebKitGTK-6.0-lang-2.52.1-150400.4.140.2 * WebKitGTK-4.0-lang-2.52.1-150400.4.140.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * webkit-jsc-4-debuginfo-2.52.1-150400.4.140.2 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150400.4.140.2 * webkit2gtk4-minibrowser-2.52.1-150400.4.140.2 * webkit2gtk-4_0-injected-bundles-2.52.1-150400.4.140.2 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk4-debugsource-2.52.1-150400.4.140.2 * typelib-1_0-WebKit2-4_0-2.52.1-150400.4.140.2 * webkit2gtk4-devel-2.52.1-150400.4.140.2 * webkit-jsc-4-2.52.1-150400.4.140.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.52.1-150400.4.140.2 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150400.4.140.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk3-soup2-minibrowser-2.52.1-150400.4.140.2 * typelib-1_0-JavaScriptCore-4_1-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-2.52.1-150400.4.140.2 * libjavascriptcoregtk-6_0-1-2.52.1-150400.4.140.2 * webkit2gtk3-devel-2.52.1-150400.4.140.2 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150400.4.140.2 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150400.4.140.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150400.4.140.2 * webkit-jsc-4.1-debuginfo-2.52.1-150400.4.140.2 * webkit-jsc-6.0-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk3-soup2-debugsource-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-2.52.1-150400.4.140.2 * libwebkitgtk-6_0-4-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-2.52.1-150400.4.140.2 * webkit2gtk4-minibrowser-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_0-37-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk-4_1-injected-bundles-2.52.1-150400.4.140.2 * typelib-1_0-WebKit2-4_1-2.52.1-150400.4.140.2 * typelib-1_0-WebKit-6_0-2.52.1-150400.4.140.2 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150400.4.140.2 * webkitgtk-6_0-injected-bundles-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk3-minibrowser-2.52.1-150400.4.140.2 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150400.4.140.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150400.4.140.2 * webkit-jsc-4.1-2.52.1-150400.4.140.2 * webkit2gtk3-debugsource-2.52.1-150400.4.140.2 * webkit2gtk3-minibrowser-debuginfo-2.52.1-150400.4.140.2 * webkit2gtk3-soup2-devel-2.52.1-150400.4.140.2 * webkit-jsc-6.0-2.52.1-150400.4.140.2 * openSUSE Leap 15.4 (x86_64) * libwebkit2gtk-4_0-37-32bit-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-32bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-32bit-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-32bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_0-37-32bit-2.52.1-150400.4.140.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-64bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_0-18-64bit-2.52.1-150400.4.140.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-64bit-2.52.1-150400.4.140.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.52.1-150400.4.140.2 ## References: * https://www.suse.com/security/cve/CVE-2026-20643.html * https://www.suse.com/security/cve/CVE-2026-20664.html * https://www.suse.com/security/cve/CVE-2026-20665.html * https://www.suse.com/security/cve/CVE-2026-20691.html * https://www.suse.com/security/cve/CVE-2026-28857.html * https://www.suse.com/security/cve/CVE-2026-28859.html * https://www.suse.com/security/cve/CVE-2026-28861.html * https://www.suse.com/security/cve/CVE-2026-28871.html * https://bugzilla.suse.com/show_bug.cgi?id=1261172 * https://bugzilla.suse.com/show_bug.cgi?id=1261173 * https://bugzilla.suse.com/show_bug.cgi?id=1261174 * https://bugzilla.suse.com/show_bug.cgi?id=1261175 * https://bugzilla.suse.com/show_bug.cgi?id=1261176 * https://bugzilla.suse.com/show_bug.cgi?id=1261177 * https://bugzilla.suse.com/show_bug.cgi?id=1261178 * https://bugzilla.suse.com/show_bug.cgi?id=1261179 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:31:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:31:19 -0000 Subject: SUSE-SU-2026:1745-1: important: Security update for rmt-server Message-ID: <177817147998.210.1874468749605153039@2df5abbbd056> # Security update for rmt-server Announcement ID: SUSE-SU-2026:1745-1 Release Date: 2026-05-07T07:22:43Z Rating: important References: * bsc#1261388 * bsc#1261398 * bsc#1261406 * bsc#1261417 * bsc#1261426 * bsc#1261436 * bsc#1261447 * bsc#1261458 * bsc#1261466 * bsc#1261471 Cross-References: * CVE-2026-26961 * CVE-2026-26962 * CVE-2026-34230 * CVE-2026-34763 * CVE-2026-34785 * CVE-2026-34786 * CVE-2026-34826 * CVE-2026-34829 * CVE-2026-34830 * CVE-2026-34831 CVSS scores: * CVE-2026-26961 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-26961 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-26961 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-26961 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-26962 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-26962 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-26962 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-26962 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34230 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-34230 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34230 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34230 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34763 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34763 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34763 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34785 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34785 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34786 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34786 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34786 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34826 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-34826 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34826 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34826 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34830 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34830 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34830 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34830 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34831 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34831 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34831 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34831 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Public Cloud Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for rmt-server fixes the following issues: Update to version 2.27. Security issues fixed: * CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass (bsc#1261398). * CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to downstream header injection and response splitting(bsc#1261471). * CVE-2026-34763: rack: unescaped regex interpolation of configured root path can lead to root directory disclosure (bsc#1261406). * CVE-2026-34785: rack: prefix matching logic can lead to the exposure of unintended files under the static root (bsc#1261417). * CVE-2026-34786: rack: URL-encoded path mismatch can lead to `header_rules` bypass (bsc#1261426). * CVE-2026-34826: rack: missing individual byte range limit checks when parsing HTTP `Range` headers can lead to excessive resource consumption and a denial of service (bsc#1261436). * CVE-2026-34829: rack: multipart parsing without `Content-Length` header can lead to unbounded chunked file uploads and a denial of service (bsc#1261447). * CVE-2026-34230: rack: quadratic complexity when processing of wildcard `Accept-Encoding` headers can lead to a denial of service (bsc#1261388). * CVE-2026-34830: rack: improper sanitization of the `X-Accel-Mapping` request header can lead to the exposure of unintended files via `X-Accel-Redirect` (bsc#1261458). * CVE-2026-34831: rack: `Content-Length` header and body byte size mismatch when creating error responses can lead to incorrect HTTP response framing (bsc#1261466). Other updates and bugfixes: * Fix ReDoS in `Addressable`. * Fix out-of-bounds read in `rdiscount`. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1745=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1745=1 ## Package List: * Public Cloud Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.27-150700.3.20.1 * rmt-server-pubcloud-2.27-150700.3.20.1 * rmt-server-debugsource-2.27-150700.3.20.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rmt-server-config-2.27-150700.3.20.1 * rmt-server-debuginfo-2.27-150700.3.20.1 * rmt-server-debugsource-2.27-150700.3.20.1 * rmt-server-2.27-150700.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26961.html * https://www.suse.com/security/cve/CVE-2026-26962.html * https://www.suse.com/security/cve/CVE-2026-34230.html * https://www.suse.com/security/cve/CVE-2026-34763.html * https://www.suse.com/security/cve/CVE-2026-34785.html * https://www.suse.com/security/cve/CVE-2026-34786.html * https://www.suse.com/security/cve/CVE-2026-34826.html * https://www.suse.com/security/cve/CVE-2026-34829.html * https://www.suse.com/security/cve/CVE-2026-34830.html * https://www.suse.com/security/cve/CVE-2026-34831.html * https://bugzilla.suse.com/show_bug.cgi?id=1261388 * https://bugzilla.suse.com/show_bug.cgi?id=1261398 * https://bugzilla.suse.com/show_bug.cgi?id=1261406 * https://bugzilla.suse.com/show_bug.cgi?id=1261417 * https://bugzilla.suse.com/show_bug.cgi?id=1261426 * https://bugzilla.suse.com/show_bug.cgi?id=1261436 * https://bugzilla.suse.com/show_bug.cgi?id=1261447 * https://bugzilla.suse.com/show_bug.cgi?id=1261458 * https://bugzilla.suse.com/show_bug.cgi?id=1261466 * https://bugzilla.suse.com/show_bug.cgi?id=1261471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:31:23 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:31:23 -0000 Subject: SUSE-SU-2026:1744-1: moderate: Security update for python-pytest Message-ID: <177817148369.210.8624818182378132011@2df5abbbd056> # Security update for python-pytest Announcement ID: SUSE-SU-2026:1744-1 Release Date: 2026-05-07T07:17:07Z Rating: moderate References: * bsc#1257090 Cross-References: * CVE-2025-71176 CVSS scores: * CVE-2025-71176 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L * CVE-2025-71176 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L * CVE-2025-71176 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-pytest fixes the following issue * CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges (bsc#1257090). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1744=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1744=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-pytest-8.3.5-150400.3.15.1 * Python 3 Module 15-SP7 (noarch) * python311-pytest-8.3.5-150400.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71176.html * https://bugzilla.suse.com/show_bug.cgi?id=1257090 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:31:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:31:31 -0000 Subject: SUSE-SU-2026:1743-1: important: Security update for xen Message-ID: <177817149144.210.9188621708137869651@2df5abbbd056> # Security update for xen Announcement ID: SUSE-SU-2026:1743-1 Release Date: 2026-05-07T07:15:57Z Rating: important References: * bsc#1027519 * bsc#1262178 * bsc#1262180 * bsc#1262428 * jsc#PED-8907 Cross-References: * CVE-2025-54505 * CVE-2026-23557 * CVE-2026-23558 CVSS scores: * CVE-2025-54505 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-54505 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-54505 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23557 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23558 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23558 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for xen fixes the following issues: * Update to Xen 4.20.3 bug fix release (bsc#1027519) (jsc#PED-8907). * CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD- SN-7053 (bsc#1262428). * CVE-2026-23557: Xenstored DoS via XS_RESET_WATCHES command (bsc#1262178). * CVE-2026-23558: grant table v2 race in status page mapping (bsc#1262180). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1743=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1743=1 ## Package List: * Basesystem Module 15-SP7 (x86_64) * xen-libs-debuginfo-4.20.3_02-150700.3.33.1 * xen-debugsource-4.20.3_02-150700.3.33.1 * xen-tools-domU-4.20.3_02-150700.3.33.1 * xen-tools-domU-debuginfo-4.20.3_02-150700.3.33.1 * xen-libs-4.20.3_02-150700.3.33.1 * Server Applications Module 15-SP7 (x86_64) * xen-tools-4.20.3_02-150700.3.33.1 * xen-4.20.3_02-150700.3.33.1 * xen-debugsource-4.20.3_02-150700.3.33.1 * xen-tools-debuginfo-4.20.3_02-150700.3.33.1 * xen-devel-4.20.3_02-150700.3.33.1 * Server Applications Module 15-SP7 (noarch) * xen-tools-xendomains-wait-disk-4.20.3_02-150700.3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54505.html * https://www.suse.com/security/cve/CVE-2026-23557.html * https://www.suse.com/security/cve/CVE-2026-23558.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1262178 * https://bugzilla.suse.com/show_bug.cgi?id=1262180 * https://bugzilla.suse.com/show_bug.cgi?id=1262428 * https://jira.suse.com/browse/PED-8907 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:31:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:31:37 -0000 Subject: SUSE-SU-2026:1742-1: important: Security update for mozjs52 Message-ID: <177817149725.210.5587907317763152952@2df5abbbd056> # Security update for mozjs52 Announcement ID: SUSE-SU-2026:1742-1 Release Date: 2026-05-07T07:15:49Z Rating: important References: * bsc#1259713 * bsc#1259728 * bsc#1259731 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs52 fixes the following issues * CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728). * CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713). * CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1742=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * mozjs52-debuginfo-52.6.0-150000.3.12.1 * mozjs52-debugsource-52.6.0-150000.3.12.1 * libmozjs-52-52.6.0-150000.3.12.1 * libmozjs-52-debuginfo-52.6.0-150000.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259713 * https://bugzilla.suse.com/show_bug.cgi?id=1259728 * https://bugzilla.suse.com/show_bug.cgi?id=1259731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:31:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:31:41 -0000 Subject: SUSE-SU-2026:1741-1: important: Security update for MozillaThunderbird Message-ID: <177817150156.210.14960893514166674769@2df5abbbd056> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2026:1741-1 Release Date: 2026-05-07T07:01:07Z Rating: important References: * bsc#1262230 * bsc#1263110 Cross-References: * CVE-2026-6746 * CVE-2026-6747 * CVE-2026-6748 * CVE-2026-6749 * CVE-2026-6750 * CVE-2026-6751 * CVE-2026-6752 * CVE-2026-6753 * CVE-2026-6754 * CVE-2026-6757 * CVE-2026-6759 * CVE-2026-6761 * CVE-2026-6762 * CVE-2026-6763 * CVE-2026-6764 * CVE-2026-6765 * CVE-2026-6766 * CVE-2026-6767 * CVE-2026-6769 * CVE-2026-6770 * CVE-2026-6771 * CVE-2026-6772 * CVE-2026-6776 * CVE-2026-6785 * CVE-2026-6786 * CVE-2026-7320 * CVE-2026-7321 * CVE-2026-7322 * CVE-2026-7323 CVSS scores: * CVE-2026-6746 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6747 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6748 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6749 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6750 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6751 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6752 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6753 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6754 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6757 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6759 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6761 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6762 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6763 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6764 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-6765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6766 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6767 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6769 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6770 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-6771 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6772 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6785 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6786 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-7320 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-7321 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-7322 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-7323 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 29 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.10.1: MFSA 2026-34 (bsc#1262230): * CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. * CVE-2026-6747: Use-after-free in the WebRTC component. * CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. * CVE-2026-6750: Privilege escalation in the Graphics: WebRender component. * CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6752: Incorrect boundary conditions in the WebRTC component. * CVE-2026-6753: Incorrect boundary conditions in the WebRTC component. * CVE-2026-6754: Use-after-free in the JavaScript Engine component. * CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component. * CVE-2026-6759: Use-after-free in the Widget: Cocoa component. * CVE-2026-6761: Privilege escalation in the Networking component. * CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component. * CVE-2026-6763: Mitigation bypass in the File Handling component. * CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component. * CVE-2026-6765: Information disclosure in the Form Autofill component. * CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS. * CVE-2026-6767: Other issue in the Libraries component in NSS. * CVE-2026-6769: Privilege escalation in the Debugger component. * CVE-2026-6770: Other issue in the Storage: IndexedDB component. * CVE-2026-6771: Mitigation bypass in the DOM: Security component. * CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS. * CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. * CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. MFSA 2026-39 (bsc#1263110): * CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component. * CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-7322: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. * CVE-2026-7323: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Other updates and bugfixes: * Fixed: Newly translated strings were not available in Thunderbird. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1741=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1741=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-140.10.1-150200.8.271.1 * MozillaThunderbird-debugsource-140.10.1-150200.8.271.1 * MozillaThunderbird-translations-other-140.10.1-150200.8.271.1 * MozillaThunderbird-140.10.1-150200.8.271.1 * MozillaThunderbird-translations-common-140.10.1-150200.8.271.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * MozillaThunderbird-debuginfo-140.10.1-150200.8.271.1 * MozillaThunderbird-debugsource-140.10.1-150200.8.271.1 * MozillaThunderbird-translations-other-140.10.1-150200.8.271.1 * MozillaThunderbird-140.10.1-150200.8.271.1 * MozillaThunderbird-translations-common-140.10.1-150200.8.271.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6746.html * https://www.suse.com/security/cve/CVE-2026-6747.html * https://www.suse.com/security/cve/CVE-2026-6748.html * https://www.suse.com/security/cve/CVE-2026-6749.html * https://www.suse.com/security/cve/CVE-2026-6750.html * https://www.suse.com/security/cve/CVE-2026-6751.html * https://www.suse.com/security/cve/CVE-2026-6752.html * https://www.suse.com/security/cve/CVE-2026-6753.html * https://www.suse.com/security/cve/CVE-2026-6754.html * https://www.suse.com/security/cve/CVE-2026-6757.html * https://www.suse.com/security/cve/CVE-2026-6759.html * https://www.suse.com/security/cve/CVE-2026-6761.html * https://www.suse.com/security/cve/CVE-2026-6762.html * https://www.suse.com/security/cve/CVE-2026-6763.html * https://www.suse.com/security/cve/CVE-2026-6764.html * https://www.suse.com/security/cve/CVE-2026-6765.html * https://www.suse.com/security/cve/CVE-2026-6766.html * https://www.suse.com/security/cve/CVE-2026-6767.html * https://www.suse.com/security/cve/CVE-2026-6769.html * https://www.suse.com/security/cve/CVE-2026-6770.html * https://www.suse.com/security/cve/CVE-2026-6771.html * https://www.suse.com/security/cve/CVE-2026-6772.html * https://www.suse.com/security/cve/CVE-2026-6776.html * https://www.suse.com/security/cve/CVE-2026-6785.html * https://www.suse.com/security/cve/CVE-2026-6786.html * https://www.suse.com/security/cve/CVE-2026-7320.html * https://www.suse.com/security/cve/CVE-2026-7321.html * https://www.suse.com/security/cve/CVE-2026-7322.html * https://www.suse.com/security/cve/CVE-2026-7323.html * https://bugzilla.suse.com/show_bug.cgi?id=1262230 * https://bugzilla.suse.com/show_bug.cgi?id=1263110 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:31:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:31:53 -0000 Subject: SUSE-SU-2026:1740-1: moderate: Security update for python-Django Message-ID: <177817151355.210.5524992252380861618@2df5abbbd056> # Security update for python-Django Announcement ID: SUSE-SU-2026:1740-1 Release Date: 2026-05-07T07:00:33Z Rating: moderate References: * bsc#1261722 * bsc#1261724 * bsc#1261729 * bsc#1261731 * bsc#1261732 * bsc#1264152 * bsc#1264153 * bsc#1264154 Cross-References: * CVE-2026-33033 * CVE-2026-33034 * CVE-2026-35192 * CVE-2026-3902 * CVE-2026-4277 * CVE-2026-4292 * CVE-2026-5766 * CVE-2026-6907 CVSS scores: * CVE-2026-33033 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33033 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33033 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33034 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33034 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35192 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35192 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-35192 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-3902 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3902 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3902 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4277 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-4277 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4292 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2026-4292 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2026-5766 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-5766 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-5766 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-5766 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-6907 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6907 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-6907 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6907 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-6907 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues * CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in `ASGIRequest` requests (bsc#1261729). * CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin (bsc#1261731). * CVE-2026-4292: admin changelist forms using ModelAdmin.list_editable incorrectly allowed new instances to be created via forged POST data (bsc#1261732). * CVE-2026-5766: potential denial-of-service vulnerability in ASGI requests via file upload limit bypass (bsc#1264153). * CVE-2026-6907: potential exposure of private data due to incorrect handling of `Vary: *` in `UpdateCacheMiddleware` (bsc#1264152). * CVE-2026-33033: denial of service via missing or understated Content-Length header in ASGI requests (bsc#1261722). * CVE-2026-33034: ASGI requests with a missing or understated Content-Length header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when reading HttpRequest.body (bsc#1261724). * CVE-2026-35192: session fixation via public cached pages and `SESSION_SAVE_EVERY_REQUEST` (bsc#1264154). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1740=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1740=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-Django-4.2.11-150600.3.56.1 * SUSE Package Hub 15 15-SP7 (noarch) * python311-Django-4.2.11-150600.3.56.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33033.html * https://www.suse.com/security/cve/CVE-2026-33034.html * https://www.suse.com/security/cve/CVE-2026-35192.html * https://www.suse.com/security/cve/CVE-2026-3902.html * https://www.suse.com/security/cve/CVE-2026-4277.html * https://www.suse.com/security/cve/CVE-2026-4292.html * https://www.suse.com/security/cve/CVE-2026-5766.html * https://www.suse.com/security/cve/CVE-2026-6907.html * https://bugzilla.suse.com/show_bug.cgi?id=1261722 * https://bugzilla.suse.com/show_bug.cgi?id=1261724 * https://bugzilla.suse.com/show_bug.cgi?id=1261729 * https://bugzilla.suse.com/show_bug.cgi?id=1261731 * https://bugzilla.suse.com/show_bug.cgi?id=1261732 * https://bugzilla.suse.com/show_bug.cgi?id=1264152 * https://bugzilla.suse.com/show_bug.cgi?id=1264153 * https://bugzilla.suse.com/show_bug.cgi?id=1264154 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:32:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:32:06 -0000 Subject: SUSE-SU-2026:1732-1: important: Security update for java-17-openjdk Message-ID: <177817152622.210.17524959267401307961@2df5abbbd056> # Security update for java-17-openjdk Announcement ID: SUSE-SU-2026:1732-1 Release Date: 2026-05-07T00:43:53Z Rating: important References: * bsc#1259118 * bsc#1262490 * bsc#1262494 * bsc#1262495 * bsc#1262496 * bsc#1262497 * bsc#1262500 * bsc#1262501 * jsc#PED-15898 Cross-References: * CVE-2026-22007 * CVE-2026-22013 * CVE-2026-22016 * CVE-2026-22018 * CVE-2026-22021 * CVE-2026-23865 * CVE-2026-34268 * CVE-2026-34282 CVSS scores: * CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22007 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22013 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22013 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22016 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22018 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-23865 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34268 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34282 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities and contains one feature can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.19+10 (April 2026 CPU). Security issues fixed: * CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). * CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). * CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). * CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). * CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). * CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). * CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). * CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: * Provide the timezone-java and tzdata-java (jsc#PED-15898). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1732=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1732=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1732=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1732=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1732=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1732=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1732=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1732=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1732=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1732=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1732=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1732=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-src-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-jmods-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * openSUSE Leap 15.4 (noarch) * java-17-openjdk-javadoc-17.0.19.0-150400.3.66.2 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * java-17-openjdk-debugsource-17.0.19.0-150400.3.66.2 * java-17-openjdk-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-debuginfo-17.0.19.0-150400.3.66.2 * java-17-openjdk-devel-17.0.19.0-150400.3.66.2 * java-17-openjdk-17.0.19.0-150400.3.66.2 * java-17-openjdk-demo-17.0.19.0-150400.3.66.2 * java-17-openjdk-headless-17.0.19.0-150400.3.66.2 ## References: * https://www.suse.com/security/cve/CVE-2026-22007.html * https://www.suse.com/security/cve/CVE-2026-22013.html * https://www.suse.com/security/cve/CVE-2026-22016.html * https://www.suse.com/security/cve/CVE-2026-22018.html * https://www.suse.com/security/cve/CVE-2026-22021.html * https://www.suse.com/security/cve/CVE-2026-23865.html * https://www.suse.com/security/cve/CVE-2026-34268.html * https://www.suse.com/security/cve/CVE-2026-34282.html * https://bugzilla.suse.com/show_bug.cgi?id=1259118 * https://bugzilla.suse.com/show_bug.cgi?id=1262490 * https://bugzilla.suse.com/show_bug.cgi?id=1262494 * https://bugzilla.suse.com/show_bug.cgi?id=1262495 * https://bugzilla.suse.com/show_bug.cgi?id=1262496 * https://bugzilla.suse.com/show_bug.cgi?id=1262497 * https://bugzilla.suse.com/show_bug.cgi?id=1262500 * https://bugzilla.suse.com/show_bug.cgi?id=1262501 * https://jira.suse.com/browse/PED-15898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 16:32:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 16:32:19 -0000 Subject: SUSE-SU-2026:1731-1: important: Security update for java-11-openjdk Message-ID: <177817153910.210.8515305012164121323@2df5abbbd056> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2026:1731-1 Release Date: 2026-05-07T00:42:28Z Rating: important References: * bsc#1259118 * bsc#1262490 * bsc#1262494 * bsc#1262495 * bsc#1262496 * bsc#1262497 * bsc#1262500 * bsc#1262501 * jsc#PED-15898 Cross-References: * CVE-2026-22007 * CVE-2026-22013 * CVE-2026-22016 * CVE-2026-22018 * CVE-2026-22021 * CVE-2026-23865 * CVE-2026-34268 * CVE-2026-34282 CVSS scores: * CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22007 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22013 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22013 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22016 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22018 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-23865 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34268 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34282 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves eight vulnerabilities and contains one feature can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.31+11 (April 2026 CPU). Security issues fixed: * CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). * CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). * CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). * CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). * CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). * CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). * CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). * CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: * Provide the timezone-java and tzdata-java (jsc#PED-15898). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1731=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1731=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1731=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1731=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1731=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1731=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1731=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1731=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1731=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1731=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1731=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1731=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-headless-debuginfo-11.0.31.0-150000.3.138.1 * java-11-openjdk-debugsource-11.0.31.0-150000.3.138.1 * java-11-openjdk-debuginfo-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-debuginfo-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-headless-debuginfo-11.0.31.0-150000.3.138.1 * java-11-openjdk-debugsource-11.0.31.0-150000.3.138.1 * java-11-openjdk-debuginfo-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-debuginfo-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * SUSE Package Hub 15 15-SP7 (noarch) * java-11-openjdk-javadoc-11.0.31.0-150000.3.138.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-debugsource-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-debugsource-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-debugsource-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-headless-debuginfo-11.0.31.0-150000.3.138.1 * java-11-openjdk-debugsource-11.0.31.0-150000.3.138.1 * java-11-openjdk-debuginfo-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-debuginfo-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-11-openjdk-headless-11.0.31.0-150000.3.138.1 * java-11-openjdk-demo-11.0.31.0-150000.3.138.1 * java-11-openjdk-debugsource-11.0.31.0-150000.3.138.1 * java-11-openjdk-11.0.31.0-150000.3.138.1 * java-11-openjdk-devel-11.0.31.0-150000.3.138.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22007.html * https://www.suse.com/security/cve/CVE-2026-22013.html * https://www.suse.com/security/cve/CVE-2026-22016.html * https://www.suse.com/security/cve/CVE-2026-22018.html * https://www.suse.com/security/cve/CVE-2026-22021.html * https://www.suse.com/security/cve/CVE-2026-23865.html * https://www.suse.com/security/cve/CVE-2026-34268.html * https://www.suse.com/security/cve/CVE-2026-34282.html * https://bugzilla.suse.com/show_bug.cgi?id=1259118 * https://bugzilla.suse.com/show_bug.cgi?id=1262490 * https://bugzilla.suse.com/show_bug.cgi?id=1262494 * https://bugzilla.suse.com/show_bug.cgi?id=1262495 * https://bugzilla.suse.com/show_bug.cgi?id=1262496 * https://bugzilla.suse.com/show_bug.cgi?id=1262497 * https://bugzilla.suse.com/show_bug.cgi?id=1262500 * https://bugzilla.suse.com/show_bug.cgi?id=1262501 * https://jira.suse.com/browse/PED-15898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 20:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 20:30:21 -0000 Subject: SUSE-SU-2026:1755-1: important: Security update for freeipmi Message-ID: <177818582149.263.16408053621428934209@d7d34dcee2d8> # Security update for freeipmi Announcement ID: SUSE-SU-2026:1755-1 Release Date: 2026-05-07T13:55:17Z Rating: important References: * bsc#1260414 Cross-References: * CVE-2026-33554 CVSS scores: * CVE-2026-33554 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33554 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-33554 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for freeipmi fixes the following issue: * CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses (bsc#1260414). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1755=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1755=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1755=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1755=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1755=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1755=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1755=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1755=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1755=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1755=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1755=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1755=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64 i586) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * freeipmi-bmc-watchdog-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmidetectd-debuginfo-1.6.8-150400.3.3.1 * freeipmi-bmc-watchdog-debuginfo-1.6.8-150400.3.3.1 * freeipmi-ipmidetectd-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * Basesystem Module 15-SP7 (aarch64 x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * freeipmi-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-1.6.8-150400.3.3.1 * freeipmi-devel-1.6.8-150400.3.3.1 * freeipmi-debuginfo-1.6.8-150400.3.3.1 * libipmidetect0-1.6.8-150400.3.3.1 * libipmiconsole2-debuginfo-1.6.8-150400.3.3.1 * freeipmi-debugsource-1.6.8-150400.3.3.1 * libipmidetect0-debuginfo-1.6.8-150400.3.3.1 * libfreeipmi17-1.6.8-150400.3.3.1 * libipmimonitoring6-debuginfo-1.6.8-150400.3.3.1 * libipmiconsole2-1.6.8-150400.3.3.1 * freeipmi-ipmiseld-debuginfo-1.6.8-150400.3.3.1 * libipmimonitoring6-1.6.8-150400.3.3.1 * libfreeipmi17-debuginfo-1.6.8-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33554.html * https://bugzilla.suse.com/show_bug.cgi?id=1260414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 20:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 20:30:24 -0000 Subject: SUSE-SU-2026:1754-1: important: Security update for freeipmi Message-ID: <177818582452.263.17099537481326989092@d7d34dcee2d8> # Security update for freeipmi Announcement ID: SUSE-SU-2026:1754-1 Release Date: 2026-05-07T13:54:30Z Rating: important References: * bsc#1260414 Cross-References: * CVE-2026-33554 CVSS scores: * CVE-2026-33554 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33554 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-33554 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for freeipmi fixes the following issue: * CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses (bsc#1260414). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1754=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1754=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 x86_64) * freeipmi-debuginfo-1.5.7-3.6.1 * freeipmi-1.5.7-3.6.1 * libipmimonitoring6-debuginfo-1.5.7-3.6.1 * libipmimonitoring6-1.5.7-3.6.1 * libipmiconsole2-1.5.7-3.6.1 * libipmidetect0-debuginfo-1.5.7-3.6.1 * libfreeipmi17-1.5.7-3.6.1 * freeipmi-debugsource-1.5.7-3.6.1 * libfreeipmi17-debuginfo-1.5.7-3.6.1 * libipmiconsole2-debuginfo-1.5.7-3.6.1 * freeipmi-devel-1.5.7-3.6.1 * libipmidetect0-1.5.7-3.6.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * freeipmi-debuginfo-1.5.7-3.6.1 * freeipmi-1.5.7-3.6.1 * libipmimonitoring6-debuginfo-1.5.7-3.6.1 * libipmimonitoring6-1.5.7-3.6.1 * libipmiconsole2-1.5.7-3.6.1 * libipmidetect0-debuginfo-1.5.7-3.6.1 * libfreeipmi17-1.5.7-3.6.1 * freeipmi-debugsource-1.5.7-3.6.1 * libfreeipmi17-debuginfo-1.5.7-3.6.1 * libipmiconsole2-debuginfo-1.5.7-3.6.1 * freeipmi-devel-1.5.7-3.6.1 * libipmidetect0-1.5.7-3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33554.html * https://bugzilla.suse.com/show_bug.cgi?id=1260414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 7 20:30:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 07 May 2026 20:30:27 -0000 Subject: SUSE-SU-2026:1753-1: important: Security update for 389-ds Message-ID: <177818582797.263.11215437746978470553@d7d34dcee2d8> # Security update for 389-ds Announcement ID: SUSE-SU-2026:1753-1 Release Date: 2026-05-07T13:54:19Z Rating: important References: * bsc#1258727 Cross-References: * CVE-2025-14905 CVSS scores: * CVE-2025-14905 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-14905 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-14905 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for 389-ds fixes the following issues: Update to version 2.0.20~git89.937b1f291. Security issues fixed: * CVE-2025-14905: heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` callback (bsc#1258727). Other updates and bugfixes: * Issue 7224 - CI Test - Simplify `test_reserve_descriptor_validation` (#7225). * Issue 7189 - DSBLE0007 generates incorrect remediation commands for scan limits. * Issue 7172 - (2nd) Index ordering mismatch after upgrade (#7180). * Issue 7172 - Index ordering mismatch after upgrade (#7173). * Issue 7096 - During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7145). * Issue 7091 - Duplicate local password policy entries listed (#7092). * Issue 7124 - BDB cursor race condition with transaction isolation (#7125). * Issue 7121 - LeakSanitizer: various leaks during replication (#7122). * Issue 7115 - LeakSanitizer: leak in `slapd_bind_local_user()` (#7116). * Issue 7109 - AddressSanitizer: SEGV `ldap/servers/slapd/csnset.c:302` in `csnset_dup` (#7114). * Issue 7056 - DSBLE0007 doesn't generate remediation steps for missing indexes. * Issue 6846 - Attribute uniqueness is not enforced with modrdn (#7026). * Issue 7055 - Online initialization of consumers fails with error `-23` (#7075). * Issue 7065 - A search filter containing a non normalized DN assertion does not return matching entries (#7068). * Issue 7032 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue (#7036). * Issue 6966 - On large DB, unlimited IDL scan limit reduce the SRCH performance (#6967). * Issue 6848 - AddressSanitizer: leak in `do_search`. * Issue 6928 - The `parentId` attribute is indexed with improper matching rule. * Issue 6933 - When deferred `memberof` update is enabled after the server crashed it should not launch memberof fixup task by default (#6935). * Issue 6929 - Compilation failure with `rust-1.89` on Fedora ELN. * Issue 6859 - `str2filter` is not fully applying matching rules. * Issue 6857 - `uiduniq`: allow specifying match rules in the filter. * Issue 6893 - Log user that is updated during password modify extended operation. * Issue 6680 - instance read-only mode is broken (#6681). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1753=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1753=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1753=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1753=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1753=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * 389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-snmp-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debugsource-2.0.20~git89.937b1f291-150400.3.48.1 * lib389-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-snmp-2.0.20~git89.937b1f291-150400.3.48.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * 389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debugsource-2.0.20~git89.937b1f291-150400.3.48.1 * lib389-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * 389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debugsource-2.0.20~git89.937b1f291-150400.3.48.1 * lib389-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * 389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debugsource-2.0.20~git89.937b1f291-150400.3.48.1 * lib389-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * 389-ds-devel-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debugsource-2.0.20~git89.937b1f291-150400.3.48.1 * lib389-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-2.0.20~git89.937b1f291-150400.3.48.1 * 389-ds-debuginfo-2.0.20~git89.937b1f291-150400.3.48.1 * libsvrcore0-2.0.20~git89.937b1f291-150400.3.48.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14905.html * https://bugzilla.suse.com/show_bug.cgi?id=1258727 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 16:30:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 16:30:15 -0000 Subject: SUSE-SU-2026:1771-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Message-ID: <177825781559.899.16186616720959510717@2df5abbbd056> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1771-1 Release Date: 2026-05-08T11:05:28Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1771=1 SUSE-2026-1772=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1771=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1772=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-16-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-16-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-16-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-16-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-17-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-16-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-16-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 16:30:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 16:30:27 -0000 Subject: SUSE-SU-2026:1770-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5) Message-ID: <177825782745.899.5982967837801149581@2df5abbbd056> # Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1770-1 Release Date: 2026-05-08T11:05:12Z Rating: important References: * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.133 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1770=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1770=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-6-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_34-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-6-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-6-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_34-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-6-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 16:30:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 16:30:36 -0000 Subject: SUSE-SU-2026:1768-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4) Message-ID: <177825783656.899.2089357733275583051@2df5abbbd056> # Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1768-1 Release Date: 2026-05-08T11:05:01Z Rating: important References: * bsc#1252048 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.167 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1768=1 SUSE-2026-1769=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1768=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1769=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_41-debugsource-17-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-18-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_41-debugsource-17-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 16:30:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 16:30:43 -0000 Subject: SUSE-SU-2026:1767-1: important: Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) Message-ID: <177825784322.899.9984027498288078874@2df5abbbd056> # Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1767-1 Release Date: 2026-05-08T11:04:29Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1767=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_269-default-11-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 16:30:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 16:30:51 -0000 Subject: SUSE-SU-2026:1765-1: important: Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5) Message-ID: <177825785195.899.17197414151638543310@2df5abbbd056> # Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1765-1 Release Date: 2026-05-08T11:04:21Z Rating: important References: * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.261 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1765=1 SUSE-SLE-Live- Patching-12-SP5-2026-1766=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_258-default-15-2.1 * kgraft-patch-4_12_14-122_261-default-14-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 16:30:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 16:30:54 -0000 Subject: SUSE-SU-2026:1764-1: moderate: Security update for vim Message-ID: <177825785497.899.11649933482599391378@2df5abbbd056> # Security update for vim Announcement ID: SUSE-SU-2026:1764-1 Release Date: 2026-05-08T10:39:49Z Rating: moderate References: * bsc#1261833 Cross-References: * CVE-2026-39881 CVSS scores: * CVE-2026-39881 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39881 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2026-39881 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-39881 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for vim fixes the following issue: Security fixes: * CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833). Other fixes: * Update to 9.2.0398. * 9.2.0398: MS-Windows: missing strptime() support * 9.2.0397: tabpanel: double-click opens a new tab * 9.2.0396: tests: Test_error_callback_terminal is flaky on macOS * 9.2.0395: tests: Test_backupskip() may read from $HOME * 9.2.0394: xxd: offsets greater than LONG_MAX print as negative * 9.2.0393: MS-Windows: link error with XPM support on UCRT64 * 9.2.0392: tests: Some tests are flaky * 9.2.0391: tests: Comment in test_vim9_cmd breaks syntax highlighting * 9.2.0390: filetype: some Beancount files are not recognized * 9.2.0389: DECRQM still leaves stray "pp" on Apple Terminal.app * 9.2.0388: strange indent in update_topline() * 9.2.0387: DECRQM request may leave stray chars in terminal * 9.2.0386: No scroll/scrollbar support in the tabpanel * 9.2.0385: Integer overflow with "ze" and large 'sidescrolloff' * 9.2.0384: stale Insstart after cursor move breaks undo * 9.2.0383: [security]: runtime(netrw): shell-injection via sftp: and file: URLs * 9.2.0382: Wayland: focus-stealing is non-working * 9.2.0381: Vim9: Missing check_secure() in exec_instructions() * 9.2.0380: completion: a few issues in completion code * 9.2.0379: gui.color_approx is never used * 9.2.0378: Using int as bool type in win_T struct * 9.2.0377: Using int as bool type in gui_T struct * 9.2.0376: Vim9: elseif condition compiled in dead branch * 9.2.0375: prop_find() does not find a virt text in starting line * 9.2.0374: c_CTRL-{G,T} does not handle offset * 9.2.0373: Ctrl-R mapping not triggered during completion * 9.2.0372: pum: rendering issues with multibyte text and opacity * 9.2.0371: filetype: ghostty config files are not recognized * 9.2.0370: duplicate code with literal string_T assignment * 9.2.0369: multiple definitions of STRING_INIT macro * 9.2.0368: too many strlen() calls when adding strings to dicts * 9.2.0367: runtime(netrw): ~ note expanded on MS Windows * 9.2.0366: pum: flicker when updating pum in place * 9.2.0365: using int as bool * 9.2.0364: tests: test_smoothscroll_textoff_showbreak() fails * 9.2.0363: Vim9: variable shadowed by script-local function * 9.2.0362: division by zero with smoothscroll and small windows * 9.2.0361: tests: no tests for ch_listen() with IPs * 9.2.0360: Cannot handle mouse-clicks in the tabpanel * 9.2.0359: wrong VertSplitNC highlighting on winbar * 9.2.0358: runtime(vimball): still path traversal attacks possible * 9.2.0357: [security]: command injection via backticks in tag files * 9.2.0356: Cannot apply 'scrolloff' context lines at end of file * 9.2.0355: runtime(tar): missing path traversal checks in tar#Extract() * 9.2.0354: filetype: not all Bitbake include files are recognized * 9.2.0353: Missing out-of-memory check in register.c * 9.2.0352: 'winhighlight' of left window blends into right window * 9.2.0351: repeat_string() can be improved * 9.2.0350: Enabling modelines poses a risk * 9.2.0349: cannot style non-current window separator * 9.2.0348: potential buffer underrun when setting statusline like option * 9.2.0347: Vim9: script-local variable not found * 9.2.0346: Wrong cursor position when entering command line window * 9.2.0345: Wrong autoformatting with 'autocomplete' * 9.2.0344: channel: ch_listen() can bind to network interface * 9.2.0343: tests: test_clientserver may fail on slower systems * 9.2.0342: tests: test_excmd.vim leaves swapfiles behind * 9.2.0341: some functions can be run from the sandbox * 9.2.0340: pum_redraw() may cause flicker * 9.2.0339: regexp: nfa_regmatch() allocates and frees too often * 9.2.0338: Cannot handle mouseclicks in the tabline * 9.2.0337: list indexing broken on big-endian 32-bit platforms * 9.2.0336: libvterm: no terminal reflow support * 9.2.0335: json_encode() uses recursive algorithm * 9.2.0334: GTK: window geometry shrinks with with client-side decorations * 9.2.0333: filetype: PklProject files are not recognized * 9.2.0332: popup: still opacity rendering issues * 9.2.0331: spellfile: stack buffer overflows in spell file generation * 9.2.0330: tests: some patterns in tar and zip plugin tests not strict enough * 9.2.0329: tests: test_indent.vim leaves swapfiles behind * 9.2.0328: Cannot handle mouseclicks in the statusline * 9.2.0327: filetype: uv scripts are not detected * 9.2.0326: runtime(tar): but with dotted path * 9.2.0325: runtime(tar): bug in zstd handling * 9.2.0324: 0x9b byte not unescaped in mapping * 9.2.0323: filetype: buf.lock files are not recognized * 9.2.0322: tests: test_popupwin fails * 9.2.0321: MS-Windows: No OpenType font support * 9.2.0320: several bugs with text properties * 9.2.0319: popup: rendering issues with partially transparent popups * 9.2.0318: cannot configure opacity for popup menu * 9.2.0317: listener functions do not check secure flag * 9.2.0316: [security]: command injection in netbeans interface via defineAnnoType * 9.2.0315: missing bound-checks * 9.2.0314: channel: can bind to all network interfaces * 9.2.0313: Callback channel not registered in GUI * 9.2.0312: C-type names are marked as translatable * 9.2.0311: redrawing logic with text properties can be improved * 9.2.0310: unnecessary work in vim_strchr() and find_term_bykeys() * 9.2.0309: Missing out-of-memory check to may_get_cmd_block() * 9.2.0308: Error message E1547 is wrong * 9.2.0307: more mismatches between return types and documentation * 9.2.0306: runtime(tar): some issues with lz4 support * 9.2.0305: mismatch between return types and documentation * 9.2.0304: tests: test for 9.2.0285 doesn't always fail without the fix * 9.2.0303: tests: zip plugin tests don't check for warning message properly * 9.2.0302: runtime(netrw): RFC2396 decoding double escaping spaces * 9.2.0301: Vim9: void function return value inconsistent * 9.2.0300: The vimball plugin needs some love * 9.2.0299: runtime(zip): may write using absolute paths * 9.2.0298: Some internal variables are not modified * 9.2.0297: libvterm: can improve CSI overflow code * 9.2.0296: Redundant and incorrect integer pointer casts in drawline.c * 9.2.0295: 'showcmd' shows wrong Visual block size with 'linebreak' * 9.2.0294: if_lua: lua interface does not work with lua 5.5 * 9.2.0293: :packadd may lead to heap-buffer-overflow * 9.2.0292: E340 internal error when using method call on void value * 9.2.0291: too many strlen() calls * 9.2.0290: Amiga: no support for AmigaOS 3.x * 9.2.0289: 'linebreak' may lead to wrong Visual block highlighting * 9.2.0288: libvterm: signed integer overflow parsing long CSI args * 9.2.0287: filetype: not all ObjectScript routines are recognized * 9.2.0286: still some unnecessary (int) casts in alloc() * 9.2.0285: :syn sync grouphere may go beyond end of line * 9.2.0284: tabpanel: crash when tabpanel expression returns variable line count * 9.2.0283: unnecessary (int) casts before alloc() calls * 9.2.0282: tests: Test_viminfo_len_overflow() fails * 9.2.0281: tests: Test_netrw_FileUrlEdit.. fails on Windows ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1764=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * vim-debuginfo-9.2.0398-17.65.1 * vim-9.2.0398-17.65.1 * gvim-9.2.0398-17.65.1 * gvim-debuginfo-9.2.0398-17.65.1 * vim-debugsource-9.2.0398-17.65.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * vim-data-common-9.2.0398-17.65.1 * vim-data-9.2.0398-17.65.1 ## References: * https://www.suse.com/security/cve/CVE-2026-39881.html * https://bugzilla.suse.com/show_bug.cgi?id=1261833 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 16:30:57 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 16:30:57 -0000 Subject: SUSE-SU-2026:1763-1: important: Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid Message-ID: <177825785798.899.978577096796741103@2df5abbbd056> # Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid Announcement ID: SUSE-SU-2026:1763-1 Release Date: 2026-05-08T08:59:32Z Rating: important References: * bsc#1239324 Cross-References: * CVE-2025-22869 CVSS scores: * CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22869 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for terraform-provider-aws, terraform-provider-azurerm, terraform- provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-local, terraform-provider- random, terraform-provider-tls fixes the following issues: * CVE-2025-22869: golang.org/x/crypto/ssh: denial of service when clients do not complete the key exchange in SSH servers which implement file transfer protocols (bsc#1239324). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1763=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1763=1 ## Package List: * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-external-2.0.0-150200.6.6.1 * terraform-provider-azurerm-2.32.0-150200.6.6.1 * terraform-provider-google-3.43.0-150200.6.6.1 * terraform-provider-helm-2.9.0-150200.6.17.1 * terraform-provider-tls-3.0.0-150200.5.9.1 * terraform-provider-kubernetes-1.13.2-150200.6.6.1 * terraform-provider-random-3.0.0-150200.6.9.1 * terraform-provider-aws-3.11.0-150200.6.12.1 * terraform-provider-local-2.0.0-150200.6.11.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-external-2.0.0-150200.6.6.1 * terraform-provider-azurerm-2.32.0-150200.6.6.1 * terraform-provider-google-3.43.0-150200.6.6.1 * terraform-provider-helm-2.9.0-150200.6.17.1 * terraform-provider-tls-3.0.0-150200.5.9.1 * terraform-provider-kubernetes-1.13.2-150200.6.6.1 * terraform-provider-random-3.0.0-150200.6.9.1 * terraform-provider-aws-3.11.0-150200.6.12.1 * terraform-provider-local-2.0.0-150200.6.11.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22869.html * https://bugzilla.suse.com/show_bug.cgi?id=1239324 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 16:31:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 16:31:07 -0000 Subject: SUSE-SU-2026:1762-1: important: Security update for strongswan Message-ID: <177825786751.899.12306011546549934393@2df5abbbd056> # Security update for strongswan Announcement ID: SUSE-SU-2026:1762-1 Release Date: 2026-05-08T08:58:30Z Rating: important References: * bsc#1261705 * bsc#1261706 * bsc#1261708 * bsc#1261717 * bsc#1261718 * bsc#1261720 Cross-References: * CVE-2026-35329 * CVE-2026-35330 * CVE-2026-35331 * CVE-2026-35332 * CVE-2026-35333 * CVE-2026-35334 CVSS scores: * CVE-2026-35329 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35330 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35331 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35331 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35332 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35332 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35333 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35333 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35334 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2026-35329: NULL pointer dereference when processing padding in PKCS#7 (bsc#1261717). * CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). * CVE-2026-35331: acceptance of certificates violating X.509 name constraints (bsc#1261718). * CVE-2026-35332: NULL pointer dereference when handling ECDH public value in TLS (bsc#1261708). * CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). * CVE-2026-35334: possible NULL pointer dereference in RSA decryption (bsc#1261720). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1762=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1762=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * strongswan-libs0-5.1.3-26.35.1 * strongswan-hmac-5.1.3-26.35.1 * strongswan-ipsec-5.1.3-26.35.1 * strongswan-ipsec-debuginfo-5.1.3-26.35.1 * strongswan-5.1.3-26.35.1 * strongswan-debugsource-5.1.3-26.35.1 * strongswan-libs0-debuginfo-5.1.3-26.35.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * strongswan-doc-5.1.3-26.35.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * strongswan-libs0-5.1.3-26.35.1 * strongswan-hmac-5.1.3-26.35.1 * strongswan-ipsec-5.1.3-26.35.1 * strongswan-ipsec-debuginfo-5.1.3-26.35.1 * strongswan-5.1.3-26.35.1 * strongswan-debugsource-5.1.3-26.35.1 * strongswan-libs0-debuginfo-5.1.3-26.35.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * strongswan-doc-5.1.3-26.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35329.html * https://www.suse.com/security/cve/CVE-2026-35330.html * https://www.suse.com/security/cve/CVE-2026-35331.html * https://www.suse.com/security/cve/CVE-2026-35332.html * https://www.suse.com/security/cve/CVE-2026-35333.html * https://www.suse.com/security/cve/CVE-2026-35334.html * https://bugzilla.suse.com/show_bug.cgi?id=1261705 * https://bugzilla.suse.com/show_bug.cgi?id=1261706 * https://bugzilla.suse.com/show_bug.cgi?id=1261708 * https://bugzilla.suse.com/show_bug.cgi?id=1261717 * https://bugzilla.suse.com/show_bug.cgi?id=1261718 * https://bugzilla.suse.com/show_bug.cgi?id=1261720 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 16:31:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 16:31:14 -0000 Subject: SUSE-SU-2026:1761-1: important: Security update for nginx Message-ID: <177825787435.899.1555693042996974289@2df5abbbd056> # Security update for nginx Announcement ID: SUSE-SU-2026:1761-1 Release Date: 2026-05-08T08:58:17Z Rating: important References: * bsc#1257675 * bsc#1260416 * bsc#1260417 * bsc#1260418 Cross-References: * CVE-2026-1642 * CVE-2026-27654 * CVE-2026-27784 * CVE-2026-28753 CVSS scores: * CVE-2026-1642 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1642 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1642 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1642 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27654 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27654 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-27654 ( NVD ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27654 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-27784 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-27784 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27784 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27784 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28753 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28753 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-28753 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28753 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for nginx fixes the following issues: * CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack (bsc#1257675). * CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module` module (bsc#1260416). * CVE-2026-27784: NGINX worker memory overread or overwrite via a specially crafted MP4 file (bsc#1260417). * CVE-2026-28753: arbitrary header injection into SMTP upstream requests via attacker-controlled DNS server (bsc#1260418). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1761=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1761=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1761=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1761=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nginx-debugsource-1.21.5-150600.10.15.1 * nginx-debuginfo-1.21.5-150600.10.15.1 * nginx-1.21.5-150600.10.15.1 * openSUSE Leap 15.6 (noarch) * nginx-source-1.21.5-150600.10.15.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * nginx-debugsource-1.21.5-150600.10.15.1 * nginx-debuginfo-1.21.5-150600.10.15.1 * nginx-1.21.5-150600.10.15.1 * Server Applications Module 15-SP7 (noarch) * nginx-source-1.21.5-150600.10.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * nginx-debugsource-1.21.5-150600.10.15.1 * nginx-debuginfo-1.21.5-150600.10.15.1 * nginx-1.21.5-150600.10.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * nginx-source-1.21.5-150600.10.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * nginx-debugsource-1.21.5-150600.10.15.1 * nginx-debuginfo-1.21.5-150600.10.15.1 * nginx-1.21.5-150600.10.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * nginx-source-1.21.5-150600.10.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1642.html * https://www.suse.com/security/cve/CVE-2026-27654.html * https://www.suse.com/security/cve/CVE-2026-27784.html * https://www.suse.com/security/cve/CVE-2026-28753.html * https://bugzilla.suse.com/show_bug.cgi?id=1257675 * https://bugzilla.suse.com/show_bug.cgi?id=1260416 * https://bugzilla.suse.com/show_bug.cgi?id=1260417 * https://bugzilla.suse.com/show_bug.cgi?id=1260418 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 20:30:07 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 20:30:07 -0000 Subject: SUSE-SU-2026:1778-1: important: Security update for the Linux Kernel Message-ID: <177827220779.1062.9266352157713811627@d7d34dcee2d8> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1778-1 Release Date: 2026-05-08T15:20:23Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Real Time Module 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix the following issue: This fixes the DirtyFrag issues: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc and afs modules are disabled (bsc#1264450) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1778=1 * SUSE Real Time Module 15-SP7 zypper in -t patch SUSE-SLE-Module-RT-15-SP7-2026-1778=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_13-debugsource-1-150700.1.3.1 * kernel-livepatch-6_4_0-150700_7_44-rt-1-150700.1.3.1 * kernel-livepatch-6_4_0-150700_7_44-rt-debuginfo-1-150700.1.3.1 * SUSE Real Time Module 15-SP7 (x86_64) * kernel-rt-debuginfo-6.4.0-150700.7.44.1 * ocfs2-kmp-rt-debuginfo-6.4.0-150700.7.44.1 * kernel-rt-devel-6.4.0-150700.7.44.1 * cluster-md-kmp-rt-6.4.0-150700.7.44.1 * ocfs2-kmp-rt-6.4.0-150700.7.44.1 * dlm-kmp-rt-debuginfo-6.4.0-150700.7.44.1 * gfs2-kmp-rt-debuginfo-6.4.0-150700.7.44.1 * cluster-md-kmp-rt-debuginfo-6.4.0-150700.7.44.1 * kernel-rt-debugsource-6.4.0-150700.7.44.1 * kernel-rt-devel-debuginfo-6.4.0-150700.7.44.1 * gfs2-kmp-rt-6.4.0-150700.7.44.1 * dlm-kmp-rt-6.4.0-150700.7.44.1 * kernel-syms-rt-6.4.0-150700.7.44.1 * SUSE Real Time Module 15-SP7 (noarch) * kernel-source-rt-6.4.0-150700.7.44.1 * kernel-devel-rt-6.4.0-150700.7.44.1 * SUSE Real Time Module 15-SP7 (nosrc x86_64) * kernel-rt-6.4.0-150700.7.44.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 20:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 20:30:12 -0000 Subject: SUSE-SU-2026:1775-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP7) Message-ID: <177827221221.1062.16251654842780191079@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1775-1 Release Date: 2026-05-08T12:04:33Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.37 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1775=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_37-default-2-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_11-debugsource-2-150700.2.1 * kernel-livepatch-6_4_0-150700_53_37-default-debuginfo-2-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 20:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 20:30:24 -0000 Subject: SUSE-SU-2026:1776-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6) Message-ID: <177827222468.1062.14456759776479993618@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1776-1 Release Date: 2026-05-08T12:33:55Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.50 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1776=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1776=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1774=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1774=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-16-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-16-150400.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-16-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-16-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-16-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-16-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 20:30:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 20:30:30 -0000 Subject: SUSE-SU-2026:1773-1: important: Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5) Message-ID: <177827223045.1062.12577920543234412591@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1773-1 Release Date: 2026-05-08T15:33:54Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.290 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1779=1 SUSE-SLE-Live- Patching-12-SP5-2026-1773=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_290-default-6-2.1 * kgraft-patch-4_12_14-122_272-default-10-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 8 20:30:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 08 May 2026 20:30:34 -0000 Subject: SUSE-SU-2026:1777-1: important: Security update for the Linux Kernel Message-ID: <177827223488.1062.8785240303303148858@d7d34dcee2d8> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1777-1 Release Date: 2026-05-08T13:10:13Z Rating: important References: * bsc#1246057 * bsc#1259797 Cross-References: * CVE-2025-38234 * CVE-2026-23243 CVSS scores: * CVE-2025-38234 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-1777=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-1777=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64) * kernel-trace-3.0.101-108.207.1 * kernel-xen-3.0.101-108.207.1 * kernel-default-3.0.101-108.207.1 * kernel-ec2-3.0.101-108.207.1 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64) * kernel-ec2-debugsource-3.0.101-108.207.1 * kernel-ec2-devel-3.0.101-108.207.1 * kernel-default-debugsource-3.0.101-108.207.1 * kernel-trace-devel-debuginfo-3.0.101-108.207.1 * kernel-xen-debuginfo-3.0.101-108.207.1 * kernel-default-debuginfo-3.0.101-108.207.1 * kernel-trace-debugsource-3.0.101-108.207.1 * kernel-trace-base-3.0.101-108.207.1 * kernel-xen-devel-debuginfo-3.0.101-108.207.1 * kernel-syms-3.0.101-108.207.1 * kernel-default-base-3.0.101-108.207.1 * kernel-default-devel-debuginfo-3.0.101-108.207.1 * kernel-xen-devel-3.0.101-108.207.1 * kernel-trace-devel-3.0.101-108.207.1 * kernel-source-3.0.101-108.207.1 * kernel-xen-debugsource-3.0.101-108.207.1 * kernel-ec2-base-3.0.101-108.207.1 * kernel-trace-debuginfo-3.0.101-108.207.1 * kernel-default-devel-3.0.101-108.207.1 * kernel-ec2-debuginfo-3.0.101-108.207.1 * kernel-ec2-devel-debuginfo-3.0.101-108.207.1 * kernel-xen-base-3.0.101-108.207.1 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (noarch nosrc) * kernel-docs-3.0.101-108.207.1 * SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64) * kernel-trace-3.0.101-108.207.1 * kernel-xen-3.0.101-108.207.1 * kernel-default-3.0.101-108.207.1 * kernel-ec2-3.0.101-108.207.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * kernel-ec2-debugsource-3.0.101-108.207.1 * kernel-ec2-devel-3.0.101-108.207.1 * kernel-default-debugsource-3.0.101-108.207.1 * kernel-trace-devel-debuginfo-3.0.101-108.207.1 * kernel-xen-debuginfo-3.0.101-108.207.1 * kernel-default-debuginfo-3.0.101-108.207.1 * kernel-trace-debugsource-3.0.101-108.207.1 * kernel-trace-base-3.0.101-108.207.1 * kernel-xen-devel-debuginfo-3.0.101-108.207.1 * kernel-syms-3.0.101-108.207.1 * kernel-default-base-3.0.101-108.207.1 * kernel-default-devel-debuginfo-3.0.101-108.207.1 * kernel-xen-devel-3.0.101-108.207.1 * kernel-trace-devel-3.0.101-108.207.1 * kernel-source-3.0.101-108.207.1 * kernel-xen-debugsource-3.0.101-108.207.1 * kernel-ec2-base-3.0.101-108.207.1 * kernel-trace-debuginfo-3.0.101-108.207.1 * kernel-default-devel-3.0.101-108.207.1 * kernel-ec2-debuginfo-3.0.101-108.207.1 * kernel-ec2-devel-debuginfo-3.0.101-108.207.1 * kernel-xen-base-3.0.101-108.207.1 * SUSE Linux Enterprise Server 11 SP4 (noarch nosrc) * kernel-docs-3.0.101-108.207.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38234.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://bugzilla.suse.com/show_bug.cgi?id=1246057 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:30:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:30:22 -0000 Subject: SUSE-SU-2026:1804-1: important: Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5) Message-ID: <177848822271.2501.11750586594304140482@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1804-1 Release Date: 2026-05-09T16:04:42Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.130 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1804=1 SUSE-2026-1805=1 SUSE-2026-1806=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1804=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1805=1 SUSE-SLE-Module-Live- Patching-15-SP5-2026-1806=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-6-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-9-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-9-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-16-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-6-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-9-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-9-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-16-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:30:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:30:36 -0000 Subject: SUSE-SU-2026:21575-1: moderate: Security update for openCryptoki Message-ID: <177848823651.2501.8050454707167135461@d7d34dcee2d8> # Security update for openCryptoki Announcement ID: SUSE-SU-2026:21575-1 Release Date: 2026-05-07T09:52:13Z Rating: moderate References: * bsc#1262283 * bsc#1263819 * jsc#PED-14609 Cross-References: * CVE-2026-40253 CVSS scores: * CVE-2026-40253 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40253 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability, contains one feature and has one fix can now be installed. ## Description: This update for openCryptoki fixes the following issues Security issue: * CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects (bsc#1262283). Non security issue: * Refactored .spec file to fully support transactional and immutable operating systems (jsc#PED-14609): * Migrated user and group creation (pkcs11, pkcsslotd) from imperative %pre shell commands to declarative systemd-sysusers configuration. * Replaced manual /var directory tracking and %ghost directives with comprehensive systemd-tmpfiles configurations. * Implemented dynamic, architecture-specific tmpfiles.d generation to properly provision hardware-specific token directories (e.g., ccatok, ep11tok, lite, and HSM_MK_CHANGE). * Fixed permissions for /run/opencryptoki within tmpfiles.d to ensure the daemon can successfully drop privileges and bind its communication socket. * Moved 32-bit and 64-bit shared library symlink creation (such as PKCS11_API.so, stdll, and methods) from %post scriptlets into the %install phase, ensuring they are correctly packaged and tracked on the read-only /usr partition. * Removed legacy /etc/pkcs11 bash migration logic from %post, replacing it with a declarative tmpfiles.d symlink rule. * Cleaned up scriptlets to only execute transaction-safe macros (such as ldconfig and systemd service handlers). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-718=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-718=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * openCryptoki-64bit-debuginfo-3.26.0-160000.2.1 * openCryptoki-64bit-3.26.0-160000.2.1 * openCryptoki-debugsource-3.26.0-160000.2.1 * openCryptoki-debuginfo-3.26.0-160000.2.1 * openCryptoki-devel-3.26.0-160000.2.1 * openCryptoki-3.26.0-160000.2.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * openCryptoki-64bit-debuginfo-3.26.0-160000.2.1 * openCryptoki-64bit-3.26.0-160000.2.1 * openCryptoki-debugsource-3.26.0-160000.2.1 * openCryptoki-debuginfo-3.26.0-160000.2.1 * openCryptoki-devel-3.26.0-160000.2.1 * openCryptoki-3.26.0-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40253.html * https://bugzilla.suse.com/show_bug.cgi?id=1262283 * https://bugzilla.suse.com/show_bug.cgi?id=1263819 * https://jira.suse.com/browse/PED-14609 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:30:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:30:40 -0000 Subject: SUSE-SU-2026:21574-1: moderate: Security update for c-ares Message-ID: <177848824022.2501.2561501317255516015@d7d34dcee2d8> # Security update for c-ares Announcement ID: SUSE-SU-2026:21574-1 Release Date: 2026-05-07T09:36:47Z Rating: moderate References: * bsc#1254738 Cross-References: * CVE-2025-62408 CVSS scores: * CVE-2025-62408 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-62408 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for c-ares fixes the following issue * CVE-2025-62408: use after free in read_answers() (bsc#1254738). Changes for c-ares: * c-ares 1.35.6: * Ignore Windows IDN Search Domains until proper IDN support is added * Various bug fixes ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-717=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-717=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * c-ares-debugsource-1.34.6-160000.1.1 * c-ares-devel-1.34.6-160000.1.1 * libcares2-debuginfo-1.34.6-160000.1.1 * c-ares-utils-debuginfo-1.34.6-160000.1.1 * c-ares-utils-1.34.6-160000.1.1 * libcares2-1.34.6-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * c-ares-debugsource-1.34.6-160000.1.1 * c-ares-devel-1.34.6-160000.1.1 * libcares2-debuginfo-1.34.6-160000.1.1 * c-ares-utils-debuginfo-1.34.6-160000.1.1 * c-ares-utils-1.34.6-160000.1.1 * libcares2-1.34.6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-62408.html * https://bugzilla.suse.com/show_bug.cgi?id=1254738 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:30:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:30:43 -0000 Subject: SUSE-SU-2026:21573-1: low: Security update for cairo Message-ID: <177848824341.2501.5125631608837979601@d7d34dcee2d8> # Security update for cairo Announcement ID: SUSE-SU-2026:21573-1 Release Date: 2026-05-07T09:32:39Z Rating: low References: * bsc#1247589 Cross-References: * CVE-2025-50422 CVSS scores: * CVE-2025-50422 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-50422 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-50422 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cairo fixes the following issue: * CVE-2025-50422: Poppler crash on malformed input (bsc#1247589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-716=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-716=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * cairo-tools-1.18.4-160000.3.1 * libcairo-gobject2-debuginfo-1.18.4-160000.3.1 * libcairo2-1.18.4-160000.3.1 * libcairo2-debuginfo-1.18.4-160000.3.1 * cairo-debugsource-1.18.4-160000.3.1 * cairo-tools-debuginfo-1.18.4-160000.3.1 * libcairo-script-interpreter2-debuginfo-1.18.4-160000.3.1 * libcairo-gobject2-1.18.4-160000.3.1 * cairo-devel-1.18.4-160000.3.1 * libcairo-script-interpreter2-1.18.4-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * cairo-tools-1.18.4-160000.3.1 * libcairo-gobject2-debuginfo-1.18.4-160000.3.1 * libcairo2-1.18.4-160000.3.1 * libcairo2-debuginfo-1.18.4-160000.3.1 * cairo-debugsource-1.18.4-160000.3.1 * cairo-tools-debuginfo-1.18.4-160000.3.1 * libcairo-script-interpreter2-debuginfo-1.18.4-160000.3.1 * libcairo-gobject2-1.18.4-160000.3.1 * cairo-devel-1.18.4-160000.3.1 * libcairo-script-interpreter2-1.18.4-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-50422.html * https://bugzilla.suse.com/show_bug.cgi?id=1247589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:30:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:30:56 -0000 Subject: SUSE-SU-2026:21571-1: moderate: Security update for libtpms Message-ID: <177848825611.2501.9307136322754390820@d7d34dcee2d8> # Security update for libtpms Announcement ID: SUSE-SU-2026:21571-1 Release Date: 2026-05-06T18:16:54Z Rating: moderate References: * bsc#1244528 * bsc#1260439 Cross-References: * CVE-2025-49133 * CVE-2026-21444 CVSS scores: * CVE-2025-49133 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21444 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21444 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21444 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libtpms fixes the following issues: * CVE-2025-49133: Fixed potential out of bounds (OOB) read vulnerability (bsc#1244528). * CVE-2026-21444: Fixed remote data confidentiality compromise via incorrect Initialization Vector (IV) handling (bsc#1260439). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-714=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-714=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libtpms0-0.10.0-160000.5.1 * libtpms-debugsource-0.10.0-160000.5.1 * libtpms0-debuginfo-0.10.0-160000.5.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libtpms0-0.10.0-160000.5.1 * libtpms-debugsource-0.10.0-160000.5.1 * libtpms0-debuginfo-0.10.0-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49133.html * https://www.suse.com/security/cve/CVE-2026-21444.html * https://bugzilla.suse.com/show_bug.cgi?id=1244528 * https://bugzilla.suse.com/show_bug.cgi?id=1260439 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:31:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:31:12 -0000 Subject: SUSE-SU-2026:21568-1: moderate: Security update for python-pytest Message-ID: <177848827255.2501.14306890005550383099@d7d34dcee2d8> # Security update for python-pytest Announcement ID: SUSE-SU-2026:21568-1 Release Date: 2026-05-06T13:47:19Z Rating: moderate References: * bsc#1257090 Cross-References: * CVE-2025-71176 CVSS scores: * CVE-2025-71176 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L * CVE-2025-71176 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L * CVE-2025-71176 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-pytest fixes the following issue: * CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges (bsc#1257090). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-711=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-711=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * python313-pytest-8.3.5-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * python313-pytest-8.3.5-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71176.html * https://bugzilla.suse.com/show_bug.cgi?id=1257090 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:30:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:30:51 -0000 Subject: SUSE-SU-2026:21572-1: low: Security update for iproute2 Message-ID: <177848825155.2501.16078740923002394756@d7d34dcee2d8> # Security update for iproute2 Announcement ID: SUSE-SU-2026:21572-1 Release Date: 2026-05-07T07:37:28Z Rating: low References: * bsc#1241316 * bsc#1253044 * bsc#1254324 * jsc#PED-14787 Cross-References: * CVE-2024-58251 CVSS scores: * CVE-2024-58251 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-58251 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2024-58251 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability, contains one feature and has two fixes can now be installed. ## Description: This update for iproute2 fixes the following issues: Security issues fixed: * CVE-2024-58251: terminal lock up via ANSI terminal escape sequence set in `argv[0]` (bsc#1254324). Other updates and bugfixes: * Fix package for immutable mode (jsc#PED-14787). * Add netshaper support (bsc#1253044). * Add follow-up fixes included by upstream after the 6.12 release (bsc#1241316): * Parse FQ band weights correctly * bond: fix stack smash in xstats * ip: support setting multiple features * tc: gred: fix debug print ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-715=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-715=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * iproute2-6.12-160000.3.1 * iproute2-debugsource-6.12-160000.3.1 * iproute2-debuginfo-6.12-160000.3.1 * libnetlink-devel-6.12-160000.3.1 * iproute2-arpd-6.12-160000.3.1 * iproute2-bash-completion-6.12-160000.3.1 * iproute2-arpd-debuginfo-6.12-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * iproute2-6.12-160000.3.1 * iproute2-debugsource-6.12-160000.3.1 * iproute2-debuginfo-6.12-160000.3.1 * libnetlink-devel-6.12-160000.3.1 * iproute2-arpd-6.12-160000.3.1 * iproute2-bash-completion-6.12-160000.3.1 * iproute2-arpd-debuginfo-6.12-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-58251.html * https://bugzilla.suse.com/show_bug.cgi?id=1241316 * https://bugzilla.suse.com/show_bug.cgi?id=1253044 * https://bugzilla.suse.com/show_bug.cgi?id=1254324 * https://jira.suse.com/browse/PED-14787 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:31:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:31:24 -0000 Subject: SUSE-SU-2026:21564-1: moderate: Security update for Mesa Message-ID: <177848828448.2501.9217444714474558876@d7d34dcee2d8> # Security update for Mesa Announcement ID: SUSE-SU-2026:21564-1 Release Date: 2026-05-06T10:15:45Z Rating: moderate References: * bsc#1261911 * bsc#1261998 Cross-References: * CVE-2026-40393 CVSS scores: * CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40393 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for Mesa fixes the following issue: * CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-707=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-707=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * Mesa-dri-devel-24.3.3-160000.3.1 * Mesa-libRusticlOpenCL-debuginfo-24.3.3-160000.3.1 * Mesa-libGLESv3-devel-24.3.3-160000.3.1 * Mesa-dri-24.3.3-160000.3.1 * Mesa-libva-24.3.3-160000.3.1 * Mesa-libGL-devel-24.3.3-160000.3.1 * libvdpau_r600-24.3.3-160000.3.1 * Mesa-24.3.3-160000.3.1 * libOSMesa8-debuginfo-24.3.3-160000.3.1 * Mesa-devel-24.3.3-160000.3.1 * Mesa-dri-nouveau-24.3.3-160000.3.1 * Mesa-libglapi-devel-24.3.3-160000.3.1 * libvdpau_radeonsi-24.3.3-160000.3.1 * Mesa-libEGL-devel-24.3.3-160000.3.1 * Mesa-libOpenCL-24.3.3-160000.3.1 * Mesa-libEGL1-debuginfo-24.3.3-160000.3.1 * Mesa-KHR-devel-24.3.3-160000.3.1 * Mesa-libglapi0-24.3.3-160000.3.1 * Mesa-gallium-24.3.3-160000.3.1 * libgbm-devel-24.3.3-160000.3.1 * Mesa-libGL1-debuginfo-24.3.3-160000.3.1 * Mesa-dri-debuginfo-24.3.3-160000.3.1 * libvdpau_nouveau-24.3.3-160000.3.1 * Mesa-debugsource-24.3.3-160000.3.1 * Mesa-libGLESv1_CM-devel-24.3.3-160000.3.1 * Mesa-libGLESv2-devel-24.3.3-160000.3.1 * libxatracker2-1.0.0-160000.3.1 * libOSMesa8-24.3.3-160000.3.1 * Mesa-gallium-debuginfo-24.3.3-160000.3.1 * libxatracker-devel-1.0.0-160000.3.1 * libgbm1-debuginfo-24.3.3-160000.3.1 * libOSMesa-devel-24.3.3-160000.3.1 * Mesa-drivers-debugsource-24.3.3-160000.3.1 * Mesa-libRusticlOpenCL-24.3.3-160000.3.1 * libxatracker2-debuginfo-1.0.0-160000.3.1 * Mesa-libOpenCL-debuginfo-24.3.3-160000.3.1 * Mesa-libEGL1-24.3.3-160000.3.1 * libgbm1-24.3.3-160000.3.1 * libvdpau_virtio_gpu-24.3.3-160000.3.1 * Mesa-libglapi0-debuginfo-24.3.3-160000.3.1 * Mesa-libGL1-24.3.3-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * Mesa-vulkan-overlay-debuginfo-24.3.3-160000.3.1 * libvulkan_radeon-debuginfo-24.3.3-160000.3.1 * libvulkan_intel-24.3.3-160000.3.1 * libvulkan_lvp-24.3.3-160000.3.1 * libvulkan_lvp-debuginfo-24.3.3-160000.3.1 * Mesa-vulkan-overlay-24.3.3-160000.3.1 * libvulkan_radeon-24.3.3-160000.3.1 * Mesa-libd3d-24.3.3-160000.3.1 * Mesa-libd3d-debuginfo-24.3.3-160000.3.1 * Mesa-vulkan-device-select-debuginfo-24.3.3-160000.3.1 * Mesa-vulkan-device-select-24.3.3-160000.3.1 * Mesa-libd3d-devel-24.3.3-160000.3.1 * libvulkan_intel-debuginfo-24.3.3-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le x86_64) * Mesa-dri-devel-24.3.3-160000.3.1 * Mesa-libRusticlOpenCL-debuginfo-24.3.3-160000.3.1 * Mesa-libGLESv3-devel-24.3.3-160000.3.1 * Mesa-dri-24.3.3-160000.3.1 * Mesa-libva-24.3.3-160000.3.1 * Mesa-libGL-devel-24.3.3-160000.3.1 * libvdpau_r600-24.3.3-160000.3.1 * Mesa-24.3.3-160000.3.1 * libOSMesa8-debuginfo-24.3.3-160000.3.1 * Mesa-devel-24.3.3-160000.3.1 * Mesa-dri-nouveau-24.3.3-160000.3.1 * Mesa-libglapi-devel-24.3.3-160000.3.1 * libvdpau_radeonsi-24.3.3-160000.3.1 * Mesa-libEGL-devel-24.3.3-160000.3.1 * Mesa-libOpenCL-24.3.3-160000.3.1 * Mesa-libEGL1-debuginfo-24.3.3-160000.3.1 * Mesa-KHR-devel-24.3.3-160000.3.1 * Mesa-libglapi0-24.3.3-160000.3.1 * Mesa-gallium-24.3.3-160000.3.1 * libgbm-devel-24.3.3-160000.3.1 * Mesa-libGL1-debuginfo-24.3.3-160000.3.1 * Mesa-dri-debuginfo-24.3.3-160000.3.1 * libvdpau_nouveau-24.3.3-160000.3.1 * Mesa-debugsource-24.3.3-160000.3.1 * Mesa-libGLESv1_CM-devel-24.3.3-160000.3.1 * Mesa-libGLESv2-devel-24.3.3-160000.3.1 * libxatracker2-1.0.0-160000.3.1 * libOSMesa8-24.3.3-160000.3.1 * Mesa-gallium-debuginfo-24.3.3-160000.3.1 * libxatracker-devel-1.0.0-160000.3.1 * libgbm1-debuginfo-24.3.3-160000.3.1 * libOSMesa-devel-24.3.3-160000.3.1 * Mesa-drivers-debugsource-24.3.3-160000.3.1 * Mesa-libRusticlOpenCL-24.3.3-160000.3.1 * libxatracker2-debuginfo-1.0.0-160000.3.1 * Mesa-libOpenCL-debuginfo-24.3.3-160000.3.1 * Mesa-libEGL1-24.3.3-160000.3.1 * libgbm1-24.3.3-160000.3.1 * libvdpau_virtio_gpu-24.3.3-160000.3.1 * Mesa-libglapi0-debuginfo-24.3.3-160000.3.1 * Mesa-libGL1-24.3.3-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64) * libvulkan_freedreno-debuginfo-24.3.3-160000.3.1 * Mesa-dri-vc4-24.3.3-160000.3.1 * libvulkan_broadcom-debuginfo-24.3.3-160000.3.1 * libvulkan_freedreno-24.3.3-160000.3.1 * libvulkan_broadcom-24.3.3-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * Mesa-vulkan-overlay-debuginfo-24.3.3-160000.3.1 * libvulkan_radeon-debuginfo-24.3.3-160000.3.1 * libvulkan_lvp-24.3.3-160000.3.1 * Mesa-vulkan-overlay-24.3.3-160000.3.1 * libvulkan_radeon-24.3.3-160000.3.1 * Mesa-vulkan-device-select-debuginfo-24.3.3-160000.3.1 * Mesa-vulkan-device-select-24.3.3-160000.3.1 * libvulkan_lvp-debuginfo-24.3.3-160000.3.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libvulkan_intel-24.3.3-160000.3.1 * Mesa-libd3d-24.3.3-160000.3.1 * Mesa-libd3d-debuginfo-24.3.3-160000.3.1 * Mesa-libd3d-devel-24.3.3-160000.3.1 * libvulkan_intel-debuginfo-24.3.3-160000.3.1 * SUSE Linux Enterprise Server 16.0 (s390x) * Mesa-libGLESv2-devel-24.1.7-160000.3.1 * libgbm1-24.1.7-160000.3.1 * Mesa-libglapi0-debuginfo-24.1.7-160000.3.1 * Mesa-devel-24.1.7-160000.3.1 * Mesa-libGL-devel-24.1.7-160000.3.1 * Mesa-libEGL1-24.1.7-160000.3.1 * Mesa-libglapi0-24.1.7-160000.3.1 * libgbm-devel-24.1.7-160000.3.1 * Mesa-drivers-debugsource-24.1.7-160000.3.1 * Mesa-24.1.7-160000.3.1 * Mesa-libEGL1-debuginfo-24.1.7-160000.3.1 * Mesa-dri-debuginfo-24.1.7-160000.3.1 * libgbm1-debuginfo-24.1.7-160000.3.1 * Mesa-libGL1-24.1.7-160000.3.1 * libOSMesa8-24.1.7-160000.3.1 * Mesa-debugsource-24.1.7-160000.3.1 * Mesa-dri-24.1.7-160000.3.1 * Mesa-libglapi-devel-24.1.7-160000.3.1 * Mesa-KHR-devel-24.1.7-160000.3.1 * libOSMesa8-debuginfo-24.1.7-160000.3.1 * Mesa-libGL1-debuginfo-24.1.7-160000.3.1 * Mesa-libGLESv1_CM-devel-24.1.7-160000.3.1 * Mesa-libEGL-devel-24.1.7-160000.3.1 * Mesa-libGLESv3-devel-24.1.7-160000.3.1 * libOSMesa-devel-24.1.7-160000.3.1 * Mesa-dri-devel-24.1.7-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40393.html * https://bugzilla.suse.com/show_bug.cgi?id=1261911 * https://bugzilla.suse.com/show_bug.cgi?id=1261998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:32:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:32:03 -0000 Subject: SUSE-SU-2026:21560-1: important: Security update for distribution Message-ID: <177848832355.2501.12619234202082623477@d7d34dcee2d8> # Security update for distribution Announcement ID: SUSE-SU-2026:21560-1 Release Date: 2026-05-06T00:34:11Z Rating: important References: * bsc#1259718 * bsc#1260283 * bsc#1261793 * bsc#1262096 * bsc#1262951 * jsc#PED-14747 Cross-References: * CVE-2026-33186 * CVE-2026-33540 * CVE-2026-34986 * CVE-2026-35172 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33540 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-33540 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35172 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-35172 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves four vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for distribution fixes the following issues Security issues: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260283). * CVE-2026-33540: information disclosure via improper validation of authentication realm URL (bsc#1261793). * CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service (bsc#1262951). * CVE-2026-35172: information disclosure via stale references after content deletion (bsc#1262096). Non security issues: * add distribution-registry.tmpfiles (jsc#PED-14747). * distribution builds against go1.24 EOL (bsc#1259718). Changes for distribution: * update to 3.1.0 * Adds support for tag pagination * Fixes default credentials in Azure storage provider * Drops support for go1.23 and go1.24 and updates to go1.25 * See the full changelog below for the full list of changes. * docs: Update to refer to new image tag v3 * Fix default_credentials in azure storage provider * chore: make function comment match function name * build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group across 1 directory * fix: implement JWK thumbprint for Ed25519 public keys * fix: Annotate code block from validation.indexes configuration docs * feat: extract redis config to separate struct * Fix: resolve issue #4478 by using a temporary file for non- append writes * build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 * docs: Add note about `OTEL_TRACES_EXPORTER` * fix: set OTEL traces to disabled by default * Fix markdown syntax for OTEL traces link in docs * Switch UUIDs to UUIDv7 * refactor: replace map iteration with maps.Copy/Clone * s3-aws: fix build for 386 * docs: Add OpenTelemetry links to quickstart docs * Fix S3 driver loglevel param * Fixed data race in TestSchedule test * Fixes #4683 - uses X/Y instead of Gx/Gy for thumbprint of ecdsa keys * build(deps): bump actions/checkout from 4 to 5 * Fix broken link to Docker Hub fair use policy * fix(registry/handlers/app): redis CAs * build(deps): bump actions/labeler from 5 to 6 * build(deps): bump actions/setup-go from 5 to 6 * build(deps): bump actions/upload-pages-artifact from 3 to 4 * build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 * build(deps): bump github/codeql-action from 3.26.5 to 4.30.7 * build(deps): bump github/codeql-action from 4.30.7 to 4.30.8 * chore: labeler: add area/client mapping for internal/client/** * client: add Accept headers to Exists() HEAD * feat(registry): Make graceful shutdown test robust * fix(registry): Correct log formatting for upstream challenge * build(deps): bump github/codeql-action from 4.30.8 to 4.30.9 * build(deps): bump github/codeql-action from 4.30.9 to 4.31.3 * refactor: remove redundant variable declarations in for loops * "should" -> "must" regarding redis eviction policy * build(deps): bump actions/checkout from 5 to 6 * Incorrect warning hint * Add return error when list object * build(deps): bump actions/checkout from 5.0.1 to 6.0.0 * build(deps): bump peter-evans/dockerhub-description from 4 to 5 * fix: Logging regression for manifest HEAD requests * Add boolean parsing util * Expose `useFIPSEndpoint` for S3 * Add Cloudfleet Container Registry to adopters * fix(ci): Fix broken Azure e2e storage tests * BUG: Fix notification filtering to work with actions when mediatypes is empty * build(deps): bump actions/checkout from 6.0.0 to 6.0.1 * build(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 * build(deps): bump github/codeql-action from 4.31.3 to 4.31.10 * build(deps): bump github/codeql-action from 4.31.10 to 4.32.2 * build(deps): bump actions/checkout from 6.0.1 to 6.0.2 * update golangci-lint to v2.9 and fix linting issues * update to go1.25.7, alpine 3.23, xx v1.9.0 * vendor: github.com/sirupsen/logrus v1.9.4 * vendor: update golang.org/x/* dependencies * vendor: github.com/docker/docker-credential-helpers v0.9.5 * vendor: github.com/opencontainers/image-spec v1.1.1 * vendor: github.com/klauspost/compress v1.18.4 * fix: prefer otel variables over hard coded service name * vendor: github.com/spf13/cobra v1.10.2 * vendor: github.com/bshuster-repo/logrus-logstash-hook v1.1.0 * fix: sync parent dir to ensure data is reliably stored * modernize code * vendor: github.com/docker/go-events 605354379745 * vendor: github.com/go-jose/go-jose/v4 v4.1.3 * build(deps): bump github/codeql-action from 4.32.2 to 4.32.5 * build(deps): bump docker/login-action from 3 to 4 * build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 * build(deps): bump docker/setup-buildx-action from 3 to 4 * build(deps): bump docker/bake-action from 6 to 7 * build(deps): bump docker/metadata-action from 5 to 6 * fix: nil-check scheduler in `proxyingRegistry.Close()` * fix: set MD5 on GCS writer before first `Write` call in `putContent` * docs: pull through cache will pull from remote multiple times * Update s3.md regionendpoint option * chore(deps): Bump Go to latest 1.25 in CI workflows and go.mod * fix: correct Ed25519 JWK thumbprint `kty` from `"OTP"` to `"OKP"` * Update vacuum.go * Opt: refector tag list pagination support (stage 1) * Correctly match environment variables to YAML-inlined structs in configuration * Enable Redis TLS without client certificates * build(deps): bump actions/deploy-pages from 4 to 5 * build(deps): bump github/codeql-action from 4.32.5 to 4.34.1 * fix(registry/proxy): use detached context when flushing write buffer * ci: pin actions and apply zizmor auto-fixes * build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 * build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in the go_modules group across 1 directory * chore(app): warn when partial TLS config is used in Redis * feat(registry): enhance authentication checks in htpasswd implementation * Opt: refactor tag list pagination support * build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 * build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 * fix(vendor): fix broke vendor validation * chore(ci): Prep for v3.1 release * Update to version 3.1.0: * fix(vendor): fix broke vendpor validation * fix redis repo-scoped blob descriptor revocation * proxy: bind bearer realms to upstream trust boundary * restore directory ownership after last change * Move config files in systemd tmpfiles dir for immutable mode ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-703=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-703=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * distribution-registry-3.1.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * distribution-registry-3.1.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://www.suse.com/security/cve/CVE-2026-33540.html * https://www.suse.com/security/cve/CVE-2026-34986.html * https://www.suse.com/security/cve/CVE-2026-35172.html * https://bugzilla.suse.com/show_bug.cgi?id=1259718 * https://bugzilla.suse.com/show_bug.cgi?id=1260283 * https://bugzilla.suse.com/show_bug.cgi?id=1261793 * https://bugzilla.suse.com/show_bug.cgi?id=1262096 * https://bugzilla.suse.com/show_bug.cgi?id=1262951 * https://jira.suse.com/browse/PED-14747 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:31:38 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:31:38 -0000 Subject: SUSE-SU-2026:21563-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177848829831.2501.17032631564375206252@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21563-1 Release Date: 2026-05-06T09:35:23Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-706=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-706=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_7-default-7-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-7-160000.1.1 * kernel-livepatch-SLE16_Update_2-debugsource-7-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_7-default-7-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-7-160000.1.1 * kernel-livepatch-SLE16_Update_2-debugsource-7-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:31:50 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:31:50 -0000 Subject: SUSE-SU-2026:21562-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177848831097.2501.18391964414535352487@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21562-1 Release Date: 2026-05-06T09:16:11Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-705=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-705=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-9-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-9-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-9-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-9-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-9-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-9-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:32:55 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:32:55 -0000 Subject: SUSE-SU-2026:21559-1: important: Security update for wireshark Message-ID: <177848837547.2501.5533343772251357732@d7d34dcee2d8> # Security update for wireshark Announcement ID: SUSE-SU-2026:21559-1 Release Date: 2026-05-06T00:08:30Z Rating: important References: * bsc#1258907 * bsc#1258909 * bsc#1263726 * bsc#1263728 * bsc#1263729 * bsc#1263731 * bsc#1263732 * bsc#1263733 * bsc#1263734 * bsc#1263735 * bsc#1263736 * bsc#1263737 * bsc#1263739 * bsc#1263741 * bsc#1263742 * bsc#1263743 * bsc#1263744 * bsc#1263745 * bsc#1263746 * bsc#1263747 * bsc#1263749 * bsc#1263750 * bsc#1263751 * bsc#1263752 * bsc#1263753 * bsc#1263754 * bsc#1263756 * bsc#1263757 * bsc#1263762 * bsc#1263765 * bsc#1263766 * bsc#1263767 * bsc#1263809 Cross-References: * CVE-2026-3201 * CVE-2026-3203 * CVE-2026-5299 * CVE-2026-5401 * CVE-2026-5403 * CVE-2026-5404 * CVE-2026-5405 * CVE-2026-5406 * CVE-2026-5407 * CVE-2026-5408 * CVE-2026-5409 * CVE-2026-5653 * CVE-2026-5654 * CVE-2026-5656 * CVE-2026-5657 * CVE-2026-6519 * CVE-2026-6520 * CVE-2026-6521 * CVE-2026-6522 * CVE-2026-6523 * CVE-2026-6524 * CVE-2026-6527 * CVE-2026-6529 * CVE-2026-6530 * CVE-2026-6531 * CVE-2026-6532 * CVE-2026-6533 * CVE-2026-6534 * CVE-2026-6535 * CVE-2026-6537 * CVE-2026-6538 * CVE-2026-6868 * CVE-2026-6869 CVSS scores: * CVE-2026-3201 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3201 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3201 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-3203 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3203 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3203 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5299 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5299 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5401 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5401 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5403 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5403 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5404 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5404 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5404 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5405 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5405 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5406 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5406 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5407 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5407 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5408 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5408 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5409 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5653 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5653 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5653 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5654 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5654 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5654 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5656 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5656 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5656 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5657 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5657 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5657 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6519 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6519 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6520 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6520 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6521 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6521 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6522 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6522 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6523 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6524 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6524 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6527 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6527 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6529 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6529 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6530 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6531 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6532 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6533 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6533 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6534 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6534 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6535 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6537 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6537 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6538 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6538 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6868 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6868 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6869 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6869 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 33 vulnerabilities can now be installed. ## Description: This update for wireshark fixes the following issues * CVE-2026-3201: missing limit checks in USB HID protocol dissector's `parse_report_descriptor` function can lead to memory exhaustion (bsc#1258907). * CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and crash (bsc#1258909). * CVE-2026-5299: ICMPv6 dissector crash (bsc#1263757). * CVE-2026-5401: AFP dissector crash (bsc#1263756). * CVE-2026-5403: SBC audio codec crash (bsc#1263765). * CVE-2026-5404: K12 RF5 file parser crash (bsc#1263766). * CVE-2026-5405: RDP dissector crash (bsc#1263767). * CVE-2026-5406: FC-SWILS dissector crash (bsc#1263754). * CVE-2026-5407: SMB2 dissector infinite loop (bsc#1263753). * CVE-2026-5408: BT-DHT dissector crash (bsc#1263752). * CVE-2026-5409: Monero dissector crash (bsc#1263751). * CVE-2026-5653: DCP-ETSI dissector crash (bsc#1263750). * CVE-2026-5654: AMR-NB audio codec crash (bsc#1263749). * CVE-2026-5656: Profile import crash and possible code execution (bsc#1263809). * CVE-2026-5657: iLBC audio codec crash (bsc#1263747). * CVE-2026-6519: MBIM protocol dissector infinite loop (bsc#1263746). * CVE-2026-6520: OpenFlow v6 protocol dissector infinite loop (bsc#1263745). * CVE-2026-6521: OpenFlow v5 protocol dissector infinite loops (bsc#1263744). * CVE-2026-6522: RPKI-Router protocol dissector infinite loop (bsc#1263743). * CVE-2026-6523: GNW protocol dissector infinite loop (bsc#1263742). * CVE-2026-6524: MySQL protocol dissector crash (bsc#1263741). * CVE-2026-6527: ASN.1 PER dissector crash (bsc#1263739). * CVE-2026-6529: iLBC audio codec crash (bsc#1263737). * CVE-2026-6530: DCP-ETSI protocol dissector crash (bsc#1263736). * CVE-2026-6531: SANE protocol dissector infinite loop (bsc#1263735). * CVE-2026-6532: Kismet protocol dissector crash (bsc#1263734). * CVE-2026-6533: Dissection engine LZ77 decompression crash (bsc#1263733). * CVE-2026-6534: USB HID dissector infinite loop (bsc#1263732). * CVE-2026-6535: Dissection engine zlib decompression crash (bsc#1263731). * CVE-2026-6537: ZigBee dissector crash (bsc#1263729). * CVE-2026-6538: BEEP dissector crash (bsc#1263728). * CVE-2026-6868: HTTP protocol dissector crash (bsc#1263762). * CVE-2026-6869: WebSocket protocol dissector crash (bsc#1263726). Changes for wireshark: * Updated to 4.4.15 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-702=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-702=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libwsutil16-debuginfo-4.4.15-160000.1.1 * wireshark-debuginfo-4.4.15-160000.1.1 * libwiretap15-debuginfo-4.4.15-160000.1.1 * wireshark-debugsource-4.4.15-160000.1.1 * wireshark-ui-qt-4.4.15-160000.1.1 * libwireshark18-debuginfo-4.4.15-160000.1.1 * libwsutil16-4.4.15-160000.1.1 * libwireshark18-4.4.15-160000.1.1 * wireshark-ui-qt-debuginfo-4.4.15-160000.1.1 * wireshark-devel-4.4.15-160000.1.1 * libwiretap15-4.4.15-160000.1.1 * wireshark-4.4.15-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libwsutil16-debuginfo-4.4.15-160000.1.1 * wireshark-debuginfo-4.4.15-160000.1.1 * libwiretap15-debuginfo-4.4.15-160000.1.1 * wireshark-debugsource-4.4.15-160000.1.1 * wireshark-ui-qt-4.4.15-160000.1.1 * libwireshark18-debuginfo-4.4.15-160000.1.1 * libwsutil16-4.4.15-160000.1.1 * libwireshark18-4.4.15-160000.1.1 * wireshark-ui-qt-debuginfo-4.4.15-160000.1.1 * wireshark-devel-4.4.15-160000.1.1 * libwiretap15-4.4.15-160000.1.1 * wireshark-4.4.15-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3201.html * https://www.suse.com/security/cve/CVE-2026-3203.html * https://www.suse.com/security/cve/CVE-2026-5299.html * https://www.suse.com/security/cve/CVE-2026-5401.html * https://www.suse.com/security/cve/CVE-2026-5403.html * https://www.suse.com/security/cve/CVE-2026-5404.html * https://www.suse.com/security/cve/CVE-2026-5405.html * https://www.suse.com/security/cve/CVE-2026-5406.html * https://www.suse.com/security/cve/CVE-2026-5407.html * https://www.suse.com/security/cve/CVE-2026-5408.html * https://www.suse.com/security/cve/CVE-2026-5409.html * https://www.suse.com/security/cve/CVE-2026-5653.html * https://www.suse.com/security/cve/CVE-2026-5654.html * https://www.suse.com/security/cve/CVE-2026-5656.html * https://www.suse.com/security/cve/CVE-2026-5657.html * https://www.suse.com/security/cve/CVE-2026-6519.html * https://www.suse.com/security/cve/CVE-2026-6520.html * https://www.suse.com/security/cve/CVE-2026-6521.html * https://www.suse.com/security/cve/CVE-2026-6522.html * https://www.suse.com/security/cve/CVE-2026-6523.html * https://www.suse.com/security/cve/CVE-2026-6524.html * https://www.suse.com/security/cve/CVE-2026-6527.html * https://www.suse.com/security/cve/CVE-2026-6529.html * https://www.suse.com/security/cve/CVE-2026-6530.html * https://www.suse.com/security/cve/CVE-2026-6531.html * https://www.suse.com/security/cve/CVE-2026-6532.html * https://www.suse.com/security/cve/CVE-2026-6533.html * https://www.suse.com/security/cve/CVE-2026-6534.html * https://www.suse.com/security/cve/CVE-2026-6535.html * https://www.suse.com/security/cve/CVE-2026-6537.html * https://www.suse.com/security/cve/CVE-2026-6538.html * https://www.suse.com/security/cve/CVE-2026-6868.html * https://www.suse.com/security/cve/CVE-2026-6869.html * https://bugzilla.suse.com/show_bug.cgi?id=1258907 * https://bugzilla.suse.com/show_bug.cgi?id=1258909 * https://bugzilla.suse.com/show_bug.cgi?id=1263726 * https://bugzilla.suse.com/show_bug.cgi?id=1263728 * https://bugzilla.suse.com/show_bug.cgi?id=1263729 * https://bugzilla.suse.com/show_bug.cgi?id=1263731 * https://bugzilla.suse.com/show_bug.cgi?id=1263732 * https://bugzilla.suse.com/show_bug.cgi?id=1263733 * https://bugzilla.suse.com/show_bug.cgi?id=1263734 * https://bugzilla.suse.com/show_bug.cgi?id=1263735 * https://bugzilla.suse.com/show_bug.cgi?id=1263736 * https://bugzilla.suse.com/show_bug.cgi?id=1263737 * https://bugzilla.suse.com/show_bug.cgi?id=1263739 * https://bugzilla.suse.com/show_bug.cgi?id=1263741 * https://bugzilla.suse.com/show_bug.cgi?id=1263742 * https://bugzilla.suse.com/show_bug.cgi?id=1263743 * https://bugzilla.suse.com/show_bug.cgi?id=1263744 * https://bugzilla.suse.com/show_bug.cgi?id=1263745 * https://bugzilla.suse.com/show_bug.cgi?id=1263746 * https://bugzilla.suse.com/show_bug.cgi?id=1263747 * https://bugzilla.suse.com/show_bug.cgi?id=1263749 * https://bugzilla.suse.com/show_bug.cgi?id=1263750 * https://bugzilla.suse.com/show_bug.cgi?id=1263751 * https://bugzilla.suse.com/show_bug.cgi?id=1263752 * https://bugzilla.suse.com/show_bug.cgi?id=1263753 * https://bugzilla.suse.com/show_bug.cgi?id=1263754 * https://bugzilla.suse.com/show_bug.cgi?id=1263756 * https://bugzilla.suse.com/show_bug.cgi?id=1263757 * https://bugzilla.suse.com/show_bug.cgi?id=1263762 * https://bugzilla.suse.com/show_bug.cgi?id=1263765 * https://bugzilla.suse.com/show_bug.cgi?id=1263766 * https://bugzilla.suse.com/show_bug.cgi?id=1263767 * https://bugzilla.suse.com/show_bug.cgi?id=1263809 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:33:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:33:03 -0000 Subject: SUSE-SU-2026:21558-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16) Message-ID: <177848838344.2501.8733091293323282382@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21558-1 Release Date: 2026-05-05T22:36:52Z Rating: important References: * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues The following security issues were fixed: * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-699=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-699=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_27-default-debuginfo-3-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-3-160000.1.1 * kernel-livepatch-SLE16_Update_6-debugsource-3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_27-default-debuginfo-3-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-3-160000.1.1 * kernel-livepatch-SLE16_Update_6-debugsource-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:33:14 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:33:14 -0000 Subject: SUSE-SU-2026:21557-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177848839401.2501.4617130179895972982@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21557-1 Release Date: 2026-05-05T20:04:45Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-694=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-694=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_26-default-4-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-debuginfo-4-160000.1.1 * kernel-livepatch-SLE16_Update_5-debugsource-4-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_26-default-4-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-debuginfo-4-160000.1.1 * kernel-livepatch-SLE16_Update_5-debugsource-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:33:20 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:33:20 -0000 Subject: SUSE-SU-2026:21556-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 16) Message-ID: <177848840024.2501.10330500636400125381@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21556-1 Release Date: 2026-05-05T20:01:32Z Rating: important References: * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.28.1 fixes various security issues The following security issues were fixed: * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-693=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-693=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_7-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_28-default-debuginfo-2-160000.1.1 * kernel-livepatch-6_12_0-160000_28-default-2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_7-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_28-default-debuginfo-2-160000.1.1 * kernel-livepatch-6_12_0-160000_28-default-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:33:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:33:33 -0000 Subject: SUSE-SU-2026:21555-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177848841343.2501.15568337775905220291@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21555-1 Release Date: 2026-05-05T19:50:41Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-692=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-692=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_0-debugsource-11-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-11-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-11-160000.4.3 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_0-debugsource-11-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-11-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-11-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:33:46 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:33:46 -0000 Subject: SUSE-SU-2026:21554-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177848842600.2501.13209379781232105779@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21554-1 Release Date: 2026-05-05T19:49:32Z Rating: important References: * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-691=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-691=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_9-default-debuginfo-5-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-5-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_9-default-debuginfo-5-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:33:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:33:49 -0000 Subject: SUSE-SU-2026:21553-1: moderate: Security update for opencc Message-ID: <177848842929.2501.7042574573585570037@d7d34dcee2d8> # Security update for opencc Announcement ID: SUSE-SU-2026:21553-1 Release Date: 2026-05-05T15:14:33Z Rating: moderate References: * bsc#1256930 Cross-References: * CVE-2025-15536 CVSS scores: * CVE-2025-15536 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-15536 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2025-15536 ( NVD ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15536 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-15536 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for opencc fixes the following issues: Update to version 1.2.0. Security issues fixed: * CVE-2025-15536: specifically crafted string can lead to out-of-bounds read (bsc#1256930). Other updates and bugfixes: * Version 1.2.0: * Fix the crash issue when reading configuration files. * Add type definitions (Typing). * Fix two out-of-bounds reading issues when handling truncated UTF-8 input. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-686=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-686=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libopencc1_2-1.2.0-160000.1.1 * libopencc1_2-debuginfo-1.2.0-160000.1.1 * opencc-data-1.2.0-160000.1.1 * opencc-debuginfo-1.2.0-160000.1.1 * opencc-debugsource-1.2.0-160000.1.1 * opencc-devel-1.2.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libopencc1_2-1.2.0-160000.1.1 * libopencc1_2-debuginfo-1.2.0-160000.1.1 * opencc-data-1.2.0-160000.1.1 * opencc-debuginfo-1.2.0-160000.1.1 * opencc-debugsource-1.2.0-160000.1.1 * opencc-devel-1.2.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15536.html * https://bugzilla.suse.com/show_bug.cgi?id=1256930 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:34:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:34:02 -0000 Subject: SUSE-SU-2026:21552-1: important: Security update for java-17-openjdk Message-ID: <177848844214.2501.10206214856548303862@d7d34dcee2d8> # Security update for java-17-openjdk Announcement ID: SUSE-SU-2026:21552-1 Release Date: 2026-05-05T15:12:06Z Rating: important References: * bsc#1259118 * bsc#1262490 * bsc#1262494 * bsc#1262495 * bsc#1262496 * bsc#1262497 * bsc#1262500 * bsc#1262501 * jsc#PED-15898 Cross-References: * CVE-2026-22007 * CVE-2026-22013 * CVE-2026-22016 * CVE-2026-22018 * CVE-2026-22021 * CVE-2026-23865 * CVE-2026-34268 * CVE-2026-34282 CVSS scores: * CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22007 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22013 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22013 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22016 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22018 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-23865 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34268 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34282 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves eight vulnerabilities and contains one feature can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.19+10 (April 2026 CPU). Security issues fixed: * CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). * CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). * CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). * CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). * CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). * CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). * CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). * CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: * Provide the timezone-java and tzdata-java (jsc#PED-15898). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-683=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-683=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * java-17-openjdk-jmods-17.0.19.0-160000.1.1 * java-17-openjdk-src-17.0.19.0-160000.1.1 * java-17-openjdk-demo-17.0.19.0-160000.1.1 * java-17-openjdk-devel-debuginfo-17.0.19.0-160000.1.1 * java-17-openjdk-17.0.19.0-160000.1.1 * java-17-openjdk-headless-17.0.19.0-160000.1.1 * java-17-openjdk-debuginfo-17.0.19.0-160000.1.1 * java-17-openjdk-devel-17.0.19.0-160000.1.1 * java-17-openjdk-headless-debuginfo-17.0.19.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * java-17-openjdk-javadoc-17.0.19.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-jmods-17.0.19.0-160000.1.1 * java-17-openjdk-src-17.0.19.0-160000.1.1 * java-17-openjdk-demo-17.0.19.0-160000.1.1 * java-17-openjdk-devel-debuginfo-17.0.19.0-160000.1.1 * java-17-openjdk-17.0.19.0-160000.1.1 * java-17-openjdk-headless-17.0.19.0-160000.1.1 * java-17-openjdk-debuginfo-17.0.19.0-160000.1.1 * java-17-openjdk-devel-17.0.19.0-160000.1.1 * java-17-openjdk-headless-debuginfo-17.0.19.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * java-17-openjdk-javadoc-17.0.19.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22007.html * https://www.suse.com/security/cve/CVE-2026-22013.html * https://www.suse.com/security/cve/CVE-2026-22016.html * https://www.suse.com/security/cve/CVE-2026-22018.html * https://www.suse.com/security/cve/CVE-2026-22021.html * https://www.suse.com/security/cve/CVE-2026-23865.html * https://www.suse.com/security/cve/CVE-2026-34268.html * https://www.suse.com/security/cve/CVE-2026-34282.html * https://bugzilla.suse.com/show_bug.cgi?id=1259118 * https://bugzilla.suse.com/show_bug.cgi?id=1262490 * https://bugzilla.suse.com/show_bug.cgi?id=1262494 * https://bugzilla.suse.com/show_bug.cgi?id=1262495 * https://bugzilla.suse.com/show_bug.cgi?id=1262496 * https://bugzilla.suse.com/show_bug.cgi?id=1262497 * https://bugzilla.suse.com/show_bug.cgi?id=1262500 * https://bugzilla.suse.com/show_bug.cgi?id=1262501 * https://jira.suse.com/browse/PED-15898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:34:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:34:16 -0000 Subject: SUSE-SU-2026:21551-1: important: Security update for java-21-openjdk Message-ID: <177848845651.2501.34887555809420304@d7d34dcee2d8> # Security update for java-21-openjdk Announcement ID: SUSE-SU-2026:21551-1 Release Date: 2026-05-05T15:10:02Z Rating: important References: * bsc#1259118 * bsc#1262490 * bsc#1262494 * bsc#1262495 * bsc#1262496 * bsc#1262497 * bsc#1262500 * bsc#1262501 * jsc#PED-15898 Cross-References: * CVE-2026-22007 * CVE-2026-22013 * CVE-2026-22016 * CVE-2026-22018 * CVE-2026-22021 * CVE-2026-23865 * CVE-2026-34268 * CVE-2026-34282 CVSS scores: * CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22007 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22013 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22013 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22016 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22018 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-23865 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34268 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34282 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves eight vulnerabilities and contains one feature can now be installed. ## Description: This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.11+10 (April 2026 CPU). Security issues fixed: * CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). * CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). * CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). * CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). * CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). * CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). * CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). * CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: * Provide the timezone-java and tzdata-java (jsc#PED-15898). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-684=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-684=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * java-21-openjdk-debuginfo-21.0.11.0-160000.1.1 * java-21-openjdk-21.0.11.0-160000.1.1 * java-21-openjdk-src-21.0.11.0-160000.1.1 * java-21-openjdk-jmods-21.0.11.0-160000.1.1 * java-21-openjdk-headless-21.0.11.0-160000.1.1 * java-21-openjdk-headless-debuginfo-21.0.11.0-160000.1.1 * java-21-openjdk-devel-21.0.11.0-160000.1.1 * java-21-openjdk-devel-debuginfo-21.0.11.0-160000.1.1 * java-21-openjdk-demo-21.0.11.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * java-21-openjdk-javadoc-21.0.11.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * java-21-openjdk-debuginfo-21.0.11.0-160000.1.1 * java-21-openjdk-21.0.11.0-160000.1.1 * java-21-openjdk-src-21.0.11.0-160000.1.1 * java-21-openjdk-jmods-21.0.11.0-160000.1.1 * java-21-openjdk-headless-21.0.11.0-160000.1.1 * java-21-openjdk-headless-debuginfo-21.0.11.0-160000.1.1 * java-21-openjdk-devel-21.0.11.0-160000.1.1 * java-21-openjdk-devel-debuginfo-21.0.11.0-160000.1.1 * java-21-openjdk-demo-21.0.11.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * java-21-openjdk-javadoc-21.0.11.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22007.html * https://www.suse.com/security/cve/CVE-2026-22013.html * https://www.suse.com/security/cve/CVE-2026-22016.html * https://www.suse.com/security/cve/CVE-2026-22018.html * https://www.suse.com/security/cve/CVE-2026-22021.html * https://www.suse.com/security/cve/CVE-2026-23865.html * https://www.suse.com/security/cve/CVE-2026-34268.html * https://www.suse.com/security/cve/CVE-2026-34282.html * https://bugzilla.suse.com/show_bug.cgi?id=1259118 * https://bugzilla.suse.com/show_bug.cgi?id=1262490 * https://bugzilla.suse.com/show_bug.cgi?id=1262494 * https://bugzilla.suse.com/show_bug.cgi?id=1262495 * https://bugzilla.suse.com/show_bug.cgi?id=1262496 * https://bugzilla.suse.com/show_bug.cgi?id=1262497 * https://bugzilla.suse.com/show_bug.cgi?id=1262500 * https://bugzilla.suse.com/show_bug.cgi?id=1262501 * https://jira.suse.com/browse/PED-15898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:34:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:34:34 -0000 Subject: SUSE-SU-2026:21550-1: moderate: Security update for frr Message-ID: <177848847423.2501.15887717973311832390@d7d34dcee2d8> # Security update for frr Announcement ID: SUSE-SU-2026:21550-1 Release Date: 2026-05-05T14:30:54Z Rating: moderate References: * bsc#1252761 * bsc#1252810 * bsc#1252811 * bsc#1252812 * bsc#1252813 * bsc#1252829 * bsc#1252833 * bsc#1252835 * bsc#1252838 * bsc#1261013 * jsc#PED-14796 * jsc#PED-266 Cross-References: * CVE-2025-61099 * CVE-2025-61100 * CVE-2025-61101 * CVE-2025-61102 * CVE-2025-61103 * CVE-2025-61104 * CVE-2025-61105 * CVE-2025-61106 * CVE-2025-61107 * CVE-2026-5107 CVSS scores: * CVE-2025-61099 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61099 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61099 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61100 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61100 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61100 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61101 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61101 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61101 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61102 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61102 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61102 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61103 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61103 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61103 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61104 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61104 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61104 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61105 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61105 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61105 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61106 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61106 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61106 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61107 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61107 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61107 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5107 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-5107 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2026-5107 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-5107 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2026-5107 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 10 vulnerabilities and contains two features can now be installed. ## Description: This update for frr fixes the following issues: Security issues: * CVE-2025-61099: NULL Pointer Dereference in FRRouting (bsc#1252838). * CVE-2025-61100: NULL Pointer Dereference in FRRouting (bsc#1252829). * CVE-2025-61101: NULL Pointer Dereference in FRRouting (bsc#1252833). * CVE-2025-61102: NULL Pointer Dereference in FRRouting (bsc#1252835). * CVE-2025-61103: NULL pointer dereference in show_vty_ext_link_lan_adj_sid() in ospf_ext.c (bsc#1252810). * CVE-2025-61104: NULL pointer dereference in show_vty_unknown_tlv() in ospf_ext.c (bsc#1252811). * CVE-2025-61105: FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c (bsc#1252761). * CVE-2025-61106: NULL pointer dereference in show_vty_ext_pref_pref_sid() in ospf_ext.c (bsc#1252812). * CVE-2025-61107: NULL pointer dereference in show_vty_ext_pref_pref_sid() in ospf_ext.c (bsc#1252813). * CVE-2026-5107: A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper a (bsc#1261013). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-685=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-685=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libfrrzmq0-10.2.1-160000.3.1 * libfrrsnmp0-debuginfo-10.2.1-160000.3.1 * frr-10.2.1-160000.3.1 * frr-debugsource-10.2.1-160000.3.1 * frr-devel-10.2.1-160000.3.1 * libfrr_pb0-debuginfo-10.2.1-160000.3.1 * libfrrsnmp0-10.2.1-160000.3.1 * libmgmt_be_nb0-debuginfo-10.2.1-160000.3.1 * libfrr0-10.2.1-160000.3.1 * libfrr0-debuginfo-10.2.1-160000.3.1 * libfrr_pb0-10.2.1-160000.3.1 * libfrrfpm_pb0-debuginfo-10.2.1-160000.3.1 * libfrrfpm_pb0-10.2.1-160000.3.1 * libfrrospfapiclient0-10.2.1-160000.3.1 * frr-debuginfo-10.2.1-160000.3.1 * libfrrospfapiclient0-debuginfo-10.2.1-160000.3.1 * libfrrzmq0-debuginfo-10.2.1-160000.3.1 * libmgmt_be_nb0-10.2.1-160000.3.1 * libfrrcares0-10.2.1-160000.3.1 * libfrrcares0-debuginfo-10.2.1-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libfrrzmq0-10.2.1-160000.3.1 * libfrrsnmp0-debuginfo-10.2.1-160000.3.1 * frr-10.2.1-160000.3.1 * frr-debugsource-10.2.1-160000.3.1 * frr-devel-10.2.1-160000.3.1 * libfrr_pb0-debuginfo-10.2.1-160000.3.1 * libfrrsnmp0-10.2.1-160000.3.1 * libmgmt_be_nb0-debuginfo-10.2.1-160000.3.1 * libfrr0-10.2.1-160000.3.1 * libfrr0-debuginfo-10.2.1-160000.3.1 * libfrr_pb0-10.2.1-160000.3.1 * libfrrfpm_pb0-debuginfo-10.2.1-160000.3.1 * libfrrfpm_pb0-10.2.1-160000.3.1 * libfrrospfapiclient0-10.2.1-160000.3.1 * frr-debuginfo-10.2.1-160000.3.1 * libfrrospfapiclient0-debuginfo-10.2.1-160000.3.1 * libfrrzmq0-debuginfo-10.2.1-160000.3.1 * libmgmt_be_nb0-10.2.1-160000.3.1 * libfrrcares0-10.2.1-160000.3.1 * libfrrcares0-debuginfo-10.2.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61099.html * https://www.suse.com/security/cve/CVE-2025-61100.html * https://www.suse.com/security/cve/CVE-2025-61101.html * https://www.suse.com/security/cve/CVE-2025-61102.html * https://www.suse.com/security/cve/CVE-2025-61103.html * https://www.suse.com/security/cve/CVE-2025-61104.html * https://www.suse.com/security/cve/CVE-2025-61105.html * https://www.suse.com/security/cve/CVE-2025-61106.html * https://www.suse.com/security/cve/CVE-2025-61107.html * https://www.suse.com/security/cve/CVE-2026-5107.html * https://bugzilla.suse.com/show_bug.cgi?id=1252761 * https://bugzilla.suse.com/show_bug.cgi?id=1252810 * https://bugzilla.suse.com/show_bug.cgi?id=1252811 * https://bugzilla.suse.com/show_bug.cgi?id=1252812 * https://bugzilla.suse.com/show_bug.cgi?id=1252813 * https://bugzilla.suse.com/show_bug.cgi?id=1252829 * https://bugzilla.suse.com/show_bug.cgi?id=1252833 * https://bugzilla.suse.com/show_bug.cgi?id=1252835 * https://bugzilla.suse.com/show_bug.cgi?id=1252838 * https://bugzilla.suse.com/show_bug.cgi?id=1261013 * https://jira.suse.com/browse/PED-14796 * https://jira.suse.com/browse/PED-266 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:34:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:34:52 -0000 Subject: SUSE-SU-2026:21547-1: important: Security update for strongswan Message-ID: <177848849206.2501.3694251666104640931@d7d34dcee2d8> # Security update for strongswan Announcement ID: SUSE-SU-2026:21547-1 Release Date: 2026-05-05T07:12:05Z Rating: important References: * bsc#1261705 * bsc#1261706 * bsc#1261708 * bsc#1261712 * bsc#1261717 * bsc#1261718 * bsc#1261720 * jsc#PED-16145 Cross-References: * CVE-2026-35328 * CVE-2026-35329 * CVE-2026-35330 * CVE-2026-35331 * CVE-2026-35332 * CVE-2026-35333 * CVE-2026-35334 CVSS scores: * CVE-2026-35328 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35328 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35329 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35330 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35331 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35331 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35332 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35332 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35333 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35333 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35334 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for strongswan fixes the following issues: Update to version 6.0.6 (jsc#PED-16145). Security issued fixed: * CVE-2026-35328: infinite loop when handling supported versions TLS extension (bsc#1261712). * CVE-2026-35329: NULL pointer dereference when processing padding in PKCS#7 (bsc#1261717). * CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). * CVE-2026-35331: acceptance of certificates violating X.509 name constraints (bsc#1261718). * CVE-2026-35332: NULL pointer dereference when handling ECDH public value in TLS (bsc#1261708). * CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). * CVE-2026-35334: possible NULL pointer dereference in RSA decryption (bsc#1261720). Other updates and bugfixes: * Version 6.0.6. * Enhancements and Optimizations * Added the unique ID to the log messages when creating an IKE SA as responder and when deleting such a half-open SA * The credential factory now enforces an upper limit of 10 when creating nested credentials. * Added Georgian translation to the NM plugin. * Fixes * IKEv2 fragments with a total fragment count lower than before are now dropped as mandated by the RFC . * Fixed a potential out-of-bounds read when parsing EAP-SIM/AKA attributes with actual length field. * Fixed a potential out-of-bounds read when enumerating hashes in OCSP CERTREQ payloads . * Fixed a potential crash in the vici plugin when parsing messages that encode the length of a VICI_LIST_ITEM incorrectly. * Avoid allocating a large buffer for TLS cipher suites on the stack using alloca(). * Ensure TLS 1.3 CertificateRequest structures are valid on the client. * Prevent an infinite loop if the EAP-SIM version list on the client contains more than one entry . * Fixed a crash in the tnccs_11 plugin if TNCCS-ReasonStrings is empty or only contains empty nodes . * Fixed verification of RSA signatures with SHA3-224 via botan plugin. * Close the internal IPv6 socket when a tun_device_t is destroyed . * Update the address family in the SA selector when the addresses of a tunnel mode IPsec SA change in the kernel-netlink plugin. * Version 6.0.5: * Fixed a vulnerability in the eap-ttls plugin related to processing EAP-TTLS AVPs that can lead to resource exhaustion or a crash. * The new `icmp` option enables the forwarding of certain ICMP error messages (e.g. Fragmentation Needed), even if their source address doesn't match the negotiated traffic selectors, when running on Linux kernels that support this (v6.9+). * charon-cmd now supports childless IKE SA initiation with the `--childless` option. * The dhcp plugin now keeps track of address leases across make-before-break reauthentications to avoid releasing the address when the old SA is terminated * Added support for `organizationIdentifier` RDNs, which are used in e.g. eIDAS certificates, when parsing ASN.1 DN identities from strings. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-680=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-680=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * strongswan-nm-6.0.6-160000.1.1 * strongswan-sqlite-debuginfo-6.0.6-160000.1.1 * strongswan-debugsource-6.0.6-160000.1.1 * strongswan-fips-6.0.6-160000.1.1 * strongswan-nm-debuginfo-6.0.6-160000.1.1 * strongswan-mysql-6.0.6-160000.1.1 * strongswan-sqlite-6.0.6-160000.1.1 * strongswan-debuginfo-6.0.6-160000.1.1 * strongswan-ipsec-debuginfo-6.0.6-160000.1.1 * strongswan-mysql-debuginfo-6.0.6-160000.1.1 * strongswan-ipsec-6.0.6-160000.1.1 * strongswan-6.0.6-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * strongswan-doc-6.0.6-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * strongswan-nm-6.0.6-160000.1.1 * strongswan-sqlite-debuginfo-6.0.6-160000.1.1 * strongswan-debugsource-6.0.6-160000.1.1 * strongswan-fips-6.0.6-160000.1.1 * strongswan-nm-debuginfo-6.0.6-160000.1.1 * strongswan-mysql-6.0.6-160000.1.1 * strongswan-sqlite-6.0.6-160000.1.1 * strongswan-debuginfo-6.0.6-160000.1.1 * strongswan-ipsec-debuginfo-6.0.6-160000.1.1 * strongswan-mysql-debuginfo-6.0.6-160000.1.1 * strongswan-ipsec-6.0.6-160000.1.1 * strongswan-6.0.6-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * strongswan-doc-6.0.6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35328.html * https://www.suse.com/security/cve/CVE-2026-35329.html * https://www.suse.com/security/cve/CVE-2026-35330.html * https://www.suse.com/security/cve/CVE-2026-35331.html * https://www.suse.com/security/cve/CVE-2026-35332.html * https://www.suse.com/security/cve/CVE-2026-35333.html * https://www.suse.com/security/cve/CVE-2026-35334.html * https://bugzilla.suse.com/show_bug.cgi?id=1261705 * https://bugzilla.suse.com/show_bug.cgi?id=1261706 * https://bugzilla.suse.com/show_bug.cgi?id=1261708 * https://bugzilla.suse.com/show_bug.cgi?id=1261712 * https://bugzilla.suse.com/show_bug.cgi?id=1261717 * https://bugzilla.suse.com/show_bug.cgi?id=1261718 * https://bugzilla.suse.com/show_bug.cgi?id=1261720 * https://jira.suse.com/browse/PED-16145 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:35:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:35:02 -0000 Subject: SUSE-SU-2026:21545-1: important: Security update for mozjs128 Message-ID: <177848850294.2501.4489175368860483134@d7d34dcee2d8> # Security update for mozjs128 Announcement ID: SUSE-SU-2026:21545-1 Release Date: 2026-05-05T00:25:19Z Rating: important References: * bsc#1259713 * bsc#1259728 * bsc#1259731 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs128 fixes the following issues: * CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728). * CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713). * CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-676=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-676=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * mozjs128-128.14.0-160000.2.1 * mozjs128-devel-128.14.0-160000.2.1 * mozjs128-debugsource-128.14.0-160000.2.1 * libmozjs-128-0-128.14.0-160000.2.1 * libmozjs-128-0-debuginfo-128.14.0-160000.2.1 * mozjs128-debuginfo-128.14.0-160000.2.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * mozjs128-128.14.0-160000.2.1 * mozjs128-devel-128.14.0-160000.2.1 * mozjs128-debugsource-128.14.0-160000.2.1 * libmozjs-128-0-128.14.0-160000.2.1 * libmozjs-128-0-debuginfo-128.14.0-160000.2.1 * mozjs128-debuginfo-128.14.0-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259713 * https://bugzilla.suse.com/show_bug.cgi?id=1259728 * https://bugzilla.suse.com/show_bug.cgi?id=1259731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:35:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:35:12 -0000 Subject: SUSE-SU-2026:21544-1: critical: Security update for openssl-3-x86_64-v3-livepatches Message-ID: <177848851235.2501.12906175956615681254@d7d34dcee2d8> # Security update for openssl-3-x86_64-v3-livepatches Announcement ID: SUSE-SU-2026:21544-1 Release Date: 2026-05-05T00:19:27Z Rating: critical References: * bsc#1250410 * bsc#1256876 * bsc#1256878 * bsc#1256880 * bsc#1259271 Cross-References: * CVE-2025-11187 * CVE-2025-15467 * CVE-2025-15468 * CVE-2025-9230 CVSS scores: * CVE-2025-11187 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-11187 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-11187 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H * CVE-2025-15467 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15467 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-15467 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-15468 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-15468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-15468 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-9230 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-9230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-9230 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for openssl-3-x86_64-v3-livepatches fixes the following issues: Changes in openssl-3-x86_64-v3-livepatches: * Add package for libopenssl3-x86-64-v3-3.5.0 (bsc#1259271). Fixed: * CVE-2025-11187: Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878). * CVE-2025-15467: Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876). * CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880). * CVE-2025-9230: Fixed Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) (bsc#1250410). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-675=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-675=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * openssl-3-x86_64-v3-livepatches-debugsource-0.3-160000.1.1 * openssl-3-x86_64-v3-livepatches-debuginfo-0.3-160000.1.1 * openssl-3-x86_64-v3-livepatches-0.3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * openssl-3-x86_64-v3-livepatches-debugsource-0.3-160000.1.1 * openssl-3-x86_64-v3-livepatches-debuginfo-0.3-160000.1.1 * openssl-3-x86_64-v3-livepatches-0.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11187.html * https://www.suse.com/security/cve/CVE-2025-15467.html * https://www.suse.com/security/cve/CVE-2025-15468.html * https://www.suse.com/security/cve/CVE-2025-9230.html * https://bugzilla.suse.com/show_bug.cgi?id=1250410 * https://bugzilla.suse.com/show_bug.cgi?id=1256876 * https://bugzilla.suse.com/show_bug.cgi?id=1256878 * https://bugzilla.suse.com/show_bug.cgi?id=1256880 * https://bugzilla.suse.com/show_bug.cgi?id=1259271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:35:35 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:35:35 -0000 Subject: SUSE-SU-2026:21542-1: important: Security update for php-composer2 Message-ID: <177848853597.2501.434932237648470427@d7d34dcee2d8> # Security update for php-composer2 Announcement ID: SUSE-SU-2026:21542-1 Release Date: 2026-05-04T10:46:30Z Rating: important References: * bsc#1255768 * bsc#1262254 * bsc#1262255 Cross-References: * CVE-2025-67746 * CVE-2026-40176 * CVE-2026-40261 CVSS scores: * CVE-2025-67746 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-67746 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-67746 ( NVD ): 1.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-67746 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-40176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40261 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40261 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for php-composer2 fixes the following issues: * CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker controlled remote sources (bsc#1255768). * CVE-2026-40176: arbitrary command injection via malicious Perforce repository definition (bsc#1262254). * CVE-2026-40261: arbitrary command injection via malicious Perforce source reference/url (bsc#1262255). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-672=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-672=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * php-composer2-2.8.9-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * php-composer2-2.8.9-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67746.html * https://www.suse.com/security/cve/CVE-2026-40176.html * https://www.suse.com/security/cve/CVE-2026-40261.html * https://bugzilla.suse.com/show_bug.cgi?id=1255768 * https://bugzilla.suse.com/show_bug.cgi?id=1262254 * https://bugzilla.suse.com/show_bug.cgi?id=1262255 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:35:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:35:28 -0000 Subject: SUSE-SU-2026:21543-1: important: Security update for java-25-openjdk Message-ID: <177848852855.2501.7867823262832654372@d7d34dcee2d8> # Security update for java-25-openjdk Announcement ID: SUSE-SU-2026:21543-1 Release Date: 2026-05-04T12:14:51Z Rating: important References: * bsc#1259118 * bsc#1262490 * bsc#1262493 * bsc#1262494 * bsc#1262495 * bsc#1262496 * bsc#1262497 * bsc#1262500 * bsc#1262501 * jsc#PED-15898 Cross-References: * CVE-2026-22007 * CVE-2026-22008 * CVE-2026-22013 * CVE-2026-22016 * CVE-2026-22018 * CVE-2026-22021 * CVE-2026-23865 * CVE-2026-34268 * CVE-2026-34282 CVSS scores: * CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22007 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-22008 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-22008 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-22008 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-22013 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22013 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22016 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22018 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22021 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-23865 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34268 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34282 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves nine vulnerabilities and contains one feature can now be installed. ## Description: This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.3+9 (April 2026 CPU). Security issues fixed: * CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of accessible data (bsc#1262490). * CVE-2026-22008: Libraries: unauthenticated attacker with network access via multiple protocols can gain unauthorized update, insert or delete access to data (bsc#1262493). * CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized access to critical data (bsc#1262494). * CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized to access critical data (bsc#1262495). * CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial denial of service (bsc#1262496). * CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service (bsc#1262497). * CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118). * CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of data (bsc#1262500). * CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or frequently repeatable crash (bsc#1262501). Other updates and bugfixes: * Provide the timezone-java and tzdata-java (jsc#PED-15898). * Migrate to the new logic of FIPS patch developed by RedHat in https://github.com/rh-openjdk/jdk/tree/fips-25u. * Add the sources of /nss-native-fips-key-import-export-adapter. * This native library is an adapter for OpenJDK to use the NSS PKCS #11 software token (libsoftokn3.so) in FIPS mode. * Allow overriding of gcc name. * Don't make missing system crypto-policies fatal. * Add create-crypto-properties-files.bash that generates during the build the config files for different fips and non-fips scenarios. * Add TestSecurityProperties.java to test the loading of system security properties where applicable. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-674=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-674=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * java-25-openjdk-devel-debuginfo-25.0.3.0-160000.1.1 * java-25-openjdk-debuginfo-25.0.3.0-160000.1.1 * java-25-openjdk-jmods-25.0.3.0-160000.1.1 * java-25-openjdk-devel-25.0.3.0-160000.1.1 * java-25-openjdk-headless-debuginfo-25.0.3.0-160000.1.1 * java-25-openjdk-demo-25.0.3.0-160000.1.1 * java-25-openjdk-src-25.0.3.0-160000.1.1 * java-25-openjdk-25.0.3.0-160000.1.1 * java-25-openjdk-headless-25.0.3.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * java-25-openjdk-javadoc-25.0.3.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * java-25-openjdk-devel-debuginfo-25.0.3.0-160000.1.1 * java-25-openjdk-debuginfo-25.0.3.0-160000.1.1 * java-25-openjdk-jmods-25.0.3.0-160000.1.1 * java-25-openjdk-devel-25.0.3.0-160000.1.1 * java-25-openjdk-headless-debuginfo-25.0.3.0-160000.1.1 * java-25-openjdk-demo-25.0.3.0-160000.1.1 * java-25-openjdk-src-25.0.3.0-160000.1.1 * java-25-openjdk-25.0.3.0-160000.1.1 * java-25-openjdk-headless-25.0.3.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * java-25-openjdk-javadoc-25.0.3.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22007.html * https://www.suse.com/security/cve/CVE-2026-22008.html * https://www.suse.com/security/cve/CVE-2026-22013.html * https://www.suse.com/security/cve/CVE-2026-22016.html * https://www.suse.com/security/cve/CVE-2026-22018.html * https://www.suse.com/security/cve/CVE-2026-22021.html * https://www.suse.com/security/cve/CVE-2026-23865.html * https://www.suse.com/security/cve/CVE-2026-34268.html * https://www.suse.com/security/cve/CVE-2026-34282.html * https://bugzilla.suse.com/show_bug.cgi?id=1259118 * https://bugzilla.suse.com/show_bug.cgi?id=1262490 * https://bugzilla.suse.com/show_bug.cgi?id=1262493 * https://bugzilla.suse.com/show_bug.cgi?id=1262494 * https://bugzilla.suse.com/show_bug.cgi?id=1262495 * https://bugzilla.suse.com/show_bug.cgi?id=1262496 * https://bugzilla.suse.com/show_bug.cgi?id=1262497 * https://bugzilla.suse.com/show_bug.cgi?id=1262500 * https://bugzilla.suse.com/show_bug.cgi?id=1262501 * https://jira.suse.com/browse/PED-15898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:35:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:35:39 -0000 Subject: SUSE-SU-2026:21541-1: important: Security update for MozillaFirefox Message-ID: <177848853914.2501.15548744064694443036@d7d34dcee2d8> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:21541-1 Release Date: 2026-05-04T10:46:30Z Rating: important References: * bsc#1263110 Cross-References: * CVE-2026-7320 * CVE-2026-7321 * CVE-2026-7322 * CVE-2026-7323 CVSS scores: * CVE-2026-7320 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-7321 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-7322 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-7323 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.10.1 ESR. * MFSA 2026-36 (bsc#1263110) * CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component. * CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1 * CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-669=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-669=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * MozillaFirefox-translations-other-140.10.1-160000.1.1 * MozillaFirefox-debuginfo-140.10.1-160000.1.1 * MozillaFirefox-debugsource-140.10.1-160000.1.1 * MozillaFirefox-140.10.1-160000.1.1 * MozillaFirefox-translations-common-140.10.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * MozillaFirefox-devel-140.10.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le x86_64) * MozillaFirefox-translations-other-140.10.1-160000.1.1 * MozillaFirefox-debuginfo-140.10.1-160000.1.1 * MozillaFirefox-debugsource-140.10.1-160000.1.1 * MozillaFirefox-140.10.1-160000.1.1 * MozillaFirefox-translations-common-140.10.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * MozillaFirefox-devel-140.10.1-160000.1.1 * MozillaFirefox-devel-140.10.1-160000.1.3 * SUSE Linux Enterprise Server 16.0 (s390x) * MozillaFirefox-debugsource-140.10.1-160000.1.3 * MozillaFirefox-140.10.1-160000.1.3 * MozillaFirefox-translations-common-140.10.1-160000.1.3 * MozillaFirefox-translations-other-140.10.1-160000.1.3 * MozillaFirefox-debuginfo-140.10.1-160000.1.3 ## References: * https://www.suse.com/security/cve/CVE-2026-7320.html * https://www.suse.com/security/cve/CVE-2026-7321.html * https://www.suse.com/security/cve/CVE-2026-7322.html * https://www.suse.com/security/cve/CVE-2026-7323.html * https://bugzilla.suse.com/show_bug.cgi?id=1263110 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:35:42 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:35:42 -0000 Subject: SUSE-SU-2026:21540-1: important: Security update for google-cloud-sap-agent Message-ID: <177848854218.2501.1596168810158804396@d7d34dcee2d8> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2026:21540-1 Release Date: 2026-05-04T10:09:04Z Rating: important References: * bsc#1262936 Cross-References: * CVE-2026-34986 CVSS scores: * CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issue: * CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty `encrypted_key` field but key wrapping algorithm set can lead to a denial of service (bsc#1262936). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-671=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-671=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * google-cloud-sap-agent-3.12-160000.2.1 * google-cloud-sap-agent-debuginfo-3.12-160000.2.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * google-cloud-sap-agent-3.12-160000.2.1 * google-cloud-sap-agent-debuginfo-3.12-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34986.html * https://bugzilla.suse.com/show_bug.cgi?id=1262936 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:36:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:36:01 -0000 Subject: SUSE-SU-2026:1798-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) Message-ID: <177848856178.2501.9524282403210026345@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1798-1 Release Date: 2026-05-09T13:04:52Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.127 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1799=1 SUSE-2026-1798=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1799=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1798=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1800=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1800=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_179-default-10-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_47-debugsource-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_45-debugsource-10-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_179-default-10-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_47-debugsource-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-6-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-6-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_45-debugsource-10-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-6-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_32-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-6-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-6-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_32-debugsource-6-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-6-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:36:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:36:05 -0000 Subject: SUSE-SU-2026:1802-1: important: Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise 15 SP6) Message-ID: <177848856542.2501.3510963456139083112@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1802-1 Release Date: 2026-05-09T13:05:31Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.92 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1802=1 SUSE-2026-1803=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1802=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1803=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1797=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1797=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_144-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_144-default-debuginfo-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_141-default-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_36-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_141-default-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_37-debugsource-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_144-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_144-default-debuginfo-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_141-default-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_36-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_141-default-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_37-debugsource-2-150500.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_21-debugsource-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_92-default-2-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_21-debugsource-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_92-default-2-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:36:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:36:16 -0000 Subject: SUSE-SU-2026:1801-1: important: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Message-ID: <177848857630.2501.13494292473249039519@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1801-1 Release Date: 2026-05-09T13:05:07Z Rating: important References: * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.84 fixes various security issues The following security issues were fixed: * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1801=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1801=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1796=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1796=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_35-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-5-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_35-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-5-150500.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-5-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-5-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-5-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:36:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:36:27 -0000 Subject: SUSE-SU-2026:1793-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6) Message-ID: <177848858724.2501.7940641114049792590@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1793-1 Release Date: 2026-05-09T11:34:27Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.60 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1793=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1793=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1794=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1794=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1795=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1795=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_43-debugsource-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-13-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_43-debugsource-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-13-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-13-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-18-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-18-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-18-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-18-150500.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_13-debugsource-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-14-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_13-debugsource-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-14-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:36:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:36:31 -0000 Subject: SUSE-SU-2026:1792-1: important: Security update for the Linux Kernel (Live Patch 78 for SUSE Linux Enterprise 12 SP5) Message-ID: <177848859103.2501.10670523912898176535@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 78 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1792-1 Release Date: 2026-05-09T11:33:55Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.296 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1792=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_296-default-2-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:36:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:36:39 -0000 Subject: SUSE-SU-2026:1791-1: important: Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5) Message-ID: <177848859932.2501.17907756073965749112@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1791-1 Release Date: 2026-05-09T11:33:49Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1791=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_275-default-8-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:36:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:36:53 -0000 Subject: SUSE-SU-2026:21518-1: moderate: Security update for build, product-composer Message-ID: <177848861352.2501.6952525418659200246@d7d34dcee2d8> # Security update for build, product-composer Announcement ID: SUSE-SU-2026:21518-1 Release Date: 2026-05-05T06:52:08Z Rating: moderate References: * bsc#1230469 Cross-References: * CVE-2024-22038 CVSS scores: * CVE-2024-22038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2024-22038 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-22038 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for build, product-composer fixes the following issues: Changes in build: * Support a new "IgnoreRebuild" config. * build-recipe-kiwi: * Add support for oci containers * Avoid needlessly compressing container images * Detect container images based on build result file name * Fix queryrecipe to use the summary and the description from the main package * config: Add slfo-main build configuration * drop the inner quotes, not needed on bash 4 and breaks on bash 3 * build: in the ccache case, after test -e also accept -L * container: * Add microdnf package manager support * Add experimental support for the container-timestamp build option * sbom: * allow to create v1 intoto data * spdx: connect OPERATING-SYSTEM package to the root package * Transfer product vcs and disturl * Support --cms-nocerts and --cms-keyid in the signdummy * Support chroot builds inside of containers * runservice tool, allow to specify the modes. Can be used on plain git source now also * Support --mtime option for cpio creation * generate_sbom: * Support also unzck compressed repomd files * Fail when given --product directory is missing * support zstd compressed repomd data * build-vm-lxc: support lxc >= 5 * vc: Hide an annoying error message when not using NIS * added leap-16.0 and leap-16.1 build configs. (not named sl16.0 anymore, but using same string as the git branch) * Implement cmssign support in signdummy * pbuild: mark git assets with a fixed commit as immutable * mkosi * check if old parameters are supported before passing them * support old bash version * Do not crash on small files that start with the PE magic * Harden export_debian_orig_from_git (CVE-2024-22038, boo#1230469) Changes in product-composer: update to version 0.9.6: * Speed-up reading of rpm headers * Flush output lines to get get correct timestamps in OBS update to version 0.9.5: * Be a bit more verbose to track used times per step in OBS * Fix a crash when doing version compare with an epoch update to version 0.9.4: * Give an error when trying to add updateinfo meta data without all binary revisions. * Hand over vcs and disturl data to generate_sbom. (We require a recent build package therefore) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-678=1 ## Package List: * SUSE Linux Micro Extras 6.2 (noarch) * build-mkbaselibs-20260415-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22038.html * https://bugzilla.suse.com/show_bug.cgi?id=1230469 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:37:17 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:37:17 -0000 Subject: SUSE-SU-2026:21533-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177848863757.2501.7960607426180368936@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21533-1 Release Date: 2026-05-06T09:35:23Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-706=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_7-default-7-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-7-160000.1.1 * kernel-livepatch-SLE16_Update_2-debugsource-7-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:36:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:36:47 -0000 Subject: SUSE-SU-2026:1790-1: important: Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5) Message-ID: <177848860748.2501.18130633019440264149@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1790-1 Release Date: 2026-05-09T11:04:04Z Rating: important References: * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.266 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1790=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_266-default-14-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:37:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:37:31 -0000 Subject: SUSE-SU-2026:21532-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177848865127.2501.16236534860828443791@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21532-1 Release Date: 2026-05-06T09:16:11Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-705=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-9-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-9-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-9-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:37:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:37:04 -0000 Subject: SUSE-SU-2026:21534-1: moderate: Security update for Mesa Message-ID: <177848862401.2501.17840492386626637772@d7d34dcee2d8> # Security update for Mesa Announcement ID: SUSE-SU-2026:21534-1 Release Date: 2026-05-06T10:15:45Z Rating: moderate References: * bsc#1261911 * bsc#1261998 Cross-References: * CVE-2026-40393 CVSS scores: * CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40393 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for Mesa fixes the following issue: * CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-707=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le x86_64) * Mesa-libEGL1-debuginfo-24.3.3-160000.3.1 * Mesa-debugsource-24.3.3-160000.3.1 * Mesa-libEGL1-24.3.3-160000.3.1 * Mesa-libglapi0-24.3.3-160000.3.1 * Mesa-gallium-24.3.3-160000.3.1 * Mesa-dri-24.3.3-160000.3.1 * Mesa-gallium-debuginfo-24.3.3-160000.3.1 * libgbm1-24.3.3-160000.3.1 * Mesa-libGL1-debuginfo-24.3.3-160000.3.1 * Mesa-24.3.3-160000.3.1 * libgbm1-debuginfo-24.3.3-160000.3.1 * Mesa-drivers-debugsource-24.3.3-160000.3.1 * Mesa-dri-debuginfo-24.3.3-160000.3.1 * Mesa-libglapi0-debuginfo-24.3.3-160000.3.1 * Mesa-libGL1-24.3.3-160000.3.1 * SUSE Linux Micro 6.2 (s390x) * Mesa-libEGL1-debuginfo-24.1.7-160000.3.1 * Mesa-libglapi0-24.1.7-160000.3.1 * libgbm1-24.1.7-160000.3.1 * Mesa-dri-24.1.7-160000.3.1 * Mesa-libglapi0-debuginfo-24.1.7-160000.3.1 * Mesa-drivers-debugsource-24.1.7-160000.3.1 * Mesa-dri-debuginfo-24.1.7-160000.3.1 * Mesa-libGL1-debuginfo-24.1.7-160000.3.1 * Mesa-24.1.7-160000.3.1 * libgbm1-debuginfo-24.1.7-160000.3.1 * Mesa-libGL1-24.1.7-160000.3.1 * Mesa-libEGL1-24.1.7-160000.3.1 * Mesa-debugsource-24.1.7-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40393.html * https://bugzilla.suse.com/show_bug.cgi?id=1261911 * https://bugzilla.suse.com/show_bug.cgi?id=1261998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:37:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:37:52 -0000 Subject: SUSE-SU-2026:21530-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16) Message-ID: <177848867287.2501.15813041758539501101@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21530-1 Release Date: 2026-05-05T22:36:52Z Rating: important References: * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues The following security issues were fixed: * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-699=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_27-default-debuginfo-3-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-3-160000.1.1 * kernel-livepatch-SLE16_Update_6-debugsource-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:38:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:38:04 -0000 Subject: SUSE-SU-2026:21529-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177848868489.2501.16245111433258860194@d7d34dcee2d8> # Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21529-1 Release Date: 2026-05-05T22:29:56Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-698=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_5-rt-9-160000.3.4 * kernel-livepatch-SLE16-RT_Update_0-debugsource-9-160000.3.4 * kernel-livepatch-6_12_0-160000_5-rt-debuginfo-9-160000.3.4 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:38:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:38:58 -0000 Subject: SUSE-SU-2026:21524-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 16) Message-ID: <177848873821.2501.13066502802775942808@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21524-1 Release Date: 2026-05-05T20:01:32Z Rating: important References: * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.28.1 fixes various security issues The following security issues were fixed: * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-693=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_7-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_28-default-debuginfo-2-160000.1.1 * kernel-livepatch-6_12_0-160000_28-default-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:39:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:39:21 -0000 Subject: SUSE-SU-2026:21522-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177848876161.2501.15974672509540915497@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21522-1 Release Date: 2026-05-05T19:49:32Z Rating: important References: * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-691=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_9-default-debuginfo-5-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:39:34 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:39:34 -0000 Subject: SUSE-SU-2026:21520-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 16) Message-ID: <177848877499.2501.4244719053651930528@d7d34dcee2d8> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21520-1 Release Date: 2026-05-05T17:30:28Z Rating: important References: * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.28.1 fixes various security issues The following security issues were fixed: * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-688=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-SLE16-RT_Update_7-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_28-rt-debuginfo-2-160000.1.1 * kernel-livepatch-6_12_0-160000_28-rt-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:39:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:39:56 -0000 Subject: SUSE-SU-2026:1787-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6) Message-ID: <177848879607.2501.12463795756885808531@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1787-1 Release Date: 2026-05-09T03:34:11Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.81 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1787=1 SUSE-2026-1788=1 SUSE-2026-1789=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1787=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1788=1 SUSE-SLE-Module-Live- Patching-15-SP6-2026-1789=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_14-debugsource-10-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-10-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-10-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-10-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-10-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-10-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-5-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_14-debugsource-10-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-10-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-10-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-10-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-10-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-10-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-5-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:40:02 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:40:02 -0000 Subject: SUSE-SU-2026:1786-1: important: Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5) Message-ID: <177848880202.2501.9830616951855548711@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1786-1 Release Date: 2026-05-08T22:45:05Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.293 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1786=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_293-default-5-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:40:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:40:08 -0000 Subject: SUSE-SU-2026:1781-1: important: Security update for the Linux Kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5) Message-ID: <177848880824.2501.4149891166418934091@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1781-1 Release Date: 2026-05-08T17:04:18Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.283 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1781=1 SUSE-SLE-Live- Patching-12-SP5-2026-1782=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_280-default-6-2.1 * kgraft-patch-4_12_14-122_283-default-6-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:40:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:40:15 -0000 Subject: SUSE-SU-2026:1780-1: important: Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5) Message-ID: <177848881535.2501.415035627817298936@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1780-1 Release Date: 2026-05-08T17:04:05Z Rating: important References: * bsc#1258073 * bsc#1258655 * bsc#1259126 * bsc#1263689 Cross-References: * CVE-2025-38375 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-31431 CVSS scores: * CVE-2025-38375 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38375 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38375 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 4.12.14-122.255 fixes various security issues The following security issues were fixed: * CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1258073). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1780=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_255-default-17-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38375.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258073 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:40:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:40:19 -0000 Subject: SUSE-SU-2026:1784-1: important: Security update for php-composer2 Message-ID: <177848881983.2501.16016865820499060130@d7d34dcee2d8> # Security update for php-composer2 Announcement ID: SUSE-SU-2026:1784-1 Release Date: 2026-05-08T17:05:56Z Rating: important References: * bsc#1262254 * bsc#1262255 Cross-References: * CVE-2026-40176 * CVE-2026-40261 CVSS scores: * CVE-2026-40176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40261 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-40261 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for php-composer2 fixes the following issues: * CVE-2026-40176: arbitrary command injection via malicious Perforce repository definition (bsc#1262254). * CVE-2026-40261: arbitrary command injection via malicious Perforce source reference/url (bsc#1262255). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1784=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1784=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1784=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1784=1 ## Package List: * openSUSE Leap 15.6 (noarch) * php-composer2-2.6.4-150600.3.9.1 * Web and Scripting Module 15-SP7 (noarch) * php-composer2-2.6.4-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * php-composer2-2.6.4-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * php-composer2-2.6.4-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40176.html * https://www.suse.com/security/cve/CVE-2026-40261.html * https://bugzilla.suse.com/show_bug.cgi?id=1262254 * https://bugzilla.suse.com/show_bug.cgi?id=1262255 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:39:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:39:44 -0000 Subject: SUSE-SU-2026:21519-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177848878470.2501.15538251850555629469@d7d34dcee2d8> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21519-1 Release Date: 2026-05-05T17:18:30Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-687=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-SLE16-RT_Update_5-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_26-rt-debuginfo-4-160000.1.1 * kernel-livepatch-6_12_0-160000_26-rt-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:38:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:38:16 -0000 Subject: SUSE-SU-2026:21528-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177848869669.2501.16070632264216534402@d7d34dcee2d8> # Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21528-1 Release Date: 2026-05-05T22:20:12Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-697=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_7-rt-6-160000.1.1 * kernel-livepatch-SLE16-RT_Update_2-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_7-rt-debuginfo-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:38:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:38:28 -0000 Subject: SUSE-SU-2026:21527-1: important: Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177848870871.2501.14053621834670034534@d7d34dcee2d8> # Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21527-1 Release Date: 2026-05-05T21:59:39Z Rating: important References: * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-696=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_9-rt-debuginfo-5-160000.1.1 * kernel-livepatch-SLE16-RT_Update_4-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_9-rt-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:38:40 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:38:40 -0000 Subject: SUSE-SU-2026:21526-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177848872097.2501.2084445448309168295@d7d34dcee2d8> # Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21526-1 Release Date: 2026-05-05T20:45:33Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-695=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_8-rt-debuginfo-5-160000.1.1 * kernel-livepatch-6_12_0-160000_8-rt-5-160000.1.1 * kernel-livepatch-SLE16-RT_Update_3-debugsource-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:38:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:38:52 -0000 Subject: SUSE-SU-2026:21525-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177848873210.2501.11556136478666588204@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21525-1 Release Date: 2026-05-05T20:04:45Z Rating: important References: * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-694=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_26-default-4-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-debuginfo-4-160000.1.1 * kernel-livepatch-SLE16_Update_5-debugsource-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:39:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:39:29 -0000 Subject: SUSE-SU-2026:21521-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16) Message-ID: <177848876910.2501.11856852929045415486@d7d34dcee2d8> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21521-1 Release Date: 2026-05-05T17:32:16Z Rating: important References: * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues The following security issues were fixed: * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-689=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1 * kernel-livepatch-SLE16-RT_Update_6-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_27-rt-debuginfo-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:39:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:39:09 -0000 Subject: SUSE-SU-2026:21523-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177848874992.2501.2361776380230271540@d7d34dcee2d8> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21523-1 Release Date: 2026-05-05T19:50:41Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-692=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_0-debugsource-11-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-11-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-11-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon May 11 08:37:43 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Mon, 11 May 2026 08:37:43 -0000 Subject: SUSE-SU-2026:21531-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177848866326.2501.16119165937880642349@d7d34dcee2d8> # Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21531-1 Release Date: 2026-05-05T23:37:29Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-700=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_6-rt-debuginfo-8-160000.1.1 * kernel-livepatch-6_12_0-160000_6-rt-8-160000.1.1 * kernel-livepatch-SLE16-RT_Update_1-debugsource-8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:30:12 -0000 Subject: SUSE-SU-2026:1825-1: important: Security update for the Linux Kernel Message-ID: <177868981298.1208.16577674996945648516@e3afc95ed2e8> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1825-1 Release Date: 2026-05-12T09:00:07Z Rating: important References: * bsc#1264449 Cross-References: * CVE-2026-43284 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * Legacy Module 15-SP7 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP7 kernel was updated to fix the following issue: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1825=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1825=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1825=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1825=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1825=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1825=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-1825=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 nosrc) * kernel-64kb-6.4.0-150700.53.45.1 * Basesystem Module 15-SP7 (aarch64) * kernel-64kb-devel-6.4.0-150700.53.45.1 * kernel-64kb-devel-debuginfo-6.4.0-150700.53.45.1 * kernel-64kb-debugsource-6.4.0-150700.53.45.1 * kernel-64kb-debuginfo-6.4.0-150700.53.45.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150700.53.45.1 * Basesystem Module 15-SP7 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-150700.53.45.1.150700.17.29.2 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-6.4.0-150700.53.45.1 * kernel-default-debugsource-6.4.0-150700.53.45.1 * kernel-default-devel-debuginfo-6.4.0-150700.53.45.1 * kernel-default-debuginfo-6.4.0-150700.53.45.1 * Basesystem Module 15-SP7 (noarch) * kernel-macros-6.4.0-150700.53.45.1 * kernel-devel-6.4.0-150700.53.45.1 * Basesystem Module 15-SP7 (nosrc s390x) * kernel-zfcpdump-6.4.0-150700.53.45.1 * Basesystem Module 15-SP7 (s390x) * kernel-zfcpdump-debugsource-6.4.0-150700.53.45.1 * kernel-zfcpdump-debuginfo-6.4.0-150700.53.45.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * kernel-default-extra-debuginfo-6.4.0-150700.53.45.1 * kernel-default-debugsource-6.4.0-150700.53.45.1 * kernel-default-debuginfo-6.4.0-150700.53.45.1 * kernel-default-extra-6.4.0-150700.53.45.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (nosrc) * kernel-default-6.4.0-150700.53.45.1 * SUSE Linux Enterprise Live Patching 15-SP7 (nosrc) * kernel-default-6.4.0-150700.53.45.1 * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_45-default-1-150700.15.3.2 * kernel-default-debugsource-6.4.0-150700.53.45.1 * kernel-livepatch-SLE15-SP7_Update_13-debugsource-1-150700.15.3.2 * kernel-livepatch-6_4_0-150700_53_45-default-debuginfo-1-150700.15.3.2 * kernel-default-livepatch-devel-6.4.0-150700.53.45.1 * kernel-default-livepatch-6.4.0-150700.53.45.1 * kernel-default-debuginfo-6.4.0-150700.53.45.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-6.4.0-150700.53.45.1 * kernel-syms-6.4.0-150700.53.45.1 * kernel-obs-build-6.4.0-150700.53.45.1 * Development Tools Module 15-SP7 (noarch nosrc) * kernel-docs-6.4.0-150700.53.45.1 * Development Tools Module 15-SP7 (noarch) * kernel-source-6.4.0-150700.53.45.1 * Legacy Module 15-SP7 (nosrc) * kernel-default-6.4.0-150700.53.45.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-6.4.0-150700.53.45.1 * kernel-default-debugsource-6.4.0-150700.53.45.1 * kernel-default-debuginfo-6.4.0-150700.53.45.1 * reiserfs-kmp-default-6.4.0-150700.53.45.1 * Public Cloud Module 15-SP7 (aarch64 nosrc x86_64) * kernel-azure-6.4.0-150700.53.45.1 * Public Cloud Module 15-SP7 (aarch64 x86_64) * kernel-azure-devel-debuginfo-6.4.0-150700.53.45.1 * kernel-azure-devel-6.4.0-150700.53.45.1 * kernel-azure-debugsource-6.4.0-150700.53.45.1 * kernel-azure-debuginfo-6.4.0-150700.53.45.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-6.4.0-150700.53.45.1 * kernel-default-debugsource-6.4.0-150700.53.45.1 * ocfs2-kmp-default-debuginfo-6.4.0-150700.53.45.1 * gfs2-kmp-default-6.4.0-150700.53.45.1 * ocfs2-kmp-default-6.4.0-150700.53.45.1 * gfs2-kmp-default-debuginfo-6.4.0-150700.53.45.1 * kernel-default-debuginfo-6.4.0-150700.53.45.1 * dlm-kmp-default-6.4.0-150700.53.45.1 * cluster-md-kmp-default-debuginfo-6.4.0-150700.53.45.1 * dlm-kmp-default-debuginfo-6.4.0-150700.53.45.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (nosrc) * kernel-default-6.4.0-150700.53.45.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:30:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:30:22 -0000 Subject: SUSE-SU-2026:1840-1: important: Security update for the Linux Kernel Message-ID: <177868982282.1208.16035636473067094215@e3afc95ed2e8> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1840-1 Release Date: 2026-05-13T10:05:24Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 kernel was updated to fix the following issue: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1840=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1840=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1840=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1840=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1840=1 ## Package List: * openSUSE Leap 15.6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (noarch) * kernel-macros-6.4.0-150600.23.103.1 * kernel-source-vanilla-6.4.0-150600.23.103.1 * kernel-source-6.4.0-150600.23.103.1 * kernel-docs-html-6.4.0-150600.23.103.1 * kernel-devel-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (nosrc ppc64le x86_64) * kernel-debug-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (ppc64le x86_64) * kernel-debug-debugsource-6.4.0-150600.23.103.1 * kernel-debug-devel-6.4.0-150600.23.103.1 * kernel-debug-devel-debuginfo-6.4.0-150600.23.103.1 * kernel-debug-debuginfo-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (x86_64) * kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.103.1 * kernel-debug-vdso-debuginfo-6.4.0-150600.23.103.1 * kernel-default-vdso-6.4.0-150600.23.103.1 * kernel-debug-vdso-6.4.0-150600.23.103.1 * kernel-default-vdso-debuginfo-6.4.0-150600.23.103.1 * kernel-kvmsmall-vdso-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64) * dtb-hisilicon-6.4.0-150600.23.103.1 * dtb-arm-6.4.0-150600.23.103.1 * dtb-mediatek-6.4.0-150600.23.103.1 * reiserfs-kmp-64kb-6.4.0-150600.23.103.1 * gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * dtb-amazon-6.4.0-150600.23.103.1 * kernel-64kb-devel-6.4.0-150600.23.103.1 * dtb-altera-6.4.0-150600.23.103.1 * dlm-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * dtb-broadcom-6.4.0-150600.23.103.1 * dtb-nvidia-6.4.0-150600.23.103.1 * dtb-renesas-6.4.0-150600.23.103.1 * dtb-apm-6.4.0-150600.23.103.1 * dtb-rockchip-6.4.0-150600.23.103.1 * kernel-64kb-extra-6.4.0-150600.23.103.1 * ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * dlm-kmp-64kb-6.4.0-150600.23.103.1 * cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * kernel-64kb-debuginfo-6.4.0-150600.23.103.1 * gfs2-kmp-64kb-6.4.0-150600.23.103.1 * dtb-amd-6.4.0-150600.23.103.1 * dtb-cavium-6.4.0-150600.23.103.1 * dtb-allwinner-6.4.0-150600.23.103.1 * reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * dtb-socionext-6.4.0-150600.23.103.1 * dtb-apple-6.4.0-150600.23.103.1 * dtb-marvell-6.4.0-150600.23.103.1 * kernel-64kb-optional-debuginfo-6.4.0-150600.23.103.1 * kernel-64kb-extra-debuginfo-6.4.0-150600.23.103.1 * dtb-exynos-6.4.0-150600.23.103.1 * dtb-qcom-6.4.0-150600.23.103.1 * dtb-xilinx-6.4.0-150600.23.103.1 * kernel-64kb-optional-6.4.0-150600.23.103.1 * kernel-64kb-debugsource-6.4.0-150600.23.103.1 * dtb-freescale-6.4.0-150600.23.103.1 * kselftests-kmp-64kb-6.4.0-150600.23.103.1 * kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * dtb-amlogic-6.4.0-150600.23.103.1 * dtb-lg-6.4.0-150600.23.103.1 * ocfs2-kmp-64kb-6.4.0-150600.23.103.1 * dtb-sprd-6.4.0-150600.23.103.1 * cluster-md-kmp-64kb-6.4.0-150600.23.103.1 * kernel-64kb-devel-debuginfo-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-6.4.0-150600.23.103.1 * kernel-default-base-rebuild-6.4.0-150600.23.103.1.150600.12.48.1 * kernel-default-base-6.4.0-150600.23.103.1.150600.12.48.1 * kernel-kvmsmall-debugsource-6.4.0-150600.23.103.1 * kernel-kvmsmall-debuginfo-6.4.0-150600.23.103.1 * kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.103.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1 * reiserfs-kmp-default-6.4.0-150600.23.103.1 * kernel-default-extra-6.4.0-150600.23.103.1 * kselftests-kmp-default-debuginfo-6.4.0-150600.23.103.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-extra-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-optional-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-default-6.4.0-150600.23.103.1 * kernel-syms-6.4.0-150600.23.103.1 * kernel-obs-build-debugsource-6.4.0-150600.23.103.1 * kernel-default-optional-6.4.0-150600.23.103.1 * kernel-default-livepatch-6.4.0-150600.23.103.1 * kselftests-kmp-default-6.4.0-150600.23.103.1 * kernel-obs-qa-6.4.0-150600.23.103.1 * kernel-default-debugsource-6.4.0-150600.23.103.1 * kernel-obs-build-6.4.0-150600.23.103.1 * gfs2-kmp-default-6.4.0-150600.23.103.1 * kernel-default-devel-6.4.0-150600.23.103.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.103.1 * cluster-md-kmp-default-6.4.0-150600.23.103.1 * dlm-kmp-default-6.4.0-150600.23.103.1 * kernel-default-debuginfo-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-6.4.0-150600.23.103.1 * kernel-livepatch-6_4_0-150600_23_103-default-1-150600.13.3.1 * kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-1-150600.13.3.1 * kernel-livepatch-SLE15-SP6_Update_24-debugsource-1-150600.13.3.1 * openSUSE Leap 15.6 (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (s390x) * kernel-zfcpdump-debugsource-6.4.0-150600.23.103.1 * kernel-zfcpdump-debuginfo-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (nosrc) * dtb-aarch64-6.4.0-150600.23.103.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc) * kernel-default-6.4.0-150600.23.103.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-debugsource-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch nosrc) * kernel-docs-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * kernel-macros-6.4.0-150600.23.103.1 * kernel-source-6.4.0-150600.23.103.1 * kernel-devel-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.103.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-devel-6.4.0-150600.23.103.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.103.1 * reiserfs-kmp-default-6.4.0-150600.23.103.1 * kernel-syms-6.4.0-150600.23.103.1 * kernel-default-debugsource-6.4.0-150600.23.103.1 * kernel-obs-build-6.4.0-150600.23.103.1 * kernel-obs-build-debugsource-6.4.0-150600.23.103.1 * dlm-kmp-default-6.4.0-150600.23.103.1 * gfs2-kmp-default-6.4.0-150600.23.103.1 * cluster-md-kmp-default-6.4.0-150600.23.103.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-debuginfo-6.4.0-150600.23.103.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-default-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-150600.23.103.1.150600.12.48.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64) * kernel-64kb-debugsource-6.4.0-150600.23.103.1 * kernel-64kb-devel-6.4.0-150600.23.103.1 * kernel-64kb-devel-debuginfo-6.4.0-150600.23.103.1 * kernel-64kb-debuginfo-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x) * kernel-zfcpdump-debugsource-6.4.0-150600.23.103.1 * kernel-zfcpdump-debuginfo-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.103.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.103.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-devel-6.4.0-150600.23.103.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.103.1 * reiserfs-kmp-default-6.4.0-150600.23.103.1 * kernel-syms-6.4.0-150600.23.103.1 * kernel-default-debugsource-6.4.0-150600.23.103.1 * kernel-obs-build-6.4.0-150600.23.103.1 * kernel-obs-build-debugsource-6.4.0-150600.23.103.1 * kernel-default-base-6.4.0-150600.23.103.1.150600.12.48.1 * gfs2-kmp-default-6.4.0-150600.23.103.1 * cluster-md-kmp-default-6.4.0-150600.23.103.1 * dlm-kmp-default-6.4.0-150600.23.103.1 * kernel-default-debuginfo-6.4.0-150600.23.103.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-default-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (nosrc ppc64le x86_64) * kernel-default-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * kernel-macros-6.4.0-150600.23.103.1 * kernel-source-6.4.0-150600.23.103.1 * kernel-devel-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Live Patching 15-SP6 (nosrc) * kernel-default-6.4.0-150600.23.103.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-default-livepatch-6.4.0-150600.23.103.1 * kernel-livepatch-SLE15-SP6_Update_24-debugsource-1-150600.13.3.1 * kernel-default-debugsource-6.4.0-150600.23.103.1 * kernel-default-livepatch-devel-6.4.0-150600.23.103.1 * kernel-livepatch-6_4_0-150600_23_103-default-1-150600.13.3.1 * kernel-default-debuginfo-6.4.0-150600.23.103.1 * kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-1-150600.13.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:30:26 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:30:26 -0000 Subject: SUSE-SU-2026:1839-1: moderate: Security update for Mesa Message-ID: <177868982671.1208.2889709555209916867@e3afc95ed2e8> # Security update for Mesa Announcement ID: SUSE-SU-2026:1839-1 Release Date: 2026-05-13T09:13:57Z Rating: moderate References: * bsc#1261998 Cross-References: * CVE-2026-40393 CVSS scores: * CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40393 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for Mesa fixes the following issue: * CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1839=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1839=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1839=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1839=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1839=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1839=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1839=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64 i586) * libvulkan_radeon-21.2.4-150400.68.18.1 * Mesa-libd3d-21.2.4-150400.68.18.1 * Mesa-vulkan-device-select-21.2.4-150400.68.18.1 * Mesa-vulkan-overlay-21.2.4-150400.68.18.1 * libvulkan_radeon-debuginfo-21.2.4-150400.68.18.1 * libvulkan_lvp-21.2.4-150400.68.18.1 * libvulkan_lvp-debuginfo-21.2.4-150400.68.18.1 * Mesa-libd3d-devel-21.2.4-150400.68.18.1 * Mesa-libd3d-debuginfo-21.2.4-150400.68.18.1 * Mesa-vulkan-device-select-debuginfo-21.2.4-150400.68.18.1 * Mesa-vulkan-overlay-debuginfo-21.2.4-150400.68.18.1 * Mesa-libVulkan-devel-21.2.4-150400.68.18.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64 i586) * libvdpau_nouveau-debuginfo-21.2.4-150400.68.18.1 * libvdpau_r300-debuginfo-21.2.4-150400.68.18.1 * Mesa-libva-debuginfo-21.2.4-150400.68.18.1 * libXvMC_nouveau-21.2.4-150400.68.18.1 * Mesa-libOpenCL-21.2.4-150400.68.18.1 * libvdpau_radeonsi-21.2.4-150400.68.18.1 * Mesa-libva-21.2.4-150400.68.18.1 * libXvMC_r600-21.2.4-150400.68.18.1 * Mesa-libOpenCL-debuginfo-21.2.4-150400.68.18.1 * Mesa-dri-nouveau-21.2.4-150400.68.18.1 * libxatracker2-1.0.0-150400.68.18.1 * libvdpau_radeonsi-debuginfo-21.2.4-150400.68.18.1 * libXvMC_nouveau-debuginfo-21.2.4-150400.68.18.1 * libxatracker2-debuginfo-1.0.0-150400.68.18.1 * libvdpau_r300-21.2.4-150400.68.18.1 * libvdpau_r600-debuginfo-21.2.4-150400.68.18.1 * Mesa-dri-nouveau-debuginfo-21.2.4-150400.68.18.1 * libvdpau_nouveau-21.2.4-150400.68.18.1 * libXvMC_r600-debuginfo-21.2.4-150400.68.18.1 * Mesa-gallium-debuginfo-21.2.4-150400.68.18.1 * Mesa-gallium-21.2.4-150400.68.18.1 * libvdpau_r600-21.2.4-150400.68.18.1 * libxatracker-devel-1.0.0-150400.68.18.1 * openSUSE Leap 15.4 (x86_64) * Mesa-vulkan-overlay-32bit-21.2.4-150400.68.18.1 * libOSMesa-devel-32bit-21.2.4-150400.68.18.1 * libvdpau_r600-32bit-21.2.4-150400.68.18.1 * Mesa-gallium-32bit-21.2.4-150400.68.18.1 * Mesa-libGLESv2-devel-32bit-21.2.4-150400.68.18.1 * Mesa-libGL1-32bit-debuginfo-21.2.4-150400.68.18.1 * libvulkan_intel-32bit-21.2.4-150400.68.18.1 * libXvMC_r600-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libd3d-32bit-21.2.4-150400.68.18.1 * libvdpau_r300-32bit-21.2.4-150400.68.18.1 * Mesa-dri-32bit-debuginfo-21.2.4-150400.68.18.1 * libvulkan_radeon-32bit-21.2.4-150400.68.18.1 * Mesa-gallium-32bit-debuginfo-21.2.4-150400.68.18.1 * libvdpau_r600-32bit-debuginfo-21.2.4-150400.68.18.1 * libXvMC_nouveau-32bit-debuginfo-21.2.4-150400.68.18.1 * libvdpau_r300-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-vulkan-device-select-32bit-debuginfo-21.2.4-150400.68.18.1 * libgbm1-32bit-21.2.4-150400.68.18.1 * Mesa-libd3d-devel-32bit-21.2.4-150400.68.18.1 * libvdpau_nouveau-32bit-21.2.4-150400.68.18.1 * Mesa-libEGL1-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libglapi0-32bit-21.2.4-150400.68.18.1 * libOSMesa8-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libglapi0-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libGL1-32bit-21.2.4-150400.68.18.1 * libXvMC_nouveau-32bit-21.2.4-150400.68.18.1 * libvdpau_radeonsi-32bit-21.2.4-150400.68.18.1 * libOSMesa8-32bit-21.2.4-150400.68.18.1 * libXvMC_r600-32bit-21.2.4-150400.68.18.1 * Mesa-vulkan-device-select-32bit-21.2.4-150400.68.18.1 * libvulkan_intel-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libglapi-devel-32bit-21.2.4-150400.68.18.1 * Mesa-dri-32bit-21.2.4-150400.68.18.1 * Mesa-vulkan-overlay-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libGLESv1_CM-devel-32bit-21.2.4-150400.68.18.1 * libgbm1-32bit-debuginfo-21.2.4-150400.68.18.1 * libgbm-devel-32bit-21.2.4-150400.68.18.1 * Mesa-libEGL1-32bit-21.2.4-150400.68.18.1 * Mesa-32bit-21.2.4-150400.68.18.1 * libvdpau_radeonsi-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libEGL-devel-32bit-21.2.4-150400.68.18.1 * Mesa-libd3d-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libGL-devel-32bit-21.2.4-150400.68.18.1 * Mesa-dri-nouveau-32bit-debuginfo-21.2.4-150400.68.18.1 * libvulkan_radeon-32bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-dri-nouveau-32bit-21.2.4-150400.68.18.1 * libvdpau_nouveau-32bit-debuginfo-21.2.4-150400.68.18.1 * openSUSE Leap 15.4 (x86_64 i586) * libvulkan_intel-debuginfo-21.2.4-150400.68.18.1 * libvulkan_intel-21.2.4-150400.68.18.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * Mesa-libGLESv1_CM-devel-21.2.4-150400.68.18.1 * Mesa-libGL-devel-21.2.4-150400.68.18.1 * Mesa-libglapi0-debuginfo-21.2.4-150400.68.18.1 * libOSMesa8-21.2.4-150400.68.18.1 * Mesa-dri-21.2.4-150400.68.18.1 * Mesa-debugsource-21.2.4-150400.68.18.1 * Mesa-dri-debuginfo-21.2.4-150400.68.18.1 * Mesa-21.2.4-150400.68.18.1 * Mesa-libGLESv2-devel-21.2.4-150400.68.18.1 * Mesa-devel-21.2.4-150400.68.18.1 * libOSMesa-devel-21.2.4-150400.68.18.1 * Mesa-libEGL1-debuginfo-21.2.4-150400.68.18.1 * Mesa-libglapi0-21.2.4-150400.68.18.1 * Mesa-libglapi-devel-21.2.4-150400.68.18.1 * Mesa-libEGL1-21.2.4-150400.68.18.1 * Mesa-dri-devel-21.2.4-150400.68.18.1 * libOSMesa8-debuginfo-21.2.4-150400.68.18.1 * Mesa-libGL1-debuginfo-21.2.4-150400.68.18.1 * libgbm1-debuginfo-21.2.4-150400.68.18.1 * Mesa-libGLESv3-devel-21.2.4-150400.68.18.1 * Mesa-libEGL-devel-21.2.4-150400.68.18.1 * libgbm-devel-21.2.4-150400.68.18.1 * Mesa-libGL1-21.2.4-150400.68.18.1 * libgbm1-21.2.4-150400.68.18.1 * Mesa-drivers-debugsource-21.2.4-150400.68.18.1 * Mesa-KHR-devel-21.2.4-150400.68.18.1 * openSUSE Leap 15.4 (aarch64_ilp32) * Mesa-libd3d-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-dri-vc4-64bit-21.2.4-150400.68.18.1 * Mesa-vulkan-device-select-64bit-21.2.4-150400.68.18.1 * Mesa-vulkan-device-select-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libGL1-64bit-21.2.4-150400.68.18.1 * Mesa-libglapi-devel-64bit-21.2.4-150400.68.18.1 * libOSMesa8-64bit-21.2.4-150400.68.18.1 * libvdpau_nouveau-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-gallium-64bit-debuginfo-21.2.4-150400.68.18.1 * libXvMC_r600-64bit-21.2.4-150400.68.18.1 * Mesa-dri-nouveau-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-dri-vc4-64bit-debuginfo-21.2.4-150400.68.18.1 * libgbm1-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libEGL1-64bit-21.2.4-150400.68.18.1 * Mesa-dri-nouveau-64bit-21.2.4-150400.68.18.1 * libvdpau_r600-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libGL-devel-64bit-21.2.4-150400.68.18.1 * libvdpau_r300-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libGL1-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-libd3d-devel-64bit-21.2.4-150400.68.18.1 * libvdpau_nouveau-64bit-21.2.4-150400.68.18.1 * Mesa-libGLESv2-devel-64bit-21.2.4-150400.68.18.1 * libvdpau_r600-64bit-21.2.4-150400.68.18.1 * libvdpau_radeonsi-64bit-21.2.4-150400.68.18.1 * Mesa-gallium-64bit-21.2.4-150400.68.18.1 * Mesa-64bit-21.2.4-150400.68.18.1 * Mesa-libEGL-devel-64bit-21.2.4-150400.68.18.1 * Mesa-libGLESv1_CM-devel-64bit-21.2.4-150400.68.18.1 * Mesa-libglapi0-64bit-21.2.4-150400.68.18.1 * libgbm-devel-64bit-21.2.4-150400.68.18.1 * libXvMC_r600-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-dri-64bit-debuginfo-21.2.4-150400.68.18.1 * libOSMesa-devel-64bit-21.2.4-150400.68.18.1 * Mesa-vulkan-overlay-64bit-21.2.4-150400.68.18.1 * Mesa-dri-64bit-21.2.4-150400.68.18.1 * Mesa-libglapi0-64bit-debuginfo-21.2.4-150400.68.18.1 * libvdpau_r300-64bit-21.2.4-150400.68.18.1 * libvdpau_radeonsi-64bit-debuginfo-21.2.4-150400.68.18.1 * libvulkan_radeon-64bit-debuginfo-21.2.4-150400.68.18.1 * libOSMesa8-64bit-debuginfo-21.2.4-150400.68.18.1 * libXvMC_nouveau-64bit-debuginfo-21.2.4-150400.68.18.1 * Mesa-vulkan-overlay-64bit-debuginfo-21.2.4-150400.68.18.1 * libvulkan_radeon-64bit-21.2.4-150400.68.18.1 * libgbm1-64bit-21.2.4-150400.68.18.1 * libXvMC_nouveau-64bit-21.2.4-150400.68.18.1 * Mesa-libd3d-64bit-21.2.4-150400.68.18.1 * Mesa-libEGL1-64bit-debuginfo-21.2.4-150400.68.18.1 * openSUSE Leap 15.4 (aarch64) * Mesa-dri-vc4-21.2.4-150400.68.18.1 * Mesa-dri-vc4-debuginfo-21.2.4-150400.68.18.1 * libvulkan_freedreno-21.2.4-150400.68.18.1 * libvulkan_broadcom-21.2.4-150400.68.18.1 * libvulkan_broadcom-debuginfo-21.2.4-150400.68.18.1 * libvulkan_freedreno-debuginfo-21.2.4-150400.68.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libgbm1-21.2.4-150400.68.18.1 * libgbm1-debuginfo-21.2.4-150400.68.18.1 * Mesa-debugsource-21.2.4-150400.68.18.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libgbm1-21.2.4-150400.68.18.1 * libgbm1-debuginfo-21.2.4-150400.68.18.1 * Mesa-debugsource-21.2.4-150400.68.18.1 * Basesystem Module 15-SP7 (x86_64) * Mesa-libVulkan-devel-21.2.4-150400.68.18.1 * Mesa-drivers-debugsource-21.2.4-150400.68.18.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libXvMC_nouveau-debuginfo-21.2.4-150400.68.18.1 * libXvMC_nouveau-21.2.4-150400.68.18.1 * Mesa-drivers-debugsource-21.2.4-150400.68.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgbm1-21.2.4-150400.68.18.1 * libgbm1-debuginfo-21.2.4-150400.68.18.1 * Mesa-debugsource-21.2.4-150400.68.18.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgbm1-21.2.4-150400.68.18.1 * libgbm1-debuginfo-21.2.4-150400.68.18.1 * Mesa-debugsource-21.2.4-150400.68.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40393.html * https://bugzilla.suse.com/show_bug.cgi?id=1261998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:30:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:30:41 -0000 Subject: SUSE-SU-2026:1835-1: moderate: Security update for Mesa Message-ID: <177868984139.1208.11260599103342428735@e3afc95ed2e8> # Security update for Mesa Announcement ID: SUSE-SU-2026:1835-1 Release Date: 2026-05-12T16:18:06Z Rating: moderate References: * bsc#1261998 Cross-References: * CVE-2026-40393 CVSS scores: * CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40393 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for Mesa fixes the following issue: * CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1835=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1835=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1835=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * Mesa-drivers-debugsource-22.3.5-150500.77.8.1 * libOSMesa-devel-22.3.5-150500.77.8.1 * Mesa-debugsource-22.3.5-150500.77.8.1 * Mesa-dri-debuginfo-22.3.5-150500.77.8.1 * Mesa-libEGL1-22.3.5-150500.77.8.1 * Mesa-libEGL-devel-22.3.5-150500.77.8.1 * libOSMesa8-debuginfo-22.3.5-150500.77.8.1 * libOSMesa8-22.3.5-150500.77.8.1 * libgbm1-22.3.5-150500.77.8.1 * Mesa-dri-22.3.5-150500.77.8.1 * libgbm-devel-22.3.5-150500.77.8.1 * Mesa-libGL-devel-22.3.5-150500.77.8.1 * Mesa-devel-22.3.5-150500.77.8.1 * Mesa-dri-devel-22.3.5-150500.77.8.1 * libgbm1-debuginfo-22.3.5-150500.77.8.1 * Mesa-libGLESv3-devel-22.3.5-150500.77.8.1 * Mesa-KHR-devel-22.3.5-150500.77.8.1 * Mesa-libGLESv1_CM-devel-22.3.5-150500.77.8.1 * Mesa-libGL1-22.3.5-150500.77.8.1 * Mesa-libglapi-devel-22.3.5-150500.77.8.1 * Mesa-libglapi0-22.3.5-150500.77.8.1 * Mesa-libGLESv2-devel-22.3.5-150500.77.8.1 * Mesa-libglapi0-debuginfo-22.3.5-150500.77.8.1 * Mesa-libEGL1-debuginfo-22.3.5-150500.77.8.1 * Mesa-libGL1-debuginfo-22.3.5-150500.77.8.1 * Mesa-22.3.5-150500.77.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * libxatracker-devel-1.0.0-150500.77.8.1 * Mesa-gallium-22.3.5-150500.77.8.1 * Mesa-libOpenCL-22.3.5-150500.77.8.1 * libxatracker2-1.0.0-150500.77.8.1 * libvdpau_nouveau-22.3.5-150500.77.8.1 * libvdpau_nouveau-debuginfo-22.3.5-150500.77.8.1 * libvdpau_virtio_gpu-debuginfo-22.3.5-150500.77.8.1 * libvdpau_radeonsi-22.3.5-150500.77.8.1 * Mesa-gallium-debuginfo-22.3.5-150500.77.8.1 * libvdpau_r600-debuginfo-22.3.5-150500.77.8.1 * Mesa-libOpenCL-debuginfo-22.3.5-150500.77.8.1 * libvdpau_virtio_gpu-22.3.5-150500.77.8.1 * Mesa-dri-nouveau-debuginfo-22.3.5-150500.77.8.1 * libvdpau_r300-debuginfo-22.3.5-150500.77.8.1 * libxatracker2-debuginfo-1.0.0-150500.77.8.1 * libvdpau_r600-22.3.5-150500.77.8.1 * libvdpau_radeonsi-debuginfo-22.3.5-150500.77.8.1 * Mesa-dri-nouveau-22.3.5-150500.77.8.1 * Mesa-libva-22.3.5-150500.77.8.1 * libvdpau_r300-22.3.5-150500.77.8.1 * Mesa-libva-debuginfo-22.3.5-150500.77.8.1 * openSUSE Leap 15.5 (aarch64 x86_64 i586) * Mesa-libd3d-22.3.5-150500.77.8.1 * Mesa-libd3d-devel-22.3.5-150500.77.8.1 * libvulkan_radeon-debuginfo-22.3.5-150500.77.8.1 * Mesa-vulkan-device-select-22.3.5-150500.77.8.1 * Mesa-vulkan-overlay-debuginfo-22.3.5-150500.77.8.1 * Mesa-vulkan-device-select-debuginfo-22.3.5-150500.77.8.1 * libvulkan_radeon-22.3.5-150500.77.8.1 * Mesa-vulkan-overlay-22.3.5-150500.77.8.1 * libvulkan_lvp-22.3.5-150500.77.8.1 * libvulkan_lvp-debuginfo-22.3.5-150500.77.8.1 * Mesa-libd3d-debuginfo-22.3.5-150500.77.8.1 * openSUSE Leap 15.5 (x86_64) * Mesa-libglapi-devel-32bit-22.3.5-150500.77.8.1 * Mesa-vulkan-device-select-32bit-22.3.5-150500.77.8.1 * Mesa-libEGL1-32bit-22.3.5-150500.77.8.1 * Mesa-gallium-32bit-22.3.5-150500.77.8.1 * libvulkan_intel-32bit-22.3.5-150500.77.8.1 * libvdpau_virtio_gpu-32bit-debuginfo-22.3.5-150500.77.8.1 * libvulkan_radeon-32bit-debuginfo-22.3.5-150500.77.8.1 * libOSMesa8-32bit-22.3.5-150500.77.8.1 * Mesa-libd3d-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-dri-32bit-22.3.5-150500.77.8.1 * Mesa-gallium-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libGL-devel-32bit-22.3.5-150500.77.8.1 * libvdpau_virtio_gpu-32bit-22.3.5-150500.77.8.1 * libgbm1-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libd3d-32bit-22.3.5-150500.77.8.1 * Mesa-libglapi0-32bit-debuginfo-22.3.5-150500.77.8.1 * libvdpau_r300-32bit-22.3.5-150500.77.8.1 * libgbm1-32bit-22.3.5-150500.77.8.1 * Mesa-libd3d-devel-32bit-22.3.5-150500.77.8.1 * libvdpau_radeonsi-32bit-debuginfo-22.3.5-150500.77.8.1 * libvdpau_nouveau-32bit-debuginfo-22.3.5-150500.77.8.1 * libvulkan_radeon-32bit-22.3.5-150500.77.8.1 * Mesa-libGL1-32bit-22.3.5-150500.77.8.1 * Mesa-dri-nouveau-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-dri-nouveau-32bit-22.3.5-150500.77.8.1 * libOSMesa-devel-32bit-22.3.5-150500.77.8.1 * Mesa-32bit-22.3.5-150500.77.8.1 * Mesa-dri-32bit-debuginfo-22.3.5-150500.77.8.1 * libvdpau_radeonsi-32bit-22.3.5-150500.77.8.1 * libvdpau_r300-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libEGL1-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libGLESv2-devel-32bit-22.3.5-150500.77.8.1 * libgbm-devel-32bit-22.3.5-150500.77.8.1 * libvulkan_intel-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libGL1-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-vulkan-overlay-32bit-22.3.5-150500.77.8.1 * Mesa-libGLESv1_CM-devel-32bit-22.3.5-150500.77.8.1 * Mesa-libglapi0-32bit-22.3.5-150500.77.8.1 * libvdpau_r600-32bit-22.3.5-150500.77.8.1 * libvdpau_nouveau-32bit-22.3.5-150500.77.8.1 * Mesa-libEGL-devel-32bit-22.3.5-150500.77.8.1 * libvdpau_r600-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-vulkan-device-select-32bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-vulkan-overlay-32bit-debuginfo-22.3.5-150500.77.8.1 * libOSMesa8-32bit-debuginfo-22.3.5-150500.77.8.1 * openSUSE Leap 15.5 (x86_64 i586) * libvulkan_intel-debuginfo-22.3.5-150500.77.8.1 * libvulkan_intel-22.3.5-150500.77.8.1 * openSUSE Leap 15.5 (aarch64_ilp32) * Mesa-libglapi0-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-dri-vc4-64bit-debuginfo-22.3.5-150500.77.8.1 * libgbm-devel-64bit-22.3.5-150500.77.8.1 * Mesa-libd3d-64bit-22.3.5-150500.77.8.1 * libgbm1-64bit-22.3.5-150500.77.8.1 * Mesa-vulkan-overlay-64bit-22.3.5-150500.77.8.1 * libvdpau_nouveau-64bit-debuginfo-22.3.5-150500.77.8.1 * libvdpau_r600-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-dri-nouveau-64bit-debuginfo-22.3.5-150500.77.8.1 * libvdpau_radeonsi-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-vulkan-device-select-64bit-debuginfo-22.3.5-150500.77.8.1 * libvdpau_radeonsi-64bit-22.3.5-150500.77.8.1 * Mesa-dri-64bit-22.3.5-150500.77.8.1 * Mesa-libd3d-devel-64bit-22.3.5-150500.77.8.1 * Mesa-libEGL-devel-64bit-22.3.5-150500.77.8.1 * libvulkan_radeon-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-vulkan-overlay-64bit-debuginfo-22.3.5-150500.77.8.1 * libvdpau_nouveau-64bit-22.3.5-150500.77.8.1 * Mesa-libGL1-64bit-22.3.5-150500.77.8.1 * Mesa-libGLESv2-devel-64bit-22.3.5-150500.77.8.1 * libOSMesa8-64bit-22.3.5-150500.77.8.1 * Mesa-64bit-22.3.5-150500.77.8.1 * Mesa-dri-64bit-debuginfo-22.3.5-150500.77.8.1 * libvdpau_r300-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libd3d-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-gallium-64bit-debuginfo-22.3.5-150500.77.8.1 * libvdpau_r600-64bit-22.3.5-150500.77.8.1 * Mesa-libglapi-devel-64bit-22.3.5-150500.77.8.1 * Mesa-gallium-64bit-22.3.5-150500.77.8.1 * libOSMesa8-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libglapi0-64bit-22.3.5-150500.77.8.1 * Mesa-dri-vc4-64bit-22.3.5-150500.77.8.1 * Mesa-libEGL1-64bit-debuginfo-22.3.5-150500.77.8.1 * libvulkan_radeon-64bit-22.3.5-150500.77.8.1 * libgbm1-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libGL1-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libGLESv1_CM-devel-64bit-22.3.5-150500.77.8.1 * Mesa-dri-nouveau-64bit-22.3.5-150500.77.8.1 * libvdpau_virtio_gpu-64bit-debuginfo-22.3.5-150500.77.8.1 * Mesa-libEGL1-64bit-22.3.5-150500.77.8.1 * libOSMesa-devel-64bit-22.3.5-150500.77.8.1 * Mesa-libGL-devel-64bit-22.3.5-150500.77.8.1 * libvdpau_r300-64bit-22.3.5-150500.77.8.1 * Mesa-vulkan-device-select-64bit-22.3.5-150500.77.8.1 * libvdpau_virtio_gpu-64bit-22.3.5-150500.77.8.1 * openSUSE Leap 15.5 (aarch64) * libvulkan_freedreno-debuginfo-22.3.5-150500.77.8.1 * Mesa-dri-vc4-22.3.5-150500.77.8.1 * libvulkan_broadcom-debuginfo-22.3.5-150500.77.8.1 * libvulkan_freedreno-22.3.5-150500.77.8.1 * libvulkan_broadcom-22.3.5-150500.77.8.1 * Mesa-dri-vc4-debuginfo-22.3.5-150500.77.8.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * Mesa-drivers-debugsource-22.3.5-150500.77.8.1 * Mesa-libglapi0-22.3.5-150500.77.8.1 * libgbm1-debuginfo-22.3.5-150500.77.8.1 * Mesa-libglapi0-debuginfo-22.3.5-150500.77.8.1 * Mesa-debugsource-22.3.5-150500.77.8.1 * Mesa-dri-debuginfo-22.3.5-150500.77.8.1 * libgbm1-22.3.5-150500.77.8.1 * Mesa-dri-22.3.5-150500.77.8.1 * Mesa-libEGL1-22.3.5-150500.77.8.1 * Mesa-libGL1-22.3.5-150500.77.8.1 * Mesa-libEGL1-debuginfo-22.3.5-150500.77.8.1 * Mesa-libGL1-debuginfo-22.3.5-150500.77.8.1 * Mesa-22.3.5-150500.77.8.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le x86_64) * Mesa-gallium-debuginfo-22.3.5-150500.77.8.1 * Mesa-gallium-22.3.5-150500.77.8.1 * Basesystem Module 15-SP7 (aarch64 ppc64le x86_64) * Mesa-drivers-debugsource-22.3.5-150500.77.8.1 * libvdpau_r300-debuginfo-22.3.5-150500.77.8.1 * libvdpau_r300-22.3.5-150500.77.8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40393.html * https://bugzilla.suse.com/show_bug.cgi?id=1261998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:30:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:30:56 -0000 Subject: SUSE-SU-2026:1830-1: important: Security update for MozillaFirefox Message-ID: <177868985698.1208.7747802121085881217@e3afc95ed2e8> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:1830-1 Release Date: 2026-05-12T12:00:51Z Rating: important References: * bsc#1263110 * bsc#1264378 Cross-References: * CVE-2026-7320 * CVE-2026-7321 * CVE-2026-7322 * CVE-2026-7323 * CVE-2026-8090 * CVE-2026-8091 * CVE-2026-8092 * CVE-2026-8094 CVSS scores: * CVE-2026-7320 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-7321 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-7322 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-7323 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-8090 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8090 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-8091 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8091 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8092 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8094 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8094 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.2 ESR (bsc#1264378,MFSA 2026-41): * CVE-2026-8090: Use-after-free in the DOM: Networking component. * CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2. * CVE-2026-8094: Other issue in the WebRTC component. Updated to Firefox Extended Support Release 140.10.1 ESR (bsc#1263110,MFSA 2026-36): * CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component. * CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. * CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1. * CVE-2026-8091: Incorrect boundary conditions in the Audio/Video: Playback component. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1830=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1830=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-140.10.2-112.313.1 * MozillaFirefox-debugsource-140.10.2-112.313.1 * MozillaFirefox-translations-common-140.10.2-112.313.1 * MozillaFirefox-debuginfo-140.10.2-112.313.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * MozillaFirefox-devel-140.10.2-112.313.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * MozillaFirefox-140.10.2-112.313.1 * MozillaFirefox-debugsource-140.10.2-112.313.1 * MozillaFirefox-translations-common-140.10.2-112.313.1 * MozillaFirefox-debuginfo-140.10.2-112.313.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * MozillaFirefox-devel-140.10.2-112.313.1 ## References: * https://www.suse.com/security/cve/CVE-2026-7320.html * https://www.suse.com/security/cve/CVE-2026-7321.html * https://www.suse.com/security/cve/CVE-2026-7322.html * https://www.suse.com/security/cve/CVE-2026-7323.html * https://www.suse.com/security/cve/CVE-2026-8090.html * https://www.suse.com/security/cve/CVE-2026-8091.html * https://www.suse.com/security/cve/CVE-2026-8092.html * https://www.suse.com/security/cve/CVE-2026-8094.html * https://bugzilla.suse.com/show_bug.cgi?id=1263110 * https://bugzilla.suse.com/show_bug.cgi?id=1264378 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:00 -0000 Subject: SUSE-SU-2026:1829-1: important: Security update for MozillaFirefox Message-ID: <177868986033.1208.14118899726108868431@e3afc95ed2e8> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:1829-1 Release Date: 2026-05-12T12:00:21Z Rating: important References: * bsc#1263110 Cross-References: * CVE-2026-7320 * CVE-2026-7321 * CVE-2026-7322 * CVE-2026-7323 CVSS scores: * CVE-2026-7320 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-7321 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-7322 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-7323 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.1 ESR (bsc#1263110,MFSA 2026-36): * CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component. * CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. * CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1829=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1829=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1829=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1829=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1829=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1829=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1829=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1829=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1829=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1829=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1829=1 ## Package List: * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * Desktop Applications Module 15-SP7 (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * MozillaFirefox-debugsource-140.10.1-150200.152.234.1 * MozillaFirefox-140.10.1-150200.152.234.1 * MozillaFirefox-translations-other-140.10.1-150200.152.234.1 * MozillaFirefox-debuginfo-140.10.1-150200.152.234.1 * MozillaFirefox-translations-common-140.10.1-150200.152.234.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * MozillaFirefox-devel-140.10.1-150200.152.234.1 ## References: * https://www.suse.com/security/cve/CVE-2026-7320.html * https://www.suse.com/security/cve/CVE-2026-7321.html * https://www.suse.com/security/cve/CVE-2026-7322.html * https://www.suse.com/security/cve/CVE-2026-7323.html * https://bugzilla.suse.com/show_bug.cgi?id=1263110 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:03 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:03 -0000 Subject: SUSE-SU-2026:1828-1: important: Security update for dnsmasq Message-ID: <177868986343.1208.9578535771484549280@e3afc95ed2e8> # Security update for dnsmasq Announcement ID: SUSE-SU-2026:1828-1 Release Date: 2026-05-12T09:07:07Z Rating: important References: * bsc#1258251 Cross-References: * CVE-2026-2291 CVSS scores: * CVE-2026-2291 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for dnsmasq fixes the following issue: * CVE-2026-2291: VU#471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect (bsc#1258251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1828=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1828=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.90-150100.7.34.1 * dnsmasq-debugsource-2.90-150100.7.34.1 * dnsmasq-2.90-150100.7.34.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.90-150100.7.34.1 * dnsmasq-debugsource-2.90-150100.7.34.1 * dnsmasq-2.90-150100.7.34.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2291.html * https://bugzilla.suse.com/show_bug.cgi?id=1258251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:06 -0000 Subject: SUSE-SU-2026:1827-1: important: Security update for dnsmasq Message-ID: <177868986654.1208.8899127811274184958@e3afc95ed2e8> # Security update for dnsmasq Announcement ID: SUSE-SU-2026:1827-1 Release Date: 2026-05-12T09:06:53Z Rating: important References: * bsc#1258251 Cross-References: * CVE-2026-2291 CVSS scores: * CVE-2026-2291 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for dnsmasq fixes the following issue: * CVE-2026-2291: VU#471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect (bsc#1258251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1827=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1827=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1827=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1827=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1827=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1827=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1827=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1827=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1827=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1827=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1827=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1827=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1827=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1827=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1827=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1827=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1827=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1827=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * dnsmasq-utils-debuginfo-2.90-150400.16.9.1 * dnsmasq-utils-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * dnsmasq-utils-debuginfo-2.90-150400.16.9.1 * dnsmasq-utils-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * dnsmasq-debuginfo-2.90-150400.16.9.1 * dnsmasq-2.90-150400.16.9.1 * dnsmasq-debugsource-2.90-150400.16.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2291.html * https://bugzilla.suse.com/show_bug.cgi?id=1258251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:09 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:09 -0000 Subject: SUSE-SU-2026:1826-1: important: Security update for dnsmasq Message-ID: <177868986984.1208.16306897853304686107@e3afc95ed2e8> # Security update for dnsmasq Announcement ID: SUSE-SU-2026:1826-1 Release Date: 2026-05-12T09:04:35Z Rating: important References: * bsc#1258251 Cross-References: * CVE-2026-2291 CVSS scores: * CVE-2026-2291 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for dnsmasq fixes the following issue: * CVE-2026-2291: VU#471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect (bsc#1258251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1826=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1826=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * dnsmasq-debugsource-2.78-18.24.1 * dnsmasq-2.78-18.24.1 * dnsmasq-debuginfo-2.78-18.24.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * dnsmasq-debugsource-2.78-18.24.1 * dnsmasq-2.78-18.24.1 * dnsmasq-debuginfo-2.78-18.24.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2291.html * https://bugzilla.suse.com/show_bug.cgi?id=1258251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:12 -0000 Subject: SUSE-SU-2026:1821-1: moderate: Security update for NetworkManager Message-ID: <177868987294.1208.771182183728497084@e3afc95ed2e8> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:1821-1 Release Date: 2026-05-12T08:00:19Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issue: * CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1821=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libnm0-debuginfo-1.32.12-150400.3.3.1 * NetworkManager-1.32.12-150400.3.3.1 * typelib-1_0-NM-1_0-1.32.12-150400.3.3.1 * libnm0-1.32.12-150400.3.3.1 * NetworkManager-debugsource-1.32.12-150400.3.3.1 * NetworkManager-debuginfo-1.32.12-150400.3.3.1 * NetworkManager-devel-1.32.12-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * NetworkManager-branding-upstream-1.32.12-150400.3.3.1 * NetworkManager-lang-1.32.12-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * NetworkManager-devel-32bit-1.32.12-150400.3.3.1 * libnm0-32bit-1.32.12-150400.3.3.1 * libnm0-32bit-debuginfo-1.32.12-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libnm0-64bit-1.32.12-150400.3.3.1 * libnm0-64bit-debuginfo-1.32.12-150400.3.3.1 * NetworkManager-devel-64bit-1.32.12-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:16 -0000 Subject: SUSE-SU-2026:1820-1: important: Security update for python-Mako Message-ID: <177868987626.1208.7700131131331346288@e3afc95ed2e8> # Security update for python-Mako Announcement ID: SUSE-SU-2026:1820-1 Release Date: 2026-05-12T08:00:01Z Rating: important References: * bsc#1262716 Cross-References: * CVE-2026-41205 CVSS scores: * CVE-2026-41205 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41205 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-41205 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41205 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-Mako fixes the following issue: * CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1820=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1820=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1820=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1820=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1820=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1820=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1820=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1820=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-Mako-1.0.7-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-Mako-1.0.7-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python3-Mako-1.0.7-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python3-Mako-1.0.7-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python3-Mako-1.0.7-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python3-Mako-1.0.7-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-Mako-1.0.7-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python3-Mako-1.0.7-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41205.html * https://bugzilla.suse.com/show_bug.cgi?id=1262716 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:19 -0000 Subject: SUSE-SU-2026:1819-1: important: Security update for python-Mako Message-ID: <177868987935.1208.10774917673021272775@e3afc95ed2e8> # Security update for python-Mako Announcement ID: SUSE-SU-2026:1819-1 Release Date: 2026-05-12T07:59:09Z Rating: important References: * bsc#1262716 Cross-References: * CVE-2026-41205 CVSS scores: * CVE-2026-41205 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41205 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-41205 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41205 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-Mako fixes the following issue: * CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1819=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1819=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1819=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1819=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-Mako-1.3.0-150600.3.3.1 * Python 3 Module 15-SP7 (noarch) * python311-Mako-1.3.0-150600.3.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * python311-Mako-1.3.0-150600.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * python311-Mako-1.3.0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41205.html * https://bugzilla.suse.com/show_bug.cgi?id=1262716 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:30 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:30 -0000 Subject: SUSE-SU-2026:1818-1: important: Security update for python39 Message-ID: <177868989090.1208.16911784036038852501@e3afc95ed2e8> # Security update for python39 Announcement ID: SUSE-SU-2026:1818-1 Release Date: 2026-05-12T07:58:54Z Rating: important References: * bsc#1258364 * bsc#1259989 * bsc#1261969 * bsc#1261970 * bsc#1262098 * bsc#1262319 * bsc#1262654 Cross-References: * CVE-2026-1502 * CVE-2026-3446 * CVE-2026-3479 * CVE-2026-4786 * CVE-2026-6019 * CVE-2026-6100 CVSS scores: * CVE-2026-1502 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1502 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-4786 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6019 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6100 ( NVD ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for python39 fixes the following issues: Security issues fixed: * CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). * CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed (bsc#1261970). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection (bsc#1262319). * CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). * CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory pressure(bsc#1262098). Other updates and bugfixes: * Rewrite structure of Python interpreter packages. `python3*` symbols should be now provided by real python3 packages and its subpackages instead of the virtual provides (bsc#1258364). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1818=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1818=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1818=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python39-dbm-3.9.25-150300.4.106.1 * python39-base-3.9.25-150300.4.106.1 * python39-3.9.25-150300.4.106.1 * libpython3_9-1_0-3.9.25-150300.4.106.1 * python39-curses-3.9.25-150300.4.106.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python39-dbm-3.9.25-150300.4.106.1 * python39-testsuite-3.9.25-150300.4.106.1 * python39-base-3.9.25-150300.4.106.1 * python39-tools-3.9.25-150300.4.106.1 * python39-curses-debuginfo-3.9.25-150300.4.106.1 * python39-core-debugsource-3.9.25-150300.4.106.1 * python39-debuginfo-3.9.25-150300.4.106.1 * python39-testsuite-debuginfo-3.9.25-150300.4.106.1 * python39-tk-debuginfo-3.9.25-150300.4.106.1 * python39-doc-3.9.25-150300.4.106.1 * python39-debugsource-3.9.25-150300.4.106.1 * python39-doc-devhelp-3.9.25-150300.4.106.1 * python39-idle-3.9.25-150300.4.106.1 * python39-dbm-debuginfo-3.9.25-150300.4.106.1 * python39-base-debuginfo-3.9.25-150300.4.106.1 * python39-3.9.25-150300.4.106.1 * python39-devel-3.9.25-150300.4.106.1 * libpython3_9-1_0-debuginfo-3.9.25-150300.4.106.1 * python39-curses-3.9.25-150300.4.106.1 * libpython3_9-1_0-3.9.25-150300.4.106.1 * python39-tk-3.9.25-150300.4.106.1 * openSUSE Leap 15.3 (x86_64) * libpython3_9-1_0-32bit-3.9.25-150300.4.106.1 * python39-32bit-debuginfo-3.9.25-150300.4.106.1 * python39-32bit-3.9.25-150300.4.106.1 * python39-base-32bit-3.9.25-150300.4.106.1 * libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.106.1 * python39-base-32bit-debuginfo-3.9.25-150300.4.106.1 * openSUSE Leap 15.3 (aarch64_ilp32) * python39-64bit-3.9.25-150300.4.106.1 * libpython3_9-1_0-64bit-debuginfo-3.9.25-150300.4.106.1 * libpython3_9-1_0-64bit-3.9.25-150300.4.106.1 * python39-base-64bit-debuginfo-3.9.25-150300.4.106.1 * python39-base-64bit-3.9.25-150300.4.106.1 * python39-64bit-debuginfo-3.9.25-150300.4.106.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python39-dbm-3.9.25-150300.4.106.1 * python39-base-3.9.25-150300.4.106.1 * python39-3.9.25-150300.4.106.1 * python39-curses-3.9.25-150300.4.106.1 * libpython3_9-1_0-3.9.25-150300.4.106.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1502.html * https://www.suse.com/security/cve/CVE-2026-3446.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-4786.html * https://www.suse.com/security/cve/CVE-2026-6019.html * https://www.suse.com/security/cve/CVE-2026-6100.html * https://bugzilla.suse.com/show_bug.cgi?id=1258364 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1261969 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 * https://bugzilla.suse.com/show_bug.cgi?id=1262098 * https://bugzilla.suse.com/show_bug.cgi?id=1262319 * https://bugzilla.suse.com/show_bug.cgi?id=1262654 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:37 -0000 Subject: SUSE-SU-2026:1817-1: important: Security update for mozjs60 Message-ID: <177868989703.1208.7160094939280055453@e3afc95ed2e8> # Security update for mozjs60 Announcement ID: SUSE-SU-2026:1817-1 Release Date: 2026-05-12T07:58:34Z Rating: important References: * bsc#1259713 * bsc#1259728 * bsc#1259731 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs60 fixes the following issues * CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728). * CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713). * CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1817=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1817=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1817=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1817=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1817=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1817=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1817=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1817=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1817=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1817=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1817=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1817=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1817=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1817=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1817=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1817=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * mozjs60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * mozjs60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * mozjs60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * mozjs60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mozjs60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * mozjs60-devel-60.9.0-150200.6.11.1 * libmozjs-60-60.9.0-150200.6.11.1 * libmozjs-60-debuginfo-60.9.0-150200.6.11.1 * mozjs60-debugsource-60.9.0-150200.6.11.1 * mozjs60-debuginfo-60.9.0-150200.6.11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259713 * https://bugzilla.suse.com/show_bug.cgi?id=1259728 * https://bugzilla.suse.com/show_bug.cgi?id=1259731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 16:31:41 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 16:31:41 -0000 Subject: SUSE-SU-2026:1816-1: moderate: Security update for krb5 Message-ID: <177868990148.1208.18244591231217721613@e3afc95ed2e8> # Security update for krb5 Announcement ID: SUSE-SU-2026:1816-1 Release Date: 2026-05-12T07:56:38Z Rating: moderate References: * bsc#1263366 * bsc#1263367 Cross-References: * CVE-2026-40355 * CVE-2026-40356 CVSS scores: * CVE-2026-40355 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40355 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40356 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40356 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves two vulnerabilities can now be installed. ## Description: This update for krb5 fixes the following issues * CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). * CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1816=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1816=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * krb5-plugin-preauth-otp-1.20.1-150500.3.20.1 * krb5-plugin-preauth-spake-1.20.1-150500.3.20.1 * krb5-mini-devel-1.20.1-150500.3.20.1 * krb5-plugin-preauth-spake-debuginfo-1.20.1-150500.3.20.1 * krb5-plugin-preauth-otp-debuginfo-1.20.1-150500.3.20.1 * krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150500.3.20.1 * krb5-client-debuginfo-1.20.1-150500.3.20.1 * krb5-mini-debuginfo-1.20.1-150500.3.20.1 * krb5-devel-1.20.1-150500.3.20.1 * krb5-mini-debugsource-1.20.1-150500.3.20.1 * krb5-debugsource-1.20.1-150500.3.20.1 * krb5-server-debuginfo-1.20.1-150500.3.20.1 * krb5-client-1.20.1-150500.3.20.1 * krb5-mini-1.20.1-150500.3.20.1 * krb5-plugin-kdb-ldap-debuginfo-1.20.1-150500.3.20.1 * krb5-1.20.1-150500.3.20.1 * krb5-plugin-kdb-ldap-1.20.1-150500.3.20.1 * krb5-server-1.20.1-150500.3.20.1 * krb5-plugin-preauth-pkinit-1.20.1-150500.3.20.1 * krb5-debuginfo-1.20.1-150500.3.20.1 * openSUSE Leap 15.5 (x86_64) * krb5-32bit-1.20.1-150500.3.20.1 * krb5-devel-32bit-1.20.1-150500.3.20.1 * krb5-32bit-debuginfo-1.20.1-150500.3.20.1 * openSUSE Leap 15.5 (aarch64_ilp32) * krb5-64bit-debuginfo-1.20.1-150500.3.20.1 * krb5-devel-64bit-1.20.1-150500.3.20.1 * krb5-64bit-1.20.1-150500.3.20.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * krb5-client-1.20.1-150500.3.20.1 * krb5-1.20.1-150500.3.20.1 * krb5-debugsource-1.20.1-150500.3.20.1 * krb5-debuginfo-1.20.1-150500.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40355.html * https://www.suse.com/security/cve/CVE-2026-40356.html * https://bugzilla.suse.com/show_bug.cgi?id=1263366 * https://bugzilla.suse.com/show_bug.cgi?id=1263367 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 20:30:08 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 20:30:08 -0000 Subject: SUSE-SU-2026:1845-1: moderate: Security update for Mesa Message-ID: <177870420843.487.3232950437217863282@810a6c3a3b02> # Security update for Mesa Announcement ID: SUSE-SU-2026:1845-1 Release Date: 2026-05-13T15:26:53Z Rating: moderate References: * bsc#1261998 Cross-References: * CVE-2026-40393 CVSS scores: * CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40393 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for Mesa fixes the following issue: * CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1845=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1845=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1845=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le x86_64) * Mesa-libGL1-debuginfo-24.3.3-150700.93.8.1 * Mesa-libGL1-24.3.3-150700.93.8.1 * libOSMesa8-24.3.3-150700.93.8.1 * Mesa-24.3.3-150700.93.8.1 * libOSMesa-devel-24.3.3-150700.93.8.1 * Mesa-debugsource-24.3.3-150700.93.8.1 * Mesa-libEGL-devel-24.3.3-150700.93.8.1 * Mesa-devel-24.3.3-150700.93.8.1 * libvdpau_virtio_gpu-24.3.3-150700.93.8.1 * libgbm-devel-24.3.3-150700.93.8.1 * Mesa-dri-devel-24.3.3-150700.93.8.1 * libvdpau_r600-24.3.3-150700.93.8.1 * Mesa-libva-24.3.3-150700.93.8.1 * Mesa-libglapi-devel-24.3.3-150700.93.8.1 * Mesa-libGLESv2-devel-24.3.3-150700.93.8.1 * libgbm1-24.3.3-150700.93.8.1 * libOSMesa8-debuginfo-24.3.3-150700.93.8.1 * Mesa-dri-debuginfo-24.3.3-150700.93.8.1 * libxatracker2-debuginfo-1.0.0-150700.93.8.1 * Mesa-libEGL1-debuginfo-24.3.3-150700.93.8.1 * Mesa-dri-24.3.3-150700.93.8.1 * Mesa-libGL-devel-24.3.3-150700.93.8.1 * Mesa-drivers-debugsource-24.3.3-150700.93.8.1 * libxatracker-devel-1.0.0-150700.93.8.1 * Mesa-libGLESv3-devel-24.3.3-150700.93.8.1 * Mesa-libglapi0-debuginfo-24.3.3-150700.93.8.1 * Mesa-libEGL1-24.3.3-150700.93.8.1 * Mesa-KHR-devel-24.3.3-150700.93.8.1 * libgbm1-debuginfo-24.3.3-150700.93.8.1 * Mesa-libGLESv1_CM-devel-24.3.3-150700.93.8.1 * Mesa-gallium-24.3.3-150700.93.8.1 * Mesa-gallium-debuginfo-24.3.3-150700.93.8.1 * libxatracker2-1.0.0-150700.93.8.1 * Mesa-libglapi0-24.3.3-150700.93.8.1 * Basesystem Module 15-SP7 (aarch64 x86_64) * Mesa-vulkan-overlay-debuginfo-24.3.3-150700.93.8.1 * libvulkan_lvp-24.3.3-150700.93.8.1 * Mesa-vulkan-device-select-debuginfo-24.3.3-150700.93.8.1 * libvulkan_radeon-debuginfo-24.3.3-150700.93.8.1 * Mesa-vulkan-overlay-24.3.3-150700.93.8.1 * libvulkan_intel-debuginfo-24.3.3-150700.93.8.1 * Mesa-vulkan-device-select-24.3.3-150700.93.8.1 * libvulkan_intel-24.3.3-150700.93.8.1 * libvulkan_lvp-debuginfo-24.3.3-150700.93.8.1 * libvulkan_radeon-24.3.3-150700.93.8.1 * Basesystem Module 15-SP7 (s390x) * Mesa-libGL1-debuginfo-24.1.7-150700.93.8.1 * Mesa-libglapi0-debuginfo-24.1.7-150700.93.8.1 * Mesa-libGL-devel-24.1.7-150700.93.8.1 * Mesa-dri-24.1.7-150700.93.8.1 * Mesa-dri-debuginfo-24.1.7-150700.93.8.1 * Mesa-libEGL-devel-24.1.7-150700.93.8.1 * libgbm-devel-24.1.7-150700.93.8.1 * Mesa-libGLESv1_CM-devel-24.1.7-150700.93.8.1 * Mesa-libGLESv3-devel-24.1.7-150700.93.8.1 * Mesa-dri-devel-24.1.7-150700.93.8.1 * libOSMesa-devel-24.1.7-150700.93.8.1 * libgbm1-debuginfo-24.1.7-150700.93.8.1 * Mesa-libEGL1-debuginfo-24.1.7-150700.93.8.1 * Mesa-libglapi0-24.1.7-150700.93.8.1 * Mesa-debugsource-24.1.7-150700.93.8.1 * libOSMesa8-debuginfo-24.1.7-150700.93.8.1 * Mesa-libGLESv2-devel-24.1.7-150700.93.8.1 * Mesa-libglapi-devel-24.1.7-150700.93.8.1 * Mesa-24.1.7-150700.93.8.1 * Mesa-libGL1-24.1.7-150700.93.8.1 * Mesa-KHR-devel-24.1.7-150700.93.8.1 * Mesa-devel-24.1.7-150700.93.8.1 * libgbm1-24.1.7-150700.93.8.1 * Mesa-libEGL1-24.1.7-150700.93.8.1 * Mesa-drivers-debugsource-24.1.7-150700.93.8.1 * libOSMesa8-24.1.7-150700.93.8.1 * Basesystem Module 15-SP7 (x86_64) * Mesa-libGL1-32bit-24.3.3-150700.93.8.1 * Mesa-gallium-32bit-24.3.3-150700.93.8.1 * Mesa-libva-32bit-24.3.3-150700.93.8.1 * Mesa-gallium-32bit-debuginfo-24.3.3-150700.93.8.1 * Mesa-libEGL1-32bit-24.3.3-150700.93.8.1 * Mesa-libglapi0-32bit-debuginfo-24.3.3-150700.93.8.1 * libgbm1-32bit-24.3.3-150700.93.8.1 * Mesa-libEGL1-32bit-debuginfo-24.3.3-150700.93.8.1 * Mesa-dri-32bit-24.3.3-150700.93.8.1 * Mesa-dri-32bit-debuginfo-24.3.3-150700.93.8.1 * Mesa-libglapi0-32bit-24.3.3-150700.93.8.1 * Mesa-libGL1-32bit-debuginfo-24.3.3-150700.93.8.1 * libgbm1-32bit-debuginfo-24.3.3-150700.93.8.1 * Mesa-libd3d-24.3.3-150700.93.8.1 * libvdpau_radeonsi-24.3.3-150700.93.8.1 * Mesa-32bit-24.3.3-150700.93.8.1 * Mesa-libd3d-devel-24.3.3-150700.93.8.1 * Mesa-libd3d-debuginfo-24.3.3-150700.93.8.1 * SUSE Package Hub 15 15-SP7 (x86_64) * libOSMesa8-32bit-24.3.3-150700.93.8.1 * libvulkan_intel-32bit-debuginfo-24.3.3-150700.93.8.1 * libvulkan_intel-32bit-24.3.3-150700.93.8.1 * libvulkan_radeon-32bit-24.3.3-150700.93.8.1 * Mesa-vulkan-device-select-32bit-debuginfo-24.3.3-150700.93.8.1 * libvulkan_radeon-32bit-debuginfo-24.3.3-150700.93.8.1 * Mesa-vulkan-device-select-32bit-24.3.3-150700.93.8.1 * libOSMesa8-32bit-debuginfo-24.3.3-150700.93.8.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * Mesa-dri-nouveau-24.3.3-150700.93.8.1 * libvdpau_nouveau-24.3.3-150700.93.8.1 * Mesa-drivers-debugsource-24.3.3-150700.93.8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40393.html * https://bugzilla.suse.com/show_bug.cgi?id=1261998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 20:30:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 20:30:11 -0000 Subject: SUSE-SU-2026:1844-1: moderate: Security update for Mesa Message-ID: <177870421176.487.17603174256340489054@810a6c3a3b02> # Security update for Mesa Announcement ID: SUSE-SU-2026:1844-1 Release Date: 2026-05-13T15:25:16Z Rating: moderate References: * bsc#1261998 Cross-References: * CVE-2026-40393 CVSS scores: * CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40393 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for Mesa fixes the following issue: * CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1844=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * Mesa-18.3.2-14.12.1 * Mesa-libGL1-debuginfo-32bit-18.3.2-14.12.1 * libxatracker2-debuginfo-1.0.0-14.12.1 * Mesa-dri-devel-18.3.2-14.12.1 * Mesa-libd3d-devel-18.3.2-14.12.1 * Mesa-libEGL1-debuginfo-18.3.2-14.12.1 * Mesa-32bit-18.3.2-14.12.1 * Mesa-dri-debuginfo-32bit-18.3.2-14.12.1 * Mesa-libEGL-devel-18.3.2-14.12.1 * libgbm1-18.3.2-14.12.1 * libgbm1-32bit-18.3.2-14.12.1 * Mesa-libglapi0-debuginfo-18.3.2-14.12.1 * Mesa-libEGL1-debuginfo-32bit-18.3.2-14.12.1 * Mesa-libglapi0-32bit-18.3.2-14.12.1 * Mesa-dri-debuginfo-18.3.2-14.12.1 * Mesa-libGLESv3-devel-18.3.2-14.12.1 * Mesa-libEGL1-18.3.2-14.12.1 * Mesa-libGLESv2-2-debuginfo-18.3.2-14.12.1 * Mesa-dri-18.3.2-14.12.1 * Mesa-libglapi-devel-18.3.2-14.12.1 * libxatracker-devel-1.0.0-14.12.1 * Mesa-libGL1-32bit-18.3.2-14.12.1 * libgbm1-debuginfo-18.3.2-14.12.1 * Mesa-libGL-devel-18.3.2-14.12.1 * Mesa-libglapi0-18.3.2-14.12.1 * Mesa-devel-18.3.2-14.12.1 * Mesa-dri-32bit-18.3.2-14.12.1 * libgbm-devel-18.3.2-14.12.1 * Mesa-libGL1-debuginfo-18.3.2-14.12.1 * Mesa-drivers-debugsource-18.3.2-14.12.1 * Mesa-KHR-devel-18.3.2-14.12.1 * Mesa-libGLESv1_CM-devel-18.3.2-14.12.1 * Mesa-libVulkan-devel-18.3.2-14.12.1 * libgbm1-debuginfo-32bit-18.3.2-14.12.1 * Mesa-libGLESv2-devel-18.3.2-14.12.1 * Mesa-libEGL1-32bit-18.3.2-14.12.1 * Mesa-libGLESv2-2-18.3.2-14.12.1 * libOSMesa-devel-18.3.2-14.12.1 * libxatracker2-1.0.0-14.12.1 * Mesa-libGL1-18.3.2-14.12.1 * Mesa-libglapi0-debuginfo-32bit-18.3.2-14.12.1 * Mesa-debugsource-18.3.2-14.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40393.html * https://bugzilla.suse.com/show_bug.cgi?id=1261998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 20:30:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 20:30:21 -0000 Subject: SUSE-SU-2026:1843-1: moderate: Security update for log4j Message-ID: <177870422138.487.2641226581682091985@810a6c3a3b02> # Security update for log4j Announcement ID: SUSE-SU-2026:1843-1 Release Date: 2026-05-13T15:24:58Z Rating: moderate References: * bsc#1262050 * bsc#1262091 * bsc#1262092 * bsc#1262093 Cross-References: * CVE-2026-34477 * CVE-2026-34479 * CVE-2026-34480 * CVE-2026-34481 CVSS scores: * CVE-2026-34477 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2026-34477 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34477 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34479 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34479 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34480 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-34480 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34480 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34481 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34481 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34481 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for log4j fixes the following issues: * CVE-2026-34477: TLS connections vulnerable to interception due to incomplete hostname verification configuration checks (bsc#1262050). * CVE-2026-34479: silent log event loss due to improper XML escaping in `Log4j1XmlLayout` (bsc#1262091). * CVE-2026-34480: silent log event loss due to improper XML escaping in `XmlLayout` (bsc#1262092). * CVE-2026-34481: silent log event loss due to improper serialization of non- finite floating-point values in `JsonTemplateLayout` (bsc#1262093). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1843=1 ## Package List: * Basesystem Module 15-SP7 (noarch) * log4j-jcl-2.20.0-150200.4.33.1 * log4j-javadoc-2.20.0-150200.4.33.1 * log4j-slf4j-2.20.0-150200.4.33.1 * log4j-2.20.0-150200.4.33.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34477.html * https://www.suse.com/security/cve/CVE-2026-34479.html * https://www.suse.com/security/cve/CVE-2026-34480.html * https://www.suse.com/security/cve/CVE-2026-34481.html * https://bugzilla.suse.com/show_bug.cgi?id=1262050 * https://bugzilla.suse.com/show_bug.cgi?id=1262091 * https://bugzilla.suse.com/show_bug.cgi?id=1262092 * https://bugzilla.suse.com/show_bug.cgi?id=1262093 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 20:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 20:30:24 -0000 Subject: SUSE-SU-2026:1842-1: important: Security update for python-Pillow Message-ID: <177870422464.487.11630431203952038818@810a6c3a3b02> # Security update for python-Pillow Announcement ID: SUSE-SU-2026:1842-1 Release Date: 2026-05-13T15:23:59Z Rating: important References: * bsc#1265154 Cross-References: * CVE-2026-42310 CVSS scores: * CVE-2026-42310 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42310 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42310 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issue * CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs (bsc#1265154). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1842=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1842=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python3-Pillow-tk-7.2.0-150300.3.21.1 * python-Pillow-debuginfo-7.2.0-150300.3.21.1 * python3-Pillow-7.2.0-150300.3.21.1 * python-Pillow-debugsource-7.2.0-150300.3.21.1 * python3-Pillow-debuginfo-7.2.0-150300.3.21.1 * python3-Pillow-tk-debuginfo-7.2.0-150300.3.21.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-Pillow-7.2.0-150300.3.21.1 * python-Pillow-debuginfo-7.2.0-150300.3.21.1 * python-Pillow-debugsource-7.2.0-150300.3.21.1 * python3-Pillow-debuginfo-7.2.0-150300.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-42310.html * https://bugzilla.suse.com/show_bug.cgi?id=1265154 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed May 13 20:30:29 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Wed, 13 May 2026 20:30:29 -0000 Subject: SUSE-SU-2026:1840-2: important: Security update for the Linux Kernel Message-ID: <177870422960.487.3478627892125213822@810a6c3a3b02> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1840-2 Release Date: 2026-05-13T15:10:11Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 kernel was updated to fix the following issue: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1840=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * kernel-default-livepatch-6.4.0-150600.23.103.1 * kernel-default-debugsource-6.4.0-150600.23.103.1 * gfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1 * gfs2-kmp-default-6.4.0-150600.23.103.1 * cluster-md-kmp-default-6.4.0-150600.23.103.1 * kernel-obs-qa-6.4.0-150600.23.103.1 * reiserfs-kmp-default-6.4.0-150600.23.103.1 * dlm-kmp-default-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-default-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-default-6.4.0-150600.23.103.1 * kernel-obs-build-6.4.0-150600.23.103.1 * kernel-default-optional-6.4.0-150600.23.103.1 * kselftests-kmp-default-6.4.0-150600.23.103.1 * cluster-md-kmp-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-extra-debuginfo-6.4.0-150600.23.103.1 * kernel-default-devel-6.4.0-150600.23.103.1 * reiserfs-kmp-default-debuginfo-6.4.0-150600.23.103.1 * dlm-kmp-default-6.4.0-150600.23.103.1 * kselftests-kmp-default-debuginfo-6.4.0-150600.23.103.1 * kernel-default-optional-debuginfo-6.4.0-150600.23.103.1 * kernel-default-extra-6.4.0-150600.23.103.1 * kernel-default-devel-debuginfo-6.4.0-150600.23.103.1 * kernel-syms-6.4.0-150600.23.103.1 * kernel-obs-build-debugsource-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (nosrc s390x) * kernel-zfcpdump-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64) * dtb-exynos-6.4.0-150600.23.103.1 * dtb-renesas-6.4.0-150600.23.103.1 * cluster-md-kmp-64kb-6.4.0-150600.23.103.1 * kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * dtb-allwinner-6.4.0-150600.23.103.1 * dtb-arm-6.4.0-150600.23.103.1 * dtb-broadcom-6.4.0-150600.23.103.1 * dtb-amd-6.4.0-150600.23.103.1 * reiserfs-kmp-64kb-6.4.0-150600.23.103.1 * kernel-64kb-debuginfo-6.4.0-150600.23.103.1 * kernel-64kb-devel-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * dtb-mediatek-6.4.0-150600.23.103.1 * dtb-amlogic-6.4.0-150600.23.103.1 * cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * kernel-64kb-optional-6.4.0-150600.23.103.1 * kselftests-kmp-64kb-6.4.0-150600.23.103.1 * kernel-64kb-extra-6.4.0-150600.23.103.1 * dtb-lg-6.4.0-150600.23.103.1 * dtb-qcom-6.4.0-150600.23.103.1 * dtb-rockchip-6.4.0-150600.23.103.1 * kernel-64kb-extra-debuginfo-6.4.0-150600.23.103.1 * gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * ocfs2-kmp-64kb-6.4.0-150600.23.103.1 * dtb-apm-6.4.0-150600.23.103.1 * dtb-freescale-6.4.0-150600.23.103.1 * dtb-cavium-6.4.0-150600.23.103.1 * kernel-64kb-debugsource-6.4.0-150600.23.103.1 * kernel-64kb-devel-6.4.0-150600.23.103.1 * dtb-altera-6.4.0-150600.23.103.1 * dtb-hisilicon-6.4.0-150600.23.103.1 * dtb-xilinx-6.4.0-150600.23.103.1 * kernel-64kb-optional-debuginfo-6.4.0-150600.23.103.1 * dtb-sprd-6.4.0-150600.23.103.1 * dlm-kmp-64kb-6.4.0-150600.23.103.1 * dtb-marvell-6.4.0-150600.23.103.1 * dtb-amazon-6.4.0-150600.23.103.1 * gfs2-kmp-64kb-6.4.0-150600.23.103.1 * dlm-kmp-64kb-debuginfo-6.4.0-150600.23.103.1 * dtb-apple-6.4.0-150600.23.103.1 * dtb-nvidia-6.4.0-150600.23.103.1 * dtb-socionext-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64 nosrc) * kernel-64kb-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (s390x) * kernel-zfcpdump-debuginfo-6.4.0-150600.23.103.1 * kernel-zfcpdump-debugsource-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (nosrc ppc64le x86_64) * kernel-debug-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (ppc64le x86_64) * kernel-debug-devel-6.4.0-150600.23.103.1 * kernel-debug-debugsource-6.4.0-150600.23.103.1 * kernel-debug-debuginfo-6.4.0-150600.23.103.1 * kernel-debug-devel-debuginfo-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-6.4.0-150600.23.103.1 * kernel-kvmsmall-devel-6.4.0-150600.23.103.1 * kernel-kvmsmall-debuginfo-6.4.0-150600.23.103.1 * kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.103.1 * kernel-default-base-6.4.0-150600.23.103.1.150600.12.48.1 * kernel-default-base-rebuild-6.4.0-150600.23.103.1.150600.12.48.1 * openSUSE Leap 15.6 (x86_64) * kernel-default-vdso-debuginfo-6.4.0-150600.23.103.1 * kernel-debug-vdso-6.4.0-150600.23.103.1 * kernel-kvmsmall-vdso-6.4.0-150600.23.103.1 * kernel-debug-vdso-debuginfo-6.4.0-150600.23.103.1 * kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.103.1 * kernel-default-vdso-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (noarch) * kernel-devel-6.4.0-150600.23.103.1 * kernel-source-vanilla-6.4.0-150600.23.103.1 * kernel-docs-html-6.4.0-150600.23.103.1 * kernel-source-6.4.0-150600.23.103.1 * kernel-macros-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (noarch nosrc) * kernel-docs-6.4.0-150600.23.103.1 * openSUSE Leap 15.6 (nosrc) * dtb-aarch64-6.4.0-150600.23.103.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 14 17:31:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 14 May 2026 17:31:45 -0000 Subject: SUSE-SU-2026:1858-1: important: Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise 15 SP7) Message-ID: <177877990573.27.5390626738323631648@ce2cd4b7ee52> # Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1858-1 Release Date: 2026-05-14T15:05:36Z Rating: important References: * bsc#1264459 Cross-References: * CVE-2026-43284 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.40 fixes one security issue The following security issue was fixed: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264459). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1847=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1848=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1854=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1849=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1850=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1856=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1855=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1851=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1852=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1858=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1859=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1860=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1853=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-15-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-11-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-16-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-16-150700.3.1 * kernel-livepatch-6_4_0-150700_7_37-rt-debuginfo-3-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-7-150700.2.1 * kernel-livepatch-6_4_0-150700_7_34-rt-debuginfo-3-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-16-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-7-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_9-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-11-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-16-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-11-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-6-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-16-150700.3.1 * kernel-livepatch-6_4_0-150700_7_8-rt-15-150700.2.1 * kernel-livepatch-6_4_0-150700_7_28-rt-6-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-11-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-11-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_8-debugsource-6-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-8-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_10-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-7-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-5-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-8-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-debuginfo-5-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_11-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_34-rt-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-8-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-6-150700.2.1 * kernel-livepatch-6_4_0-150700_7_40-rt-2-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-16-150700.2.1 * kernel-livepatch-6_4_0-150700_7_28-rt-debuginfo-6-150700.2.1 * kernel-livepatch-6_4_0-150700_7_37-rt-3-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-11-150700.2.1 * kernel-livepatch-6_4_0-150700_7_40-rt-debuginfo-2-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_12-debugsource-2-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-15-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-6-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://bugzilla.suse.com/show_bug.cgi?id=1264459 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu May 14 17:31:49 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Thu, 14 May 2026 17:31:49 -0000 Subject: SUSE-SU-2026:1857-1: important: Security update for the Linux Kernel Message-ID: <177877990959.27.13179155162848003311@ce2cd4b7ee52> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1857-1 Release Date: 2026-05-14T14:41:38Z Rating: important References: * bsc#1264449 Cross-References: * CVE-2026-43284 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one issue * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1857=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1857=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1857=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1857=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1857=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1857=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-1857=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1857=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1857=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1857=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1857=1 ## Package List: * openSUSE Leap 15.4 (aarch64) * dtb-apm-5.14.21-150400.24.209.1 * dtb-nvidia-5.14.21-150400.24.209.1 * kernel-64kb-debuginfo-5.14.21-150400.24.209.1 * kernel-64kb-debugsource-5.14.21-150400.24.209.1 * dtb-allwinner-5.14.21-150400.24.209.1 * dlm-kmp-64kb-5.14.21-150400.24.209.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.209.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.209.1 * dtb-freescale-5.14.21-150400.24.209.1 * dtb-altera-5.14.21-150400.24.209.1 * cluster-md-kmp-64kb-5.14.21-150400.24.209.1 * dtb-socionext-5.14.21-150400.24.209.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.209.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.209.1 * dtb-mediatek-5.14.21-150400.24.209.1 * dtb-exynos-5.14.21-150400.24.209.1 * dtb-broadcom-5.14.21-150400.24.209.1 * dtb-amlogic-5.14.21-150400.24.209.1 * dtb-lg-5.14.21-150400.24.209.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.209.1 * dtb-rockchip-5.14.21-150400.24.209.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.209.1 * dtb-sprd-5.14.21-150400.24.209.1 * kernel-64kb-devel-5.14.21-150400.24.209.1 * kernel-64kb-optional-5.14.21-150400.24.209.1 * kernel-64kb-extra-5.14.21-150400.24.209.1 * dtb-qcom-5.14.21-150400.24.209.1 * dtb-renesas-5.14.21-150400.24.209.1 * kselftests-kmp-64kb-5.14.21-150400.24.209.1 * dtb-apple-5.14.21-150400.24.209.1 * dtb-xilinx-5.14.21-150400.24.209.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.209.1 * ocfs2-kmp-64kb-5.14.21-150400.24.209.1 * dtb-amazon-5.14.21-150400.24.209.1 * dtb-marvell-5.14.21-150400.24.209.1 * reiserfs-kmp-64kb-5.14.21-150400.24.209.1 * dtb-amd-5.14.21-150400.24.209.1 * dtb-arm-5.14.21-150400.24.209.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.209.1 * gfs2-kmp-64kb-5.14.21-150400.24.209.1 * dtb-cavium-5.14.21-150400.24.209.1 * dtb-hisilicon-5.14.21-150400.24.209.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150400.24.209.1 * kernel-default-base-5.14.21-150400.24.209.1.150400.24.106.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.209.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.209.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.209.1 * kernel-default-base-rebuild-5.14.21-150400.24.209.1.150400.24.106.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.209.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.209.1 * gfs2-kmp-default-5.14.21-150400.24.209.1 * kernel-default-optional-5.14.21-150400.24.209.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * reiserfs-kmp-default-5.14.21-150400.24.209.1 * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-livepatch-5.14.21-150400.24.209.1 * kernel-default-extra-5.14.21-150400.24.209.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.209.1 * ocfs2-kmp-default-5.14.21-150400.24.209.1 * kernel-obs-build-debugsource-5.14.21-150400.24.209.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.209.1 * cluster-md-kmp-default-5.14.21-150400.24.209.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.209.1 * kernel-syms-5.14.21-150400.24.209.1 * dlm-kmp-default-5.14.21-150400.24.209.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.209.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.209.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.209.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.209.1 * kernel-obs-qa-5.14.21-150400.24.209.1 * kselftests-kmp-default-5.14.21-150400.24.209.1 * kernel-obs-build-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_209-default-debuginfo-1-150400.9.3.1 * kernel-livepatch-SLE15-SP4_Update_52-debugsource-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_209-default-1-150400.9.3.1 * kernel-default-livepatch-devel-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-5.14.21-150400.24.209.1 * kernel-source-5.14.21-150400.24.209.1 * kernel-docs-html-5.14.21-150400.24.209.1 * kernel-source-vanilla-5.14.21-150400.24.209.1 * kernel-macros-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.209.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.209.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.209.1.150400.24.106.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-source-5.14.21-150400.24.209.1 * kernel-macros-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.209.1.150400.24.106.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-source-5.14.21-150400.24.209.1 * kernel-macros-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * kernel-devel-5.14.21-150400.24.209.1 * kernel-source-5.14.21-150400.24.209.1 * kernel-macros-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * kernel-syms-5.14.21-150400.24.209.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-devel-5.14.21-150400.24.209.1 * kernel-default-base-5.14.21-150400.24.209.1.150400.24.106.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.209.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * kernel-obs-build-debugsource-5.14.21-150400.24.209.1 * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-obs-build-5.14.21-150400.24.209.1 * reiserfs-kmp-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64) * kernel-64kb-debuginfo-5.14.21-150400.24.209.1 * kernel-64kb-debugsource-5.14.21-150400.24.209.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.209.1 * kernel-64kb-devel-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.209.1.150400.24.106.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-source-5.14.21-150400.24.209.1 * kernel-macros-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.209.1.150400.24.106.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-source-5.14.21-150400.24.209.1 * kernel-macros-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-5.14.21-150400.24.209.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.209.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.209.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.209.1 * gfs2-kmp-default-5.14.21-150400.24.209.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-debuginfo-5.14.21-150400.24.209.1 * ocfs2-kmp-default-5.14.21-150400.24.209.1 * cluster-md-kmp-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64) * kernel-64kb-debuginfo-5.14.21-150400.24.209.1 * kernel-64kb-debugsource-5.14.21-150400.24.209.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.209.1 * kernel-64kb-devel-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * kernel-syms-5.14.21-150400.24.209.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-devel-5.14.21-150400.24.209.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.209.1 * kernel-default-base-5.14.21-150400.24.209.1.150400.24.106.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-obs-build-debugsource-5.14.21-150400.24.209.1 * kernel-obs-build-5.14.21-150400.24.209.1 * reiserfs-kmp-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * kernel-devel-5.14.21-150400.24.209.1 * kernel-source-5.14.21-150400.24.209.1 * kernel-macros-5.14.21-150400.24.209.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.209.1.150400.24.106.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.209.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-devel-5.14.21-150400.24.209.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.209.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-obs-build-debugsource-5.14.21-150400.24.209.1 * kernel-obs-build-5.14.21-150400.24.209.1 * reiserfs-kmp-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * kernel-devel-5.14.21-150400.24.209.1 * kernel-source-5.14.21-150400.24.209.1 * kernel-macros-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc) * kernel-docs-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64) * kernel-64kb-debuginfo-5.14.21-150400.24.209.1 * kernel-64kb-debugsource-5.14.21-150400.24.209.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.209.1 * kernel-64kb-devel-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.209.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * kernel-syms-5.14.21-150400.24.209.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-devel-5.14.21-150400.24.209.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.209.1 * kernel-default-base-5.14.21-150400.24.209.1.150400.24.106.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-obs-build-debugsource-5.14.21-150400.24.209.1 * kernel-obs-build-5.14.21-150400.24.209.1 * reiserfs-kmp-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * kernel-devel-5.14.21-150400.24.209.1 * kernel-source-5.14.21-150400.24.209.1 * kernel-macros-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.209.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_52-debugsource-1-150400.9.3.1 * kernel-default-livepatch-devel-5.14.21-150400.24.209.1 * kernel-livepatch-5_14_21-150400_24_209-default-debuginfo-1-150400.9.3.1 * kernel-default-debugsource-5.14.21-150400.24.209.1 * kernel-default-debuginfo-5.14.21-150400.24.209.1 * kernel-default-livepatch-5.14.21-150400.24.209.1 * kernel-livepatch-5_14_21-150400_24_209-default-1-150400.9.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:30:05 -0000 Subject: SUSE-SU-2026:21615-1: important: Security update for ImageMagick Message-ID: <177883380563.190.12922280575456259534@6562c213d78e> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:21615-1 Release Date: 2026-05-13T09:34:47Z Rating: important References: * bsc#1259528 Cross-References: * CVE-2026-31853 CVSS scores: * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issue * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-740=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.2.0-160000.9.1 * ImageMagick-extra-debuginfo-7.1.2.0-160000.9.1 * ImageMagick-debugsource-7.1.2.0-160000.9.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.2.0-160000.9.1 * libMagickWand-7_Q16HDRI10-7.1.2.0-160000.9.1 * perl-PerlMagick-7.1.2.0-160000.9.1 * perl-PerlMagick-debuginfo-7.1.2.0-160000.9.1 * libMagick++-7_Q16HDRI5-7.1.2.0-160000.9.1 * ImageMagick-7.1.2.0-160000.9.1 * ImageMagick-extra-7.1.2.0-160000.9.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.2.0-160000.9.1 * libMagick++-devel-7.1.2.0-160000.9.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.2.0-160000.9.1 * ImageMagick-devel-7.1.2.0-160000.9.1 * libMagickCore-7_Q16HDRI10-7.1.2.0-160000.9.1 * SUSE Linux Enterprise Server 16.0 (noarch) * ImageMagick-config-7-upstream-open-7.1.2.0-160000.9.1 * ImageMagick-config-7-upstream-secure-7.1.2.0-160000.9.1 * ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.9.1 * ImageMagick-config-7-SUSE-7.1.2.0-160000.9.1 * ImageMagick-config-7-upstream-limited-7.1.2.0-160000.9.1 * ImageMagick-doc-7.1.2.0-160000.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31853.html * https://bugzilla.suse.com/show_bug.cgi?id=1259528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:30:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:30:48 -0000 Subject: SUSE-SU-2026:21612-1: critical: Security update for php8 Message-ID: <177883384838.190.8988210692187308712@6562c213d78e> # Security update for php8 Announcement ID: SUSE-SU-2026:21612-1 Release Date: 2026-05-13T07:57:49Z Rating: critical References: * bsc#1264769 * bsc#1264770 * bsc#1264771 * bsc#1264772 * bsc#1264773 * bsc#1264774 * bsc#1264775 * bsc#1264776 * bsc#1264777 * bsc#1264778 Cross-References: * CVE-2025-14179 * CVE-2026-6104 * CVE-2026-6722 * CVE-2026-6735 * CVE-2026-7258 * CVE-2026-7259 * CVE-2026-7261 * CVE-2026-7262 * CVE-2026-7263 * CVE-2026-7568 CVSS scores: * CVE-2025-14179 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-14179 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-14179 ( NVD ): 7.4 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:Amber * CVE-2025-14179 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6104 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-6104 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-6104 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Amber * CVE-2026-6104 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-6722 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-6722 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6722 ( NVD ): 9.5 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:Red * CVE-2026-6722 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6735 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-6735 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6735 ( NVD ): 7.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:L/U:Amber * CVE-2026-6735 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-7258 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-7258 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-7258 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber * CVE-2026-7258 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-7259 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-7259 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-7259 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Amber * CVE-2026-7259 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-7261 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-7261 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-7261 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:M/U:Amber * CVE-2026-7261 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-7262 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-7262 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-7262 ( NVD ): 2.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:Amber * CVE-2026-7262 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-7263 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-7263 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-7263 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:Amber * CVE-2026-7263 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-7568 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-7568 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-7568 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Amber * CVE-2026-7568 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for php8 fixes the following issues * CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection (bsc#1264778). * CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in `mb_convert_encoding()` can lead to information disclosure and denial of service (bsc#1264777). * CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution (bsc#1264776). * CVE-2026-6735: improper validation of the request URI within the PHP-FPM status page can lead to XSS (bsc#1264775). * CVE-2026-7258: signed `char` values passed to `ctype` functions like `isxdigit` can lead to OOB access and denial of service (bsc#1264774). * CVE-2026-7259: NULL pointer dereference in `php_mb_check_encoding()` via `mb_ereg_search_init()` can lead to a denial of service (bsc#1264773). * CVE-2026-7261: use-after-free due to incorrectly handled persistence of handler objects when SOAP_PERSISTENCE_SESSION is configured can lead to memory corruption, information disclosure and process crashes (bsc#1264772). * CVE-2026-7262: NULL pointer dereference caused by mistake in the SOAP decoding process when a typemap is configured can lead to a denial of service (bsc#1264771). * CVE-2026-7263: incorrect processing of XML data in the `DOMNode: C14N()` method can lead to an infinite loop and a denial of service (bsc#1264770). * CVE-2026-7568: integer overflow in the `metaphone` function can lead to undefined behavior and affect the availability of the PHPprocess (bsc#1264769). Other updates: * Updated to 8.4.21. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-738=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-738=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * php8-fastcgi-debuginfo-8.4.21-160000.1.1 * php8-ctype-debuginfo-8.4.21-160000.1.1 * php8-sockets-debuginfo-8.4.21-160000.1.1 * php8-soap-debuginfo-8.4.21-160000.1.1 * php8-readline-debuginfo-8.4.21-160000.1.1 * php8-mysql-debuginfo-8.4.21-160000.1.1 * php8-sodium-debuginfo-8.4.21-160000.1.1 * php8-tidy-debuginfo-8.4.21-160000.1.1 * php8-snmp-8.4.21-160000.1.1 * php8-gmp-debuginfo-8.4.21-160000.1.1 * php8-xsl-debuginfo-8.4.21-160000.1.1 * php8-bz2-debuginfo-8.4.21-160000.1.1 * php8-bcmath-8.4.21-160000.1.1 * php8-tokenizer-debuginfo-8.4.21-160000.1.1 * php8-pcntl-8.4.21-160000.1.1 * php8-shmop-8.4.21-160000.1.1 * php8-fastcgi-8.4.21-160000.1.1 * php8-xmlwriter-8.4.21-160000.1.1 * apache2-mod_php8-8.4.21-160000.1.1 * php8-embed-debuginfo-8.4.21-160000.1.1 * php8-sodium-8.4.21-160000.1.1 * php8-embed-debugsource-8.4.21-160000.1.1 * php8-sqlite-8.4.21-160000.1.1 * php8-sysvmsg-8.4.21-160000.1.1 * php8-openssl-8.4.21-160000.1.1 * php8-phar-debuginfo-8.4.21-160000.1.1 * php8-zip-8.4.21-160000.1.1 * php8-ldap-debuginfo-8.4.21-160000.1.1 * php8-ffi-debuginfo-8.4.21-160000.1.1 * php8-xmlwriter-debuginfo-8.4.21-160000.1.1 * php8-dba-8.4.21-160000.1.1 * php8-gettext-debuginfo-8.4.21-160000.1.1 * php8-iconv-8.4.21-160000.1.1 * php8-opcache-debuginfo-8.4.21-160000.1.1 * php8-phar-8.4.21-160000.1.1 * php8-zlib-debuginfo-8.4.21-160000.1.1 * php8-intl-8.4.21-160000.1.1 * php8-sqlite-debuginfo-8.4.21-160000.1.1 * php8-sysvshm-debuginfo-8.4.21-160000.1.1 * php8-sysvmsg-debuginfo-8.4.21-160000.1.1 * php8-odbc-8.4.21-160000.1.1 * php8-dba-debuginfo-8.4.21-160000.1.1 * php8-debugsource-8.4.21-160000.1.1 * php8-mbstring-8.4.21-160000.1.1 * php8-xsl-8.4.21-160000.1.1 * php8-mysql-8.4.21-160000.1.1 * php8-shmop-debuginfo-8.4.21-160000.1.1 * php8-sockets-8.4.21-160000.1.1 * php8-gmp-8.4.21-160000.1.1 * php8-pdo-debuginfo-8.4.21-160000.1.1 * php8-dom-8.4.21-160000.1.1 * php8-ftp-8.4.21-160000.1.1 * php8-iconv-debuginfo-8.4.21-160000.1.1 * php8-odbc-debuginfo-8.4.21-160000.1.1 * php8-sysvsem-8.4.21-160000.1.1 * php8-readline-8.4.21-160000.1.1 * php8-gettext-8.4.21-160000.1.1 * php8-fastcgi-debugsource-8.4.21-160000.1.1 * php8-zip-debuginfo-8.4.21-160000.1.1 * php8-fpm-debuginfo-8.4.21-160000.1.1 * php8-openssl-debuginfo-8.4.21-160000.1.1 * php8-fileinfo-8.4.21-160000.1.1 * php8-curl-8.4.21-160000.1.1 * php8-ldap-8.4.21-160000.1.1 * php8-enchant-debuginfo-8.4.21-160000.1.1 * php8-calendar-debuginfo-8.4.21-160000.1.1 * php8-xmlreader-8.4.21-160000.1.1 * php8-bcmath-debuginfo-8.4.21-160000.1.1 * php8-pdo-8.4.21-160000.1.1 * php8-fileinfo-debuginfo-8.4.21-160000.1.1 * php8-gd-debuginfo-8.4.21-160000.1.1 * php8-pcntl-debuginfo-8.4.21-160000.1.1 * php8-exif-8.4.21-160000.1.1 * php8-embed-8.4.21-160000.1.1 * php8-fpm-debugsource-8.4.21-160000.1.1 * php8-posix-8.4.21-160000.1.1 * php8-ffi-8.4.21-160000.1.1 * php8-cli-8.4.21-160000.1.1 * php8-curl-debuginfo-8.4.21-160000.1.1 * php8-bz2-8.4.21-160000.1.1 * php8-enchant-8.4.21-160000.1.1 * php8-ftp-debuginfo-8.4.21-160000.1.1 * php8-sysvshm-8.4.21-160000.1.1 * php8-intl-debuginfo-8.4.21-160000.1.1 * php8-ctype-8.4.21-160000.1.1 * php8-sysvsem-debuginfo-8.4.21-160000.1.1 * php8-pgsql-debuginfo-8.4.21-160000.1.1 * apache2-mod_php8-debuginfo-8.4.21-160000.1.1 * php8-zlib-8.4.21-160000.1.1 * php8-dom-debuginfo-8.4.21-160000.1.1 * php8-fpm-8.4.21-160000.1.1 * php8-opcache-8.4.21-160000.1.1 * php8-posix-debuginfo-8.4.21-160000.1.1 * php8-debuginfo-8.4.21-160000.1.1 * php8-calendar-8.4.21-160000.1.1 * php8-devel-8.4.21-160000.1.1 * php8-soap-8.4.21-160000.1.1 * php8-tidy-8.4.21-160000.1.1 * php8-cli-debuginfo-8.4.21-160000.1.1 * php8-tokenizer-8.4.21-160000.1.1 * php8-exif-debuginfo-8.4.21-160000.1.1 * php8-snmp-debuginfo-8.4.21-160000.1.1 * apache2-mod_php8-debugsource-8.4.21-160000.1.1 * php8-8.4.21-160000.1.1 * php8-gd-8.4.21-160000.1.1 * php8-xmlreader-debuginfo-8.4.21-160000.1.1 * php8-mbstring-debuginfo-8.4.21-160000.1.1 * php8-pgsql-8.4.21-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * php8-fpm-apache-8.4.21-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * php8-fastcgi-debuginfo-8.4.21-160000.1.1 * php8-ctype-debuginfo-8.4.21-160000.1.1 * php8-sockets-debuginfo-8.4.21-160000.1.1 * php8-mysql-debuginfo-8.4.21-160000.1.1 * php8-readline-debuginfo-8.4.21-160000.1.1 * php8-soap-debuginfo-8.4.21-160000.1.1 * php8-sodium-debuginfo-8.4.21-160000.1.1 * php8-tidy-debuginfo-8.4.21-160000.1.1 * php8-snmp-8.4.21-160000.1.1 * php8-gmp-debuginfo-8.4.21-160000.1.1 * php8-xsl-debuginfo-8.4.21-160000.1.1 * php8-bz2-debuginfo-8.4.21-160000.1.1 * php8-bcmath-8.4.21-160000.1.1 * php8-tokenizer-debuginfo-8.4.21-160000.1.1 * php8-pcntl-8.4.21-160000.1.1 * php8-shmop-8.4.21-160000.1.1 * php8-fastcgi-8.4.21-160000.1.1 * php8-embed-debuginfo-8.4.21-160000.1.1 * php8-xmlwriter-8.4.21-160000.1.1 * apache2-mod_php8-8.4.21-160000.1.1 * php8-sodium-8.4.21-160000.1.1 * php8-embed-debugsource-8.4.21-160000.1.1 * php8-openssl-8.4.21-160000.1.1 * php8-sqlite-8.4.21-160000.1.1 * php8-sysvmsg-8.4.21-160000.1.1 * php8-phar-debuginfo-8.4.21-160000.1.1 * php8-zip-8.4.21-160000.1.1 * php8-ldap-debuginfo-8.4.21-160000.1.1 * php8-ffi-debuginfo-8.4.21-160000.1.1 * php8-xmlwriter-debuginfo-8.4.21-160000.1.1 * php8-dba-8.4.21-160000.1.1 * php8-gettext-debuginfo-8.4.21-160000.1.1 * php8-iconv-8.4.21-160000.1.1 * php8-opcache-debuginfo-8.4.21-160000.1.1 * php8-phar-8.4.21-160000.1.1 * php8-zlib-debuginfo-8.4.21-160000.1.1 * php8-intl-8.4.21-160000.1.1 * php8-sqlite-debuginfo-8.4.21-160000.1.1 * php8-sysvshm-debuginfo-8.4.21-160000.1.1 * php8-odbc-8.4.21-160000.1.1 * php8-sysvmsg-debuginfo-8.4.21-160000.1.1 * php8-dba-debuginfo-8.4.21-160000.1.1 * php8-debugsource-8.4.21-160000.1.1 * php8-mbstring-8.4.21-160000.1.1 * php8-xsl-8.4.21-160000.1.1 * php8-mysql-8.4.21-160000.1.1 * php8-shmop-debuginfo-8.4.21-160000.1.1 * php8-gmp-8.4.21-160000.1.1 * php8-sockets-8.4.21-160000.1.1 * php8-pdo-debuginfo-8.4.21-160000.1.1 * php8-dom-8.4.21-160000.1.1 * php8-ftp-8.4.21-160000.1.1 * php8-iconv-debuginfo-8.4.21-160000.1.1 * php8-odbc-debuginfo-8.4.21-160000.1.1 * php8-sysvsem-8.4.21-160000.1.1 * php8-readline-8.4.21-160000.1.1 * php8-gettext-8.4.21-160000.1.1 * php8-fastcgi-debugsource-8.4.21-160000.1.1 * php8-zip-debuginfo-8.4.21-160000.1.1 * php8-fpm-debuginfo-8.4.21-160000.1.1 * php8-openssl-debuginfo-8.4.21-160000.1.1 * php8-fileinfo-8.4.21-160000.1.1 * php8-curl-8.4.21-160000.1.1 * php8-ldap-8.4.21-160000.1.1 * php8-enchant-debuginfo-8.4.21-160000.1.1 * php8-calendar-debuginfo-8.4.21-160000.1.1 * php8-xmlreader-8.4.21-160000.1.1 * php8-bcmath-debuginfo-8.4.21-160000.1.1 * php8-pdo-8.4.21-160000.1.1 * php8-fileinfo-debuginfo-8.4.21-160000.1.1 * php8-gd-debuginfo-8.4.21-160000.1.1 * php8-exif-8.4.21-160000.1.1 * php8-pcntl-debuginfo-8.4.21-160000.1.1 * php8-embed-8.4.21-160000.1.1 * php8-fpm-debugsource-8.4.21-160000.1.1 * php8-posix-8.4.21-160000.1.1 * php8-ffi-8.4.21-160000.1.1 * php8-cli-8.4.21-160000.1.1 * php8-curl-debuginfo-8.4.21-160000.1.1 * php8-bz2-8.4.21-160000.1.1 * php8-enchant-8.4.21-160000.1.1 * php8-ftp-debuginfo-8.4.21-160000.1.1 * php8-sysvshm-8.4.21-160000.1.1 * php8-intl-debuginfo-8.4.21-160000.1.1 * php8-ctype-8.4.21-160000.1.1 * php8-sysvsem-debuginfo-8.4.21-160000.1.1 * php8-pgsql-debuginfo-8.4.21-160000.1.1 * apache2-mod_php8-debuginfo-8.4.21-160000.1.1 * php8-zlib-8.4.21-160000.1.1 * php8-dom-debuginfo-8.4.21-160000.1.1 * php8-opcache-8.4.21-160000.1.1 * php8-fpm-8.4.21-160000.1.1 * php8-posix-debuginfo-8.4.21-160000.1.1 * php8-debuginfo-8.4.21-160000.1.1 * php8-calendar-8.4.21-160000.1.1 * php8-devel-8.4.21-160000.1.1 * php8-soap-8.4.21-160000.1.1 * php8-tidy-8.4.21-160000.1.1 * php8-cli-debuginfo-8.4.21-160000.1.1 * php8-tokenizer-8.4.21-160000.1.1 * php8-exif-debuginfo-8.4.21-160000.1.1 * php8-snmp-debuginfo-8.4.21-160000.1.1 * apache2-mod_php8-debugsource-8.4.21-160000.1.1 * php8-8.4.21-160000.1.1 * php8-gd-8.4.21-160000.1.1 * php8-xmlreader-debuginfo-8.4.21-160000.1.1 * php8-mbstring-debuginfo-8.4.21-160000.1.1 * php8-pgsql-8.4.21-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * php8-fpm-apache-8.4.21-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14179.html * https://www.suse.com/security/cve/CVE-2026-6104.html * https://www.suse.com/security/cve/CVE-2026-6722.html * https://www.suse.com/security/cve/CVE-2026-6735.html * https://www.suse.com/security/cve/CVE-2026-7258.html * https://www.suse.com/security/cve/CVE-2026-7259.html * https://www.suse.com/security/cve/CVE-2026-7261.html * https://www.suse.com/security/cve/CVE-2026-7262.html * https://www.suse.com/security/cve/CVE-2026-7263.html * https://www.suse.com/security/cve/CVE-2026-7568.html * https://bugzilla.suse.com/show_bug.cgi?id=1264769 * https://bugzilla.suse.com/show_bug.cgi?id=1264770 * https://bugzilla.suse.com/show_bug.cgi?id=1264771 * https://bugzilla.suse.com/show_bug.cgi?id=1264772 * https://bugzilla.suse.com/show_bug.cgi?id=1264773 * https://bugzilla.suse.com/show_bug.cgi?id=1264774 * https://bugzilla.suse.com/show_bug.cgi?id=1264775 * https://bugzilla.suse.com/show_bug.cgi?id=1264776 * https://bugzilla.suse.com/show_bug.cgi?id=1264777 * https://bugzilla.suse.com/show_bug.cgi?id=1264778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:30:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:30:56 -0000 Subject: SUSE-SU-2026:21610-1: important: Security update for the Linux Kernel Message-ID: <177883385652.190.12922726563459649548@6562c213d78e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21610-1 Release Date: 2026-05-12T14:09:17Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: Dirty Frag fixes: * CVE-2026-43500: supported.conf: drop rxrpc completely (bsc#1264450) * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-734=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-734=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-6.12.0-160000.30.1 * kernel-default-base-6.12.0-160000.30.1.160000.2.11 * kernel-kvmsmall-debuginfo-6.12.0-160000.30.1 * kernel-kvmsmall-debugsource-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (noarch) * kernel-macros-6.12.0-160000.30.1 * kernel-docs-html-6.12.0-160000.30.1 * kernel-devel-6.12.0-160000.30.1 * kernel-source-vanilla-6.12.0-160000.30.1 * kernel-source-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-6.12.0-160000.30.1 * kernel-default-debuginfo-6.12.0-160000.30.1 * kernel-default-devel-6.12.0-160000.30.1 * kernel-default-extra-debuginfo-6.12.0-160000.30.1 * kernel-obs-qa-6.12.0-160000.30.1 * kernel-syms-6.12.0-160000.30.1 * kernel-default-extra-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc x86_64) * kernel-azure-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * kernel-azure-debugsource-6.12.0-160000.30.1 * kernel-azure-extra-6.12.0-160000.30.1 * kernel-azure-devel-6.12.0-160000.30.1 * kernel-azure-extra-debuginfo-6.12.0-160000.30.1 * kernel-azure-debuginfo-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * kernel-default-devel-debuginfo-6.12.0-160000.30.1 * kernel-azure-devel-debuginfo-6.12.0-160000.30.1 * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.30.1 * kernel-default-vdso-6.12.0-160000.30.1 * kernel-azure-vdso-6.12.0-160000.30.1 * kernel-kvmsmall-vdso-6.12.0-160000.30.1 * kernel-azure-vdso-debuginfo-6.12.0-160000.30.1 * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.30.1 * kernel-default-vdso-debuginfo-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (aarch64) * kernel-64kb-devel-6.12.0-160000.30.1 * kernel-64kb-extra-debuginfo-6.12.0-160000.30.1 * kernel-64kb-debugsource-6.12.0-160000.30.1 * kernel-64kb-debuginfo-6.12.0-160000.30.1 * kernel-64kb-extra-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (nosrc s390x) * kernel-zfcpdump-6.12.0-160000.30.1 * SUSE Linux Enterprise Server 16.0 (s390x) * kernel-zfcpdump-debuginfo-6.12.0-160000.30.1 * kernel-zfcpdump-debugsource-6.12.0-160000.30.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * cluster-md-kmp-default-6.12.0-160000.30.1 * kernel-default-debugsource-6.12.0-160000.30.1 * kernel-default-debuginfo-6.12.0-160000.30.1 * cluster-md-kmp-default-debuginfo-6.12.0-160000.30.1 * dlm-kmp-default-debuginfo-6.12.0-160000.30.1 * dlm-kmp-default-6.12.0-160000.30.1 * gfs2-kmp-default-6.12.0-160000.30.1 * gfs2-kmp-default-debuginfo-6.12.0-160000.30.1 * kernel-default-devel-6.12.0-160000.30.1 * kernel-default-extra-debuginfo-6.12.0-160000.30.1 * kernel-default-livepatch-6.12.0-160000.30.1 * kernel-kvmsmall-devel-6.12.0-160000.30.1 * kernel-obs-qa-6.12.0-160000.30.1 * kernel-kvmsmall-debugsource-6.12.0-160000.30.1 * kernel-syms-6.12.0-160000.30.1 * kernel-default-extra-6.12.0-160000.30.1 * kernel-default-base-6.12.0-160000.30.1.160000.2.11 * kernel-kvmsmall-debuginfo-6.12.0-160000.30.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * kernel-macros-6.12.0-160000.30.1 * kernel-docs-html-6.12.0-160000.30.1 * kernel-devel-6.12.0-160000.30.1 * kernel-source-vanilla-6.12.0-160000.30.1 * kernel-source-6.12.0-160000.30.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (nosrc x86_64) * kernel-azure-6.12.0-160000.30.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * kernel-default-devel-debuginfo-6.12.0-160000.30.1 * kernel-azure-devel-debuginfo-6.12.0-160000.30.1 * kernel-azure-debugsource-6.12.0-160000.30.1 * kernel-azure-extra-6.12.0-160000.30.1 * kernel-azure-devel-6.12.0-160000.30.1 * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.30.1 * kernel-default-vdso-6.12.0-160000.30.1 * kernel-azure-vdso-6.12.0-160000.30.1 * kernel-azure-extra-debuginfo-6.12.0-160000.30.1 * kernel-kvmsmall-vdso-6.12.0-160000.30.1 * kernel-azure-vdso-debuginfo-6.12.0-160000.30.1 * kernel-azure-debuginfo-6.12.0-160000.30.1 * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.30.1 * kernel-default-vdso-debuginfo-6.12.0-160000.30.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (nosrc ppc64le x86_64) * kernel-kvmsmall-6.12.0-160000.30.1 * kernel-default-6.12.0-160000.30.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.30.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:31:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:31:01 -0000 Subject: SUSE-SU-2026:21608-1: moderate: Security update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu Message-ID: <177883386111.190.90791078717288577@6562c213d78e> # Security update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu Announcement ID: SUSE-SU-2026:21608-1 Release Date: 2026-05-12T12:36:08Z Rating: moderate References: * bsc#1250399 Cross-References: * CVE-2025-59432 CVSS scores: * CVE-2025-59432 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59432 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2025-59432 ( NVD ): 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven- doxia, mojo-parent, sisu fixes the following issues: Changes in ongres-scram: * Version 3.2 * Fix Timing Attack Vulnerability in SCRAM Authentication (bsc#1250399, CVE-2025-59432) * Updated dependencies and maven plugins * Use central-publishing-maven-plugin to deploy to Maven Central. * Do not create multirelease jar if the only Java 9+ class file is module- info.class Changes in ongres-stringprep: * Do not create multirelease jar if the only Java 9+ class file is module- info.class Changes in plexus-testing: * The build without tests does not need the full junit5; the junit5-minimal (built with ant) is enough Changes in maven: * Upgrade to upstream version 3.9.14 * Bug Fixes * plexus-testing dependencies should be used in test scope * Upgrade to upstream version 3.9.13 * Bug Fixes * Bug: SecDispatcher is managed by legacy Plexus DI * [3.9.x] MavenPluginJavaPrerequisiteChecker: Handle 8/1.8 Java version in ranges as well * Maintenance * Update Maven plugin versions in default-bindings.xml * Migrate to JUnit 5 - avoid using TestCase Changes in maven-doxia: Upgrade to upstream version 2.1.0: * New features and improvements * Distinguish between linebreaks for formatting markup and linebreaks in output * Return SinkEventAttributes instead of super class MutableAttributeSet for filterAttributes * Optionally leave fragments of internal links untouched Support strikethrough for Markdown sink * DOXIA-770: Only escape when necessary * DOXIA-760: Clarify table justification semantics and introduce new "JUSTIFY_DEFAULT" alignment * DOXIA-756: Allow to customize macro execution * DOXIA-759: Support anchors in MarkdownSink * Bug Fixes * MarkdownSink: Fix verbatim inside table cell * Make sure to emit metadata prior everything else * Convert all globally available attributes to HTML5 compliant ones * Html5BaseSink: Convert non-compliant HTML5 attributes to compliant ones * Support "name" attribute in "a" element still in XHTML5 * Never emit Markdown inside HTML context * Use JSoup to convert HTML to XHTML after parsing with Flexmark * DOXIA-764: Strip leading newline after * DOXIA-763: Distinguish between verbatim source and non-source in MarkdownSink * DOXIA-758: Consider emitComments flag in MarkdownSink * DOXIA-757: Don't strip leading "#" from link names * DOXIA-753: Do not end lists with a blank line * DOXIA-751: Linked inline code must be emitted in right order * DOXIA-749: Correctly indent and separate blocks inside list items * DOXIA-750: Properly apply inlines inside HTML blocks * DOXIA-747: Emit headings at beginning of line for Markdown * Documentation updates * Site: Convert APT to Markdown * Improve documentation of supported extensions * (doc) Fix missing references in JavaDocs * Maintenance * Cleanup tests * JUnit Jupiter best practices * Remove commons-lang3 and commons-text dependencies * feat: enable prevent branch protection rules * Cleanup pom, remove redundant dependencies * Drop almost all usages of plexus-utils * Remove not used and outdated clirr-maven-plugin * Enable Github Issues * DOXIA-772: Deprecate Sink.sectionTitle() and sectionTitle_() * DOXIA-754: Clarify method order for nested lists Changes in mojo-parent: * Do not import junit-bom in the parent. This creates unnecessary build cycles with junit5. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-733=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-733=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * maven-doxia-module-xdoc-2.1.0-160000.1.1 * mojo-parent-82-160000.3.1 * maven-javadoc-3.9.14-160000.1.1 * xmvn-mojo-javadoc-4.3.0-160000.3.1 * maven-doxia-javadoc-2.1.0-160000.1.1 * xmvn-install-4.3.0-160000.3.1 * xmvn-resolve-4.3.0-160000.3.1 * xmvn-tools-javadoc-4.3.0-160000.3.1 * sisu-mojos-1.0.0-160000.2.1 * xmvn-core-4.3.0-160000.3.1 * maven-doxia-test-docs-2.1.0-160000.1.1 * ongres-stringprep-javadoc-2.2-160000.3.1 * maven-doxia-sink-api-2.1.0-160000.1.1 * sisu-inject-1.0.0-160000.2.1 * xmvn-parent-4.3.0-160000.3.1 * xmvn-subst-4.3.0-160000.3.1 * maven-doxia-module-apt-2.1.0-160000.1.1 * maven-doxia-module-xhtml5-2.1.0-160000.1.1 * xmvn-mojo-4.3.0-160000.3.1 * xmvn-connector-4.3.0-160000.3.1 * ongres-stringprep-2.2-160000.3.1 * ongres-scram-javadoc-3.2-160000.4.1 * sisu-mojos-javadoc-1.0.0-160000.2.1 * sisu-javadoc-1.0.0-160000.2.1 * maven-doxia-module-fml-2.1.0-160000.1.1 * xmvn-api-4.3.0-160000.3.1 * xmvn-connector-javadoc-4.3.0-160000.3.1 * ongres-scram-3.2-160000.4.1 * ongres-scram-client-3.2-160000.4.1 * sisu-plexus-1.0.0-160000.2.1 * maven-doxia-core-2.1.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * xmvn-4.3.0-160000.3.3 * maven-3.9.14-160000.1.1 * xmvn-minimal-4.3.0-160000.3.3 * maven-lib-3.9.14-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * maven-doxia-module-xdoc-2.1.0-160000.1.1 * mojo-parent-82-160000.3.1 * maven-javadoc-3.9.14-160000.1.1 * xmvn-mojo-javadoc-4.3.0-160000.3.1 * maven-doxia-javadoc-2.1.0-160000.1.1 * xmvn-install-4.3.0-160000.3.1 * xmvn-resolve-4.3.0-160000.3.1 * xmvn-tools-javadoc-4.3.0-160000.3.1 * sisu-mojos-1.0.0-160000.2.1 * xmvn-core-4.3.0-160000.3.1 * maven-doxia-test-docs-2.1.0-160000.1.1 * ongres-stringprep-javadoc-2.2-160000.3.1 * maven-doxia-sink-api-2.1.0-160000.1.1 * sisu-inject-1.0.0-160000.2.1 * xmvn-parent-4.3.0-160000.3.1 * xmvn-subst-4.3.0-160000.3.1 * maven-doxia-module-apt-2.1.0-160000.1.1 * maven-doxia-module-xhtml5-2.1.0-160000.1.1 * xmvn-mojo-4.3.0-160000.3.1 * xmvn-connector-4.3.0-160000.3.1 * ongres-stringprep-2.2-160000.3.1 * ongres-scram-javadoc-3.2-160000.4.1 * sisu-mojos-javadoc-1.0.0-160000.2.1 * sisu-javadoc-1.0.0-160000.2.1 * maven-doxia-module-fml-2.1.0-160000.1.1 * xmvn-api-4.3.0-160000.3.1 * xmvn-connector-javadoc-4.3.0-160000.3.1 * ongres-scram-3.2-160000.4.1 * ongres-scram-client-3.2-160000.4.1 * sisu-plexus-1.0.0-160000.2.1 * maven-doxia-core-2.1.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * xmvn-4.3.0-160000.3.3 * maven-3.9.14-160000.1.1 * xmvn-minimal-4.3.0-160000.3.3 * maven-lib-3.9.14-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59432.html * https://bugzilla.suse.com/show_bug.cgi?id=1250399 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:31:04 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:31:04 -0000 Subject: SUSE-SU-2026:21607-1: moderate: Security update for MozillaFirefox Message-ID: <177883386441.190.2502749158469394504@6562c213d78e> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:21607-1 Release Date: 2026-05-12T10:23:16Z Rating: moderate References: * bsc#1264378 Cross-References: * CVE-2026-8090 * CVE-2026-8091 * CVE-2026-8092 * CVE-2026-8094 CVSS scores: * CVE-2026-8090 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8090 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-8091 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8091 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8092 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8094 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8094 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.2 ESR (bsc#1264378,MFSA 2026-41): * CVE-2026-8090: Use-after-free in the DOM: Networking component. * CVE-2026-8091: Incorrect boundary conditions in the Audio/Video: Playback component. * CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2. * CVE-2026-8094: Other issue in the WebRTC component. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-732=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-732=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le x86_64) * MozillaFirefox-140.10.2-160000.1.1 * MozillaFirefox-debuginfo-140.10.2-160000.1.1 * MozillaFirefox-debugsource-140.10.2-160000.1.1 * MozillaFirefox-translations-common-140.10.2-160000.1.1 * MozillaFirefox-translations-other-140.10.2-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * MozillaFirefox-devel-140.10.2-160000.1.1 * MozillaFirefox-devel-140.10.2-160000.1.2 * SUSE Linux Enterprise Server 16.0 (s390x) * MozillaFirefox-translations-other-140.10.2-160000.1.2 * MozillaFirefox-debugsource-140.10.2-160000.1.2 * MozillaFirefox-debuginfo-140.10.2-160000.1.2 * MozillaFirefox-140.10.2-160000.1.2 * MozillaFirefox-translations-common-140.10.2-160000.1.2 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * MozillaFirefox-140.10.2-160000.1.1 * MozillaFirefox-debuginfo-140.10.2-160000.1.1 * MozillaFirefox-debugsource-140.10.2-160000.1.1 * MozillaFirefox-translations-common-140.10.2-160000.1.1 * MozillaFirefox-translations-other-140.10.2-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * MozillaFirefox-devel-140.10.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-8090.html * https://www.suse.com/security/cve/CVE-2026-8091.html * https://www.suse.com/security/cve/CVE-2026-8092.html * https://www.suse.com/security/cve/CVE-2026-8094.html * https://bugzilla.suse.com/show_bug.cgi?id=1264378 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:31:52 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:31:52 -0000 Subject: SUSE-SU-2026:21603-1: moderate: Security update for python-lxml Message-ID: <177883391295.190.10421075528239589934@6562c213d78e> # Security update for python-lxml Announcement ID: SUSE-SU-2026:21603-1 Release Date: 2026-05-11T10:11:07Z Rating: moderate References: * bsc#1263254 Cross-References: * CVE-2026-41066 CVSS scores: * CVE-2026-41066 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-41066 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-41066 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-lxml fixes the following issue * CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read (bsc#1263254). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-728=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-728=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python313-lxml-devel-5.4.0-160000.3.1 * python313-lxml-5.4.0-160000.3.1 * python-lxml-debugsource-5.4.0-160000.3.1 * python313-lxml-debuginfo-5.4.0-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * python-lxml-doc-5.4.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python313-lxml-devel-5.4.0-160000.3.1 * python313-lxml-5.4.0-160000.3.1 * python-lxml-debugsource-5.4.0-160000.3.1 * python313-lxml-debuginfo-5.4.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * python-lxml-doc-5.4.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41066.html * https://bugzilla.suse.com/show_bug.cgi?id=1263254 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:32:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:32:18 -0000 Subject: SUSE-SU-2026:21599-1: important: Security update for cpp-httplib Message-ID: <177883393897.190.2528187020847300983@6562c213d78e> # Security update for cpp-httplib Announcement ID: SUSE-SU-2026:21599-1 Release Date: 2026-05-08T10:00:52Z Rating: important References: * bsc#1255835 * bsc#1256518 * bsc#1259220 * bsc#1259221 * bsc#1259373 Cross-References: * CVE-2026-21428 * CVE-2026-22776 * CVE-2026-28434 * CVE-2026-28435 * CVE-2026-29076 CVSS scores: * CVE-2026-21428 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-21428 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-21428 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-22776 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22776 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-22776 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-22776 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28434 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-28434 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-28435 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28435 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28435 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29076 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29076 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29076 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for cpp-httplib fixes the following issues * CVE-2026-21428: server-side request forgery via header injection (bsc#1255835). * CVE-2026-22776: unsafe handling of compressed HTTP request can cause a denial of service (bsc#1256518). * CVE-2026-28434: default exception handler may leak e.what() to clients via EXCEPTION_WHAT response header (bsc#1259221). * CVE-2026-28435: payload size limit bypass via gzip decompression in ContentReader (streaming) can lead to denial of service (bsc#1259220). * CVE-2026-29076: denial of service via crafted HTTP POST request (bsc#1259373). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-724=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-724=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libcpp-httplib0_22-debuginfo-0.22.0-160000.5.1 * cpp-httplib-debugsource-0.22.0-160000.5.1 * libcpp-httplib0_22-0.22.0-160000.5.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libcpp-httplib0_22-debuginfo-0.22.0-160000.5.1 * cpp-httplib-debugsource-0.22.0-160000.5.1 * libcpp-httplib0_22-0.22.0-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21428.html * https://www.suse.com/security/cve/CVE-2026-22776.html * https://www.suse.com/security/cve/CVE-2026-28434.html * https://www.suse.com/security/cve/CVE-2026-28435.html * https://www.suse.com/security/cve/CVE-2026-29076.html * https://bugzilla.suse.com/show_bug.cgi?id=1255835 * https://bugzilla.suse.com/show_bug.cgi?id=1256518 * https://bugzilla.suse.com/show_bug.cgi?id=1259220 * https://bugzilla.suse.com/show_bug.cgi?id=1259221 * https://bugzilla.suse.com/show_bug.cgi?id=1259373 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:32:39 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:32:39 -0000 Subject: SUSE-SU-2026:21598-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177883395939.190.14680045496968117613@6562c213d78e> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21598-1 Release Date: 2026-05-08T08:30:42Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-690=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-690=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_8-default-6-160000.1.1 * kernel-livepatch-SLE16_Update_3-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-6-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_8-default-6-160000.1.1 * kernel-livepatch-SLE16_Update_3-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:33:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:33:05 -0000 Subject: SUSE-SU-2026:21596-1: important: Security update for perl-Text-CSV_XS Message-ID: <177883398595.190.10584781996917993204@6562c213d78e> # Security update for perl-Text-CSV_XS Announcement ID: SUSE-SU-2026:21596-1 Release Date: 2026-05-07T16:13:34Z Rating: important References: * bsc#1263690 Cross-References: * CVE-2026-7111 CVSS scores: * CVE-2026-7111 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-7111 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-7111 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for perl-Text-CSV_XS fixes the following issue: * CVE-2026-7111: use-after-free when registered callbacks extend the Perl argument stack may enable type confusion or memory corruption (bsc#1263690). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-722=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-722=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * perl-Text-CSV_XS-1.600.0-160000.3.1 * perl-Text-CSV_XS-debugsource-1.600.0-160000.3.1 * perl-Text-CSV_XS-debuginfo-1.600.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * perl-Text-CSV_XS-1.600.0-160000.3.1 * perl-Text-CSV_XS-debugsource-1.600.0-160000.3.1 * perl-Text-CSV_XS-debuginfo-1.600.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-7111.html * https://bugzilla.suse.com/show_bug.cgi?id=1263690 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:33:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:33:18 -0000 Subject: SUSE-SU-2026:21594-1: important: Security update for the Linux Kernel Message-ID: <177883399856.190.6596631307400279239@6562c213d78e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21594-1 Release Date: 2026-05-12T15:13:15Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: Dirty Frag fixes: * CVE-2026-43500: supported.conf: drop rxrpc completely (bsc#1264450) * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-734=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * kernel-syms-6.12.0-160000.30.1 * kernel-obs-build-6.12.0-160000.30.1 * kernel-obs-build-debugsource-6.12.0-160000.30.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:33:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:33:31 -0000 Subject: SUSE-SU-2026:21593-1: moderate: Security update for openCryptoki Message-ID: <177883401113.190.17835152038221264421@6562c213d78e> # Security update for openCryptoki Announcement ID: SUSE-SU-2026:21593-1 Release Date: 2026-05-07T09:54:18Z Rating: moderate References: * bsc#1262283 * bsc#1263819 * jsc#PED-14609 Cross-References: * CVE-2026-40253 CVSS scores: * CVE-2026-40253 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40253 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability, contains one feature and has one fix can now be installed. ## Description: This update for openCryptoki fixes the following issues Security issue: * CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects (bsc#1262283). Non security issue: * Refactored .spec file to fully support transactional and immutable operating systems (jsc#PED-14609): * Migrated user and group creation (pkcs11, pkcsslotd) from imperative %pre shell commands to declarative systemd-sysusers configuration. * Replaced manual /var directory tracking and %ghost directives with comprehensive systemd-tmpfiles configurations. * Implemented dynamic, architecture-specific tmpfiles.d generation to properly provision hardware-specific token directories (e.g., ccatok, ep11tok, lite, and HSM_MK_CHANGE). * Fixed permissions for /run/opencryptoki within tmpfiles.d to ensure the daemon can successfully drop privileges and bind its communication socket. * Moved 32-bit and 64-bit shared library symlink creation (such as PKCS11_API.so, stdll, and methods) from %post scriptlets into the %install phase, ensuring they are correctly packaged and tracked on the read-only /usr partition. * Removed legacy /etc/pkcs11 bash migration logic from %post, replacing it with a declarative tmpfiles.d symlink rule. * Cleaned up scriptlets to only execute transaction-safe macros (such as ldconfig and systemd service handlers). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-718=1 ## Package List: * SUSE Linux Micro 6.2 (s390x) * openCryptoki-debugsource-3.26.0-160000.2.1 * openCryptoki-3.26.0-160000.2.1 * openCryptoki-debuginfo-3.26.0-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40253.html * https://bugzilla.suse.com/show_bug.cgi?id=1262283 * https://bugzilla.suse.com/show_bug.cgi?id=1263819 * https://jira.suse.com/browse/PED-14609 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:33:53 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:33:53 -0000 Subject: SUSE-SU-2026:21591-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177883403351.190.10309168366053435654@6562c213d78e> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21591-1 Release Date: 2026-05-08T08:30:42Z Rating: important References: * bsc#1252048 * bsc#1258005 * bsc#1258655 * bsc#1259126 * bsc#1261630 * bsc#1261845 * bsc#1263689 Cross-References: * CVE-2025-39977 * CVE-2025-71066 * CVE-2026-23004 * CVE-2026-23204 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-31431 CVSS scores: * CVE-2025-39977 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39977 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1258005). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-690=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_8-default-6-160000.1.1 * kernel-livepatch-SLE16_Update_3-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39977.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1252048 * https://bugzilla.suse.com/show_bug.cgi?id=1258005 * https://bugzilla.suse.com/show_bug.cgi?id=1258655 * https://bugzilla.suse.com/show_bug.cgi?id=1259126 * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1263689 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:33:58 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:33:58 -0000 Subject: SUSE-SU-2026:21590-1: important: Security update for the Linux Kernel Message-ID: <177883403831.190.10651730774433781342@6562c213d78e> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21590-1 Release Date: 2026-05-12T15:13:15Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: Dirty Frag fixes: * CVE-2026-43500: supported.conf: drop rxrpc completely (bsc#1264450) * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-734=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le x86_64) * kernel-default-base-6.12.0-160000.30.1.160000.2.11 * SUSE Linux Micro 6.2 (noarch) * kernel-devel-6.12.0-160000.30.1 * kernel-macros-6.12.0-160000.30.1 * kernel-source-6.12.0-160000.30.1 * SUSE Linux Micro 6.2 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.30.1 * SUSE Linux Micro 6.2 (aarch64) * kernel-64kb-debuginfo-6.12.0-160000.30.1 * kernel-64kb-devel-6.12.0-160000.30.1 * kernel-64kb-debugsource-6.12.0-160000.30.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.30.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-6.12.0-160000.30.1 * kernel-default-debuginfo-6.12.0-160000.30.1 * kernel-default-devel-6.12.0-160000.30.1 * kernel-default-extra-debuginfo-6.12.0-160000.30.1 * kernel-default-extra-6.12.0-160000.30.1 * SUSE Linux Micro 6.2 (aarch64 nosrc x86_64) * kernel-rt-6.12.0-160000.30.1 * SUSE Linux Micro 6.2 (aarch64 x86_64) * kernel-rt-debugsource-6.12.0-160000.30.1 * kernel-rt-debuginfo-6.12.0-160000.30.1 * kernel-rt-devel-6.12.0-160000.30.1 * SUSE Linux Micro 6.2 (x86_64) * kernel-rt-devel-debuginfo-6.12.0-160000.30.1 * kernel-rt-livepatch-6.12.0-160000.30.1 * kernel-default-devel-debuginfo-6.12.0-160000.30.1 * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.30.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:34:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:34:21 -0000 Subject: SUSE-SU-2026:21587-1: moderate: Security update for python-lxml Message-ID: <177883406112.190.4001832126188780072@6562c213d78e> # Security update for python-lxml Announcement ID: SUSE-SU-2026:21587-1 Release Date: 2026-05-11T10:11:11Z Rating: moderate References: * bsc#1263254 Cross-References: * CVE-2026-41066 CVSS scores: * CVE-2026-41066 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-41066 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-41066 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for python-lxml fixes the following issue * CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read (bsc#1263254). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-728=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * python313-lxml-5.4.0-160000.3.1 * python-lxml-debugsource-5.4.0-160000.3.1 * python313-lxml-debuginfo-5.4.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41066.html * https://bugzilla.suse.com/show_bug.cgi?id=1263254 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:34:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:34:47 -0000 Subject: SUSE-SU-2026:21584-1: moderate: Security update for c-ares Message-ID: <177883408784.190.1092424743002814331@6562c213d78e> # Security update for c-ares Announcement ID: SUSE-SU-2026:21584-1 Release Date: 2026-05-07T09:37:18Z Rating: moderate References: * bsc#1254738 Cross-References: * CVE-2025-62408 CVSS scores: * CVE-2025-62408 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-62408 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for c-ares fixes the following issue * CVE-2025-62408: use after free in read_answers() (bsc#1254738). Changes for c-ares: * c-ares 1.35.6: * Ignore Windows IDN Search Domains until proper IDN support is added * Various bug fixes ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-717=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * c-ares-debugsource-1.34.6-160000.1.1 * libcares2-1.34.6-160000.1.1 * libcares2-debuginfo-1.34.6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-62408.html * https://bugzilla.suse.com/show_bug.cgi?id=1254738 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:34:59 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:34:59 -0000 Subject: SUSE-SU-2026:21583-1: low: Security update for cairo Message-ID: <177883409936.190.5689461807742662902@6562c213d78e> # Security update for cairo Announcement ID: SUSE-SU-2026:21583-1 Release Date: 2026-05-07T09:32:34Z Rating: low References: * bsc#1247589 Cross-References: * CVE-2025-50422 CVSS scores: * CVE-2025-50422 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-50422 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-50422 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cairo fixes the following issue: * CVE-2025-50422: Poppler crash on malformed input (bsc#1247589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-716=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libcairo-gobject2-1.18.4-160000.3.1 * libcairo2-1.18.4-160000.3.1 * cairo-debugsource-1.18.4-160000.3.1 * libcairo-gobject2-debuginfo-1.18.4-160000.3.1 * libcairo2-debuginfo-1.18.4-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-50422.html * https://bugzilla.suse.com/show_bug.cgi?id=1247589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:35:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:35:13 -0000 Subject: SUSE-SU-2026:21582-1: low: Security update for iproute2 Message-ID: <177883411351.190.6431071158988557654@6562c213d78e> # Security update for iproute2 Announcement ID: SUSE-SU-2026:21582-1 Release Date: 2026-05-07T07:31:57Z Rating: low References: * bsc#1241316 * bsc#1253044 * bsc#1254324 * jsc#PED-14787 Cross-References: * CVE-2024-58251 CVSS scores: * CVE-2024-58251 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-58251 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2024-58251 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability, contains one feature and has two fixes can now be installed. ## Description: This update for iproute2 fixes the following issues: Security issues fixed: * CVE-2024-58251: terminal lock up via ANSI terminal escape sequence set in `argv[0]` (bsc#1254324). Other updates and bugfixes: * Fix package for immutable mode (jsc#PED-14787). * Add netshaper support (bsc#1253044). * Add follow-up fixes included by upstream after the 6.12 release (bsc#1241316): * Parse FQ band weights correctly * bond: fix stack smash in xstats * ip: support setting multiple features * tc: gred: fix debug print ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-715=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * iproute2-debugsource-6.12-160000.3.1 * iproute2-debuginfo-6.12-160000.3.1 * iproute2-6.12-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-58251.html * https://bugzilla.suse.com/show_bug.cgi?id=1241316 * https://bugzilla.suse.com/show_bug.cgi?id=1253044 * https://bugzilla.suse.com/show_bug.cgi?id=1254324 * https://jira.suse.com/browse/PED-14787 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 08:35:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 08:35:18 -0000 Subject: SUSE-SU-2026:21581-1: moderate: Security update for libtpms Message-ID: <177883411801.190.8168501653721563622@6562c213d78e> # Security update for libtpms Announcement ID: SUSE-SU-2026:21581-1 Release Date: 2026-05-06T18:19:25Z Rating: moderate References: * bsc#1244528 * bsc#1260439 Cross-References: * CVE-2025-49133 * CVE-2026-21444 CVSS scores: * CVE-2025-49133 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21444 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21444 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21444 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for libtpms fixes the following issues: * CVE-2025-49133: Fixed potential out of bounds (OOB) read vulnerability (bsc#1244528). * CVE-2026-21444: Fixed remote data confidentiality compromise via incorrect Initialization Vector (IV) handling (bsc#1260439). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-714=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libtpms-debugsource-0.10.0-160000.5.1 * libtpms0-debuginfo-0.10.0-160000.5.1 * libtpms0-0.10.0-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49133.html * https://www.suse.com/security/cve/CVE-2026-21444.html * https://bugzilla.suse.com/show_bug.cgi?id=1244528 * https://bugzilla.suse.com/show_bug.cgi?id=1260439 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:30:13 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:30:13 -0000 Subject: SUSE-SU-2026:21644-1: important: Security update for the Linux Kernel Message-ID: <177884821383.295.2585114950869856841@21fe1a6c7c8c> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21644-1 Release Date: 2026-05-12T09:35:37Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-kernel-400=1 ## Package List: * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-6.4.0-43.1 * kernel-obs-build-6.4.0-43.1 * kernel-syms-6.4.0-43.1 * SUSE Linux Micro Extras 6.1 (nosrc) * kernel-64kb-6.4.0-43.1 * SUSE Linux Micro Extras 6.1 (aarch64) * kernel-64kb-devel-6.4.0-43.1 * kernel-64kb-debugsource-6.4.0-43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:30:19 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:30:19 -0000 Subject: SUSE-SU-2026:21643-1: important: Security update for the Linux Kernel Message-ID: <177884821902.295.14447976273112206103@21fe1a6c7c8c> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21643-1 Release Date: 2026-05-11T09:32:02Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 RT kernel was updated to fix the following issues: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-kernel-397=1 ## Package List: * SUSE Linux Micro Extras 6.0 (nosrc) * kernel-rt-6.4.0-43.1 * SUSE Linux Micro Extras 6.0 (x86_64) * kernel-rt-devel-6.4.0-43.1 * kernel-rt-debugsource-6.4.0-43.1 * kernel-rt-devel-debuginfo-6.4.0-43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:30:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:30:24 -0000 Subject: SUSE-SU-2026:21642-1: important: Security update for the Linux Kernel Message-ID: <177884822418.295.2785822036712186175@21fe1a6c7c8c> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21642-1 Release Date: 2026-05-12T10:32:52Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-kernel-400=1 ## Package List: * SUSE Linux Micro Extras 6.0 (nosrc) * kernel-64kb-6.4.0-43.1 * kernel-default-6.4.0-43.1 * SUSE Linux Micro Extras 6.0 (aarch64) * kernel-64kb-devel-6.4.0-43.1 * kernel-64kb-debugsource-6.4.0-43.1 * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * kernel-obs-build-6.4.0-43.1 * kernel-default-debugsource-6.4.0-43.1 * kernel-obs-build-debugsource-6.4.0-43.1 * kernel-syms-6.4.0-43.1 * kernel-default-devel-6.4.0-43.1 * SUSE Linux Micro Extras 6.0 (x86_64) * kernel-default-devel-debuginfo-6.4.0-43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:30:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:30:28 -0000 Subject: SUSE-SU-2026:21641-1: moderate: Security update for krb5 Message-ID: <177884822881.295.16316789275354982798@21fe1a6c7c8c> # Security update for krb5 Announcement ID: SUSE-SU-2026:21641-1 Release Date: 2026-05-09T16:16:13Z Rating: moderate References: * bsc#1263366 * bsc#1263367 Cross-References: * CVE-2026-40355 * CVE-2026-40356 CVSS scores: * CVE-2026-40355 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40355 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40356 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40356 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for krb5 fixes the following issues * CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). * CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-701=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * krb5-mini-1.20.1-8.1 * krb5-mini-debugsource-1.20.1-8.1 * krb5-mini-debuginfo-1.20.1-8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40355.html * https://www.suse.com/security/cve/CVE-2026-40356.html * https://bugzilla.suse.com/show_bug.cgi?id=1263366 * https://bugzilla.suse.com/show_bug.cgi?id=1263367 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:30:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:30:45 -0000 Subject: SUSE-SU-2026:21640-1: important: Security update for dnsmasq Message-ID: <177884824533.295.12904674690076272323@21fe1a6c7c8c> # Security update for dnsmasq Announcement ID: SUSE-SU-2026:21640-1 Release Date: 2026-05-13T16:33:13Z Rating: important References: * bsc#1235517 * bsc#1235834 * bsc#1247812 * bsc#1257934 * bsc#1258251 * bsc#1262487 * bsc#1265001 * bsc#1265002 * bsc#1265003 * bsc#1265004 * bsc#1265006 * jsc#PED-266 Cross-References: * CVE-2026-2291 * CVE-2026-4890 * CVE-2026-4891 * CVE-2026-4892 * CVE-2026-4893 * CVE-2026-5172 * CVE-2026-6507 CVSS scores: * CVE-2026-2291 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2291 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-4890 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4891 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-4891 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-4892 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4892 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4893 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-4893 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-5172 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5172 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6507 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-6507 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6507 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities, contains one feature and has four fixes can now be installed. ## Description: This update for dnsmasq fixes the following issues Security issues: * CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect (bsc#1258251). * CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001). * CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002). * CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003). * CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks (bsc#1265004). * CVE-2026-5172: buffer overflow in dnsmasq's extract_addresses() function (bsc#1265006). * CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487). Non security issues: * aardvark-dns upstream tests make dnsmasq dump core (bsc#1247812). * Drop rcFOO symlinks for CODE16 (jsc#PED-266. * libnettle: update to 4.0 breaks dnsmasq and gnutls (bsc#1257934). * unknown user or group: dnsmasq with latest proposed dnsmasq update when doing virsh net-start (bsc#1235517). * Update to security release 2.92rel2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-742=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * dnsmasq-debuginfo-2.92rel2-160000.1.1 * dnsmasq-2.92rel2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2291.html * https://www.suse.com/security/cve/CVE-2026-4890.html * https://www.suse.com/security/cve/CVE-2026-4891.html * https://www.suse.com/security/cve/CVE-2026-4892.html * https://www.suse.com/security/cve/CVE-2026-4893.html * https://www.suse.com/security/cve/CVE-2026-5172.html * https://www.suse.com/security/cve/CVE-2026-6507.html * https://bugzilla.suse.com/show_bug.cgi?id=1235517 * https://bugzilla.suse.com/show_bug.cgi?id=1235834 * https://bugzilla.suse.com/show_bug.cgi?id=1247812 * https://bugzilla.suse.com/show_bug.cgi?id=1257934 * https://bugzilla.suse.com/show_bug.cgi?id=1258251 * https://bugzilla.suse.com/show_bug.cgi?id=1262487 * https://bugzilla.suse.com/show_bug.cgi?id=1265001 * https://bugzilla.suse.com/show_bug.cgi?id=1265002 * https://bugzilla.suse.com/show_bug.cgi?id=1265003 * https://bugzilla.suse.com/show_bug.cgi?id=1265004 * https://bugzilla.suse.com/show_bug.cgi?id=1265006 * https://jira.suse.com/browse/PED-266 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:30:48 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:30:48 -0000 Subject: SUSE-SU-2026:21638-1: moderate: Security update for kernel-livepatch-MICRO-6-0_Update_20 Message-ID: <177884824859.295.2443642027407655975@21fe1a6c7c8c> # Security update for kernel-livepatch-MICRO-6-0_Update_20 Announcement ID: SUSE-SU-2026:21638-1 Release Date: 2026-05-12T09:28:42Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.1 An update that can now be installed. ## Description: New Livepatch SLE Micro 6.0/6.1 kernel update 20 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-399=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-43-default-debuginfo-1-1.1 * kernel-livepatch-6_4_0-43-default-1-1.1 * kernel-livepatch-MICRO-6-0_Update_20-debugsource-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:30:47 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:30:47 -0000 Subject: SUSE-SU-2026:21639-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_21 Message-ID: <177884824705.295.159265172482053089@21fe1a6c7c8c> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_21 Announcement ID: SUSE-SU-2026:21639-1 Release Date: 2026-05-11T09:34:16Z Rating: important References: Affected Products: * SUSE Linux Micro 6.1 An update that can now be installed. ## Description: New Livepatch SLE Micro 6.0/6.1 kernel rt update 21 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-398=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-43-rt-1-1.1 * kernel-livepatch-6_4_0-43-rt-debuginfo-1-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_21-debugsource-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:30:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:30:51 -0000 Subject: SUSE-SU-2026:21637-1: moderate: Security update for openCryptoki Message-ID: <177884825169.295.18278736555189544640@21fe1a6c7c8c> # Security update for openCryptoki Announcement ID: SUSE-SU-2026:21637-1 Release Date: 2026-05-09T15:45:11Z Rating: moderate References: * bsc#1263819 Cross-References: * CVE-2026-40253 CVSS scores: * CVE-2026-40253 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40253 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-40253 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for openCryptoki fixes the following issues: * CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects (bsc#1263819) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-521=1 ## Package List: * SUSE Linux Micro 6.1 (s390x) * openCryptoki-debugsource-3.23.0-slfo.1.1_3.1 * openCryptoki-debuginfo-3.23.0-slfo.1.1_3.1 * openCryptoki-3.23.0-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40253.html * https://bugzilla.suse.com/show_bug.cgi?id=1263819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:30:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:30:56 -0000 Subject: SUSE-SU-2026:21636-1: important: Security update for the Linux Kernel Message-ID: <177884825665.295.5194270317629632557@21fe1a6c7c8c> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21636-1 Release Date: 2026-05-12T10:32:52Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-400=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-43.1.21.20 * SUSE Linux Micro 6.1 (noarch) * kernel-macros-6.4.0-43.1 * kernel-devel-6.4.0-43.1 * kernel-source-6.4.0-43.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-43.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-43.1 * kernel-default-devel-6.4.0-43.1 * kernel-default-debugsource-6.4.0-43.1 * SUSE Linux Micro 6.1 (ppc64le x86_64) * kernel-default-devel-debuginfo-6.4.0-43.1 * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-default-livepatch-6.4.0-43.1 * SUSE Linux Micro 6.1 (nosrc x86_64) * kernel-kvmsmall-6.4.0-43.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-kvmsmall-debuginfo-6.4.0-43.1 * kernel-kvmsmall-debugsource-6.4.0-43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:01 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:01 -0000 Subject: SUSE-SU-2026:21635-1: moderate: Security update for helm Message-ID: <177884826167.295.17238175279569552626@21fe1a6c7c8c> # Security update for helm Announcement ID: SUSE-SU-2026:21635-1 Release Date: 2026-05-12T10:25:24Z Rating: moderate References: * bsc#1248093 * bsc#1261938 * jsc#PED-15794 Cross-References: * CVE-2025-55199 * CVE-2026-35206 CVSS scores: * CVE-2025-55199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55199 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-35206 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-35206 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for helm fixes the following issues Security issues: * CVE-2025-55199: crafted JSON Schema can lead to out of memory (OOM) termination (bsc#1248093). * CVE-2026-35206: github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart (bsc#1261938). Non security issue: * Update to version 3.20.2 * Fix packages for %suse_version bump (jsc#PED-15794). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-525=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * helm-3.20.2-slfo.1.1_1.1 * helm-debuginfo-3.20.2-slfo.1.1_1.1 * SUSE Linux Micro 6.1 (noarch) * helm-bash-completion-3.20.2-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55199.html * https://www.suse.com/security/cve/CVE-2026-35206.html * https://bugzilla.suse.com/show_bug.cgi?id=1248093 * https://bugzilla.suse.com/show_bug.cgi?id=1261938 * https://jira.suse.com/browse/PED-15794 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:06 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:06 -0000 Subject: SUSE-SU-2026:21634-1: important: Security update for openssh Message-ID: <177884826643.295.18126843867635243590@21fe1a6c7c8c> # Security update for openssh Announcement ID: SUSE-SU-2026:21634-1 Release Date: 2026-05-12T10:19:47Z Rating: important References: * bsc#1261427 * bsc#1261430 Cross-References: * CVE-2026-35385 * CVE-2026-35414 CVSS scores: * CVE-2026-35385 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35385 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-35385 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-35385 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35414 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35414 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35414 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35414 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssh fixes the following issues * CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid (bsc#1261427). * CVE-2026-35414: mishandling of authorized_keys principals option (bsc#1261430). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-524=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * openssh-9.6p1-slfo.1.1_4.1 * openssh-clients-debuginfo-9.6p1-slfo.1.1_4.1 * openssh-common-debuginfo-9.6p1-slfo.1.1_4.1 * openssh-debuginfo-9.6p1-slfo.1.1_4.1 * openssh-debugsource-9.6p1-slfo.1.1_4.1 * openssh-server-debuginfo-9.6p1-slfo.1.1_4.1 * openssh-fips-9.6p1-slfo.1.1_4.1 * openssh-clients-9.6p1-slfo.1.1_4.1 * openssh-server-9.6p1-slfo.1.1_4.1 * openssh-common-9.6p1-slfo.1.1_4.1 * openssh-server-config-rootlogin-9.6p1-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35385.html * https://www.suse.com/security/cve/CVE-2026-35414.html * https://bugzilla.suse.com/show_bug.cgi?id=1261427 * https://bugzilla.suse.com/show_bug.cgi?id=1261430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:12 -0000 Subject: SUSE-SU-2026:21633-1: moderate: Security update for dnsmasq Message-ID: <177884827221.295.10560835340266843909@21fe1a6c7c8c> # Security update for dnsmasq Announcement ID: SUSE-SU-2026:21633-1 Release Date: 2026-05-12T09:35:20Z Rating: moderate References: * bsc#1235517 * bsc#1235834 * bsc#1258251 Cross-References: * CVE-2026-2291 CVSS scores: * CVE-2026-2291 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2291 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for dnsmasq fixes the following issues: * CVE-2026-2291: Fixed a bug that could have been abused to record false cached data enabling DoS or attacker redirect. (bsc#1258251) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-523=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * dnsmasq-debuginfo-2.90-slfo.1.1_2.1 * dnsmasq-debugsource-2.90-slfo.1.1_2.1 * dnsmasq-2.90-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2291.html * https://bugzilla.suse.com/show_bug.cgi?id=1235517 * https://bugzilla.suse.com/show_bug.cgi?id=1235834 * https://bugzilla.suse.com/show_bug.cgi?id=1258251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:18 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:18 -0000 Subject: SUSE-SU-2026:21632-1: important: Security update for the Linux Kernel Message-ID: <177884827818.295.9215362429646610416@21fe1a6c7c8c> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21632-1 Release Date: 2026-05-11T11:16:00Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 RT kernel was updated to fix the following issues: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-397=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * kernel-devel-rt-6.4.0-43.1 * kernel-source-rt-6.4.0-43.1 * SUSE Linux Micro 6.1 (aarch64 nosrc x86_64) * kernel-rt-6.4.0-43.1 * SUSE Linux Micro 6.1 (aarch64 x86_64) * kernel-rt-debuginfo-6.4.0-43.1 * kernel-rt-debugsource-6.4.0-43.1 * kernel-rt-devel-6.4.0-43.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-rt-livepatch-6.4.0-43.1 * kernel-rt-devel-debuginfo-6.4.0-43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:21 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:21 -0000 Subject: SUSE-SU-2026:21631-1: moderate: Security update for avahi Message-ID: <177884828134.295.8814776775306462263@21fe1a6c7c8c> # Security update for avahi Announcement ID: SUSE-SU-2026:21631-1 Release Date: 2026-05-09T15:47:12Z Rating: moderate References: * bsc#1261546 Cross-References: * CVE-2026-34933 CVSS scores: * CVE-2026-34933 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34933 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2026-34933: reachable assertion in `transport_flags_from_domain` can crash the `avahi-daemon` (bsc#1261546). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-518=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libavahi-core7-0.8-slfo.1.1_7.1 * libavahi-common3-debuginfo-0.8-slfo.1.1_7.1 * libavahi-common3-0.8-slfo.1.1_7.1 * avahi-0.8-slfo.1.1_7.1 * libavahi-client3-0.8-slfo.1.1_7.1 * avahi-debugsource-0.8-slfo.1.1_7.1 * libavahi-client3-debuginfo-0.8-slfo.1.1_7.1 * avahi-debuginfo-0.8-slfo.1.1_7.1 * libavahi-core7-debuginfo-0.8-slfo.1.1_7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34933.html * https://bugzilla.suse.com/show_bug.cgi?id=1261546 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:24 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:24 -0000 Subject: SUSE-SU-2026:21630-1: important: Security update for containerd Message-ID: <177884828436.295.13215416794796995327@21fe1a6c7c8c> # Security update for containerd Announcement ID: SUSE-SU-2026:21630-1 Release Date: 2026-05-09T15:45:52Z Rating: important References: * bsc#1260296 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for containerd fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 `:path` pseudo-header (bsc#1260296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-519=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260296 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:28 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:28 -0000 Subject: SUSE-SU-2026:21629-1: moderate: Security update for krb5 Message-ID: <177884828870.295.8547395362933035892@21fe1a6c7c8c> # Security update for krb5 Announcement ID: SUSE-SU-2026:21629-1 Release Date: 2026-05-09T15:45:07Z Rating: moderate References: * bsc#1263366 * bsc#1263367 Cross-References: * CVE-2026-40355 * CVE-2026-40356 CVSS scores: * CVE-2026-40355 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40355 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40356 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40356 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for krb5 fixes the following issues * CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). * CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-522=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * krb5-debuginfo-1.21.3-slfo.1.1_4.1 * krb5-1.21.3-slfo.1.1_4.1 * krb5-client-debuginfo-1.21.3-slfo.1.1_4.1 * krb5-client-1.21.3-slfo.1.1_4.1 * krb5-debugsource-1.21.3-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40355.html * https://www.suse.com/security/cve/CVE-2026-40356.html * https://bugzilla.suse.com/show_bug.cgi?id=1263366 * https://bugzilla.suse.com/show_bug.cgi?id=1263367 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:33 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:33 -0000 Subject: SUSE-SU-2026:21628-1: moderate: Security update for helm Message-ID: <177884829331.295.17774034767145646150@21fe1a6c7c8c> # Security update for helm Announcement ID: SUSE-SU-2026:21628-1 Release Date: 2026-05-12T09:38:53Z Rating: moderate References: * bsc#1248093 * bsc#1261938 * jsc#PED-15794 Cross-References: * CVE-2025-55199 * CVE-2026-35206 CVSS scores: * CVE-2025-55199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55199 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-35206 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-35206 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for helm fixes the following issues Security issues: * CVE-2025-55199: crafted JSON Schema can lead to out of memory (OOM) termination (bsc#1248093). * CVE-2026-35206: github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart (bsc#1261938). Non security issue: * Update to version 3.20.2 * Fix packages for %suse_version bump (jsc#PED-15794). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-705=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * helm-debuginfo-3.20.2-1.1 * helm-3.20.2-1.1 * SUSE Linux Micro 6.0 (noarch) * helm-bash-completion-3.20.2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55199.html * https://www.suse.com/security/cve/CVE-2026-35206.html * https://bugzilla.suse.com/show_bug.cgi?id=1248093 * https://bugzilla.suse.com/show_bug.cgi?id=1261938 * https://jira.suse.com/browse/PED-15794 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:37 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:37 -0000 Subject: SUSE-SU-2026:21627-1: important: Security update for openssh Message-ID: <177884829782.295.14298836389762459983@21fe1a6c7c8c> # Security update for openssh Announcement ID: SUSE-SU-2026:21627-1 Release Date: 2026-05-12T09:38:53Z Rating: important References: * bsc#1261427 * bsc#1261430 Cross-References: * CVE-2026-35385 * CVE-2026-35414 CVSS scores: * CVE-2026-35385 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35385 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-35385 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-35385 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35414 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-35414 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-35414 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35414 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssh fixes the following issues ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-704=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * openssh-debuginfo-9.6p1-5.1 * openssh-server-config-rootlogin-9.6p1-5.1 * openssh-clients-9.6p1-5.1 * openssh-common-debuginfo-9.6p1-5.1 * openssh-9.6p1-5.1 * openssh-debugsource-9.6p1-5.1 * openssh-server-debuginfo-9.6p1-5.1 * openssh-clients-debuginfo-9.6p1-5.1 * openssh-fips-9.6p1-5.1 * openssh-common-9.6p1-5.1 * openssh-server-9.6p1-5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35385.html * https://www.suse.com/security/cve/CVE-2026-35414.html * https://bugzilla.suse.com/show_bug.cgi?id=1261427 * https://bugzilla.suse.com/show_bug.cgi?id=1261430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:45 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:45 -0000 Subject: SUSE-SU-2026:21626-1: important: Security update for dnsmasq Message-ID: <177884830539.295.16886348260046129868@21fe1a6c7c8c> # Security update for dnsmasq Announcement ID: SUSE-SU-2026:21626-1 Release Date: 2026-05-12T09:38:52Z Rating: important References: * bsc#1226091 * bsc#1235517 * bsc#1235834 * bsc#1258251 Cross-References: * CVE-2023-49441 * CVE-2026-2291 CVSS scores: * CVE-2023-49441 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49441 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49441 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-2291 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2291 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for dnsmasq fixes the following issues: Security issues: * CVE-2023-49441: integer overflow via forward_query (bsc#1226091). * CVE-2026-2291: VU#471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect (bsc#1258251). Non security issue: * Reintroduce nogroup (bsc#1235517). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-703=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.90-2.1 * dnsmasq-debugsource-2.90-2.1 * dnsmasq-2.90-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49441.html * https://www.suse.com/security/cve/CVE-2026-2291.html * https://bugzilla.suse.com/show_bug.cgi?id=1226091 * https://bugzilla.suse.com/show_bug.cgi?id=1235517 * https://bugzilla.suse.com/show_bug.cgi?id=1235834 * https://bugzilla.suse.com/show_bug.cgi?id=1258251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:51 -0000 Subject: SUSE-SU-2026:21625-1: important: Security update for the Linux Kernel Message-ID: <177884831134.295.16808599007737070415@21fe1a6c7c8c> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21625-1 Release Date: 2026-05-12T09:35:37Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-400=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * kernel-macros-6.4.0-43.1 * kernel-devel-6.4.0-43.1 * kernel-source-6.4.0-43.1 * SUSE Linux Micro 6.0 (aarch64 nosrc s390x x86_64) * kernel-default-6.4.0-43.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * kernel-default-debuginfo-6.4.0-43.1 * kernel-default-debugsource-6.4.0-43.1 * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-default-livepatch-6.4.0-43.1 * SUSE Linux Micro 6.0 (aarch64 x86_64) * kernel-default-base-6.4.0-43.1.21.20 * SUSE Linux Micro 6.0 (nosrc x86_64) * kernel-kvmsmall-6.4.0-43.1 * SUSE Linux Micro 6.0 (x86_64) * kernel-kvmsmall-debuginfo-6.4.0-43.1 * kernel-kvmsmall-debugsource-6.4.0-43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:54 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:54 -0000 Subject: SUSE-SU-2026:21624-1: moderate: Security update for kernel-livepatch-MICRO-6-0_Update_20 Message-ID: <177884831452.295.5769421666625026971@21fe1a6c7c8c> # Security update for kernel-livepatch-MICRO-6-0_Update_20 Announcement ID: SUSE-SU-2026:21624-1 Release Date: 2026-05-12T09:28:16Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.0 An update that can now be installed. ## Description: New Livepatch SLE Micro 6.0/6.1 kernel update 20 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-399=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-43-default-debuginfo-1-1.1 * kernel-livepatch-6_4_0-43-default-1-1.1 * kernel-livepatch-MICRO-6-0_Update_20-debugsource-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:31:56 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:31:56 -0000 Subject: SUSE-SU-2026:21623-1: important: Security update for kernel-livepatch-MICRO-6-0-RT_Update_21 Message-ID: <177884831610.295.3743769538397233950@21fe1a6c7c8c> # Security update for kernel-livepatch-MICRO-6-0-RT_Update_21 Announcement ID: SUSE-SU-2026:21623-1 Release Date: 2026-05-11T09:34:16Z Rating: important References: Affected Products: * SUSE Linux Micro 6.0 An update that can now be installed. ## Description: New Livepatch SLE Micro 6.0/6.1 kernel rt update 21 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-398=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-43-rt-1-1.1 * kernel-livepatch-6_4_0-43-rt-debuginfo-1-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_21-debugsource-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:32:00 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:32:00 -0000 Subject: SUSE-SU-2026:21622-1: important: Security update for the Linux Kernel Message-ID: <177884832098.295.15853884156140452407@21fe1a6c7c8c> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21622-1 Release Date: 2026-05-11T09:32:02Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 RT kernel was updated to fix the following issues: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). * CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-397=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * kernel-devel-rt-6.4.0-43.1 * kernel-source-rt-6.4.0-43.1 * SUSE Linux Micro 6.0 (nosrc x86_64) * kernel-rt-6.4.0-43.1 * SUSE Linux Micro 6.0 (x86_64) * kernel-rt-debuginfo-6.4.0-43.1 * kernel-rt-debugsource-6.4.0-43.1 * kernel-rt-livepatch-6.4.0-43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:32:11 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:32:11 -0000 Subject: SUSE-SU-2026:21621-1: moderate: Security update for grub2 Message-ID: <177884833106.295.16128621240935926868@21fe1a6c7c8c> # Security update for grub2 Announcement ID: SUSE-SU-2026:21621-1 Release Date: 2026-05-11T08:46:20Z Rating: moderate References: * bsc#1252930 * bsc#1252931 * bsc#1252932 * bsc#1252933 * bsc#1252934 * bsc#1252935 Cross-References: * CVE-2025-54770 * CVE-2025-54771 * CVE-2025-61661 * CVE-2025-61662 * CVE-2025-61663 * CVE-2025-61664 CVSS scores: * CVE-2025-54770 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-54770 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-54770 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-54771 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-54771 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-54771 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-61661 ( SUSE ): 4.3 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-61661 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-61661 ( NVD ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-61662 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-61662 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-61662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-61662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-61663 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-61663 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-61663 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-61664 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-61664 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-61664 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for grub2 fixes the following issues * CVE-2025-54770: Missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930). * CVE-2025-54771: grub_file_close() does not properly controls the fs refcount (bsc#1252931). * CVE-2025-61661: Out-of-bounds write in grub_usb_get_string() function (bsc#1252932). * CVE-2025-61662: Missing unregister call for gettext command may lead to use- after-free (bsc#1252933). * CVE-2025-61663: Missing unregister call for normal commands may lead to use- after-free (bsc#1252934). * CVE-2025-61664: Missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935). Changes for grub2: * Bump upstream SBAT generation to 6 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-702=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * grub2-2.12~rc1-8.1 * grub2-debugsource-2.12~rc1-8.1 * grub2-debuginfo-2.12~rc1-8.1 * SUSE Linux Micro 6.0 (noarch) * grub2-snapper-plugin-2.12~rc1-8.1 * grub2-arm64-efi-2.12~rc1-8.1 * grub2-i386-pc-2.12~rc1-8.1 * grub2-x86_64-xen-2.12~rc1-8.1 * grub2-x86_64-efi-2.12~rc1-8.1 * SUSE Linux Micro 6.0 (s390x) * grub2-s390x-emu-2.12~rc1-8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54770.html * https://www.suse.com/security/cve/CVE-2025-54771.html * https://www.suse.com/security/cve/CVE-2025-61661.html * https://www.suse.com/security/cve/CVE-2025-61662.html * https://www.suse.com/security/cve/CVE-2025-61663.html * https://www.suse.com/security/cve/CVE-2025-61664.html * https://bugzilla.suse.com/show_bug.cgi?id=1252930 * https://bugzilla.suse.com/show_bug.cgi?id=1252931 * https://bugzilla.suse.com/show_bug.cgi?id=1252932 * https://bugzilla.suse.com/show_bug.cgi?id=1252933 * https://bugzilla.suse.com/show_bug.cgi?id=1252934 * https://bugzilla.suse.com/show_bug.cgi?id=1252935 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:32:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:32:22 -0000 Subject: SUSE-SU-2026:21619-1: moderate: Security update for python-pyOpenSSL Message-ID: <177884834270.295.5794424256555435777@21fe1a6c7c8c> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:21619-1 Release Date: 2026-05-09T16:16:14Z Rating: moderate References: * bsc#1262803 Cross-References: * CVE-2026-40475 CVSS scores: * CVE-2026-40475 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40475 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issue * CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency (bsc#1262803). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-699=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * python311-pyOpenSSL-24.0.0-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40475.html * https://bugzilla.suse.com/show_bug.cgi?id=1262803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:32:27 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:32:27 -0000 Subject: SUSE-SU-2026:21618-1: moderate: Security update for krb5 Message-ID: <177884834716.295.12069056858944777171@21fe1a6c7c8c> # Security update for krb5 Announcement ID: SUSE-SU-2026:21618-1 Release Date: 2026-05-09T16:14:44Z Rating: moderate References: * bsc#1263366 * bsc#1263367 Cross-References: * CVE-2026-40355 * CVE-2026-40356 CVSS scores: * CVE-2026-40355 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40355 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40356 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40356 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for krb5 fixes the following issues * CVE-2026-40355: Denial of Service via NULL pointer dereference in NegoEx mechanism (bsc#1263366). * CVE-2026-40356: Denial of Service via integer underflow and out-of-bounds read (bsc#1263367). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-701=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * krb5-client-1.20.1-8.1 * krb5-debuginfo-1.20.1-8.1 * krb5-debugsource-1.20.1-8.1 * krb5-1.20.1-8.1 * krb5-client-debuginfo-1.20.1-8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40355.html * https://www.suse.com/security/cve/CVE-2026-40356.html * https://bugzilla.suse.com/show_bug.cgi?id=1263366 * https://bugzilla.suse.com/show_bug.cgi?id=1263367 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:32:31 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:32:31 -0000 Subject: SUSE-SU-2026:21617-1: moderate: Security update for python-pyOpenSSL Message-ID: <177884835154.295.4707554410681548003@21fe1a6c7c8c> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:21617-1 Release Date: 2026-05-09T15:44:10Z Rating: moderate References: * bsc#1262803 * bsc#1263254 Cross-References: * CVE-2026-40475 * CVE-2026-41066 CVSS scores: * CVE-2026-40475 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-40475 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41066 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-41066 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-41066 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Security update for python-pyOpenSSL ### Description: This update for python-pyOpenSSL fixes the following issue ## Security update for python-lxml ### Description: This update for python-lxml fixes the following issue * CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read (bsc#1263254). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-700=1 * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-520=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * python-lxml-debugsource-4.9.3-2.1 * python311-lxml-4.9.3-2.1 * python311-lxml-debuginfo-4.9.3-2.1 * SUSE Linux Micro 6.1 (noarch) * python311-pyOpenSSL-24.0.0-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40475.html * https://www.suse.com/security/cve/CVE-2026-41066.html * https://bugzilla.suse.com/show_bug.cgi?id=1262803 * https://bugzilla.suse.com/show_bug.cgi?id=1263254 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:32:36 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:32:36 -0000 Subject: SUSE-SU-2026:21616-1: important: Security update for the Linux Kernel Message-ID: <177884835658.295.230436739574986681@21fe1a6c7c8c> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21616-1 Release Date: 2026-05-12T14:11:03Z Rating: important References: * bsc#1264449 * bsc#1264450 Cross-References: * CVE-2026-43284 * CVE-2026-43500 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server High Availability Extension 16.0 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: Dirty Frag fixes: * CVE-2026-43500: supported.conf: drop rxrpc completely (bsc#1264450) * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server High Availability Extension 16.0 zypper in -t patch SUSE-SLES-HA-16.0-734=1 ## Package List: * SUSE Linux Enterprise Server High Availability Extension 16.0 (ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-6.12.0-160000.30.1 * kernel-default-debuginfo-6.12.0-160000.30.1 * cluster-md-kmp-default-6.12.0-160000.30.1 * gfs2-kmp-default-debuginfo-6.12.0-160000.30.1 * gfs2-kmp-default-6.12.0-160000.30.1 * kernel-default-debugsource-6.12.0-160000.30.1 * cluster-md-kmp-default-debuginfo-6.12.0-160000.30.1 * dlm-kmp-default-6.12.0-160000.30.1 * SUSE Linux Enterprise Server High Availability Extension 16.0 (nosrc) * kernel-default-6.12.0-160000.30.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43500.html * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264450 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:32:51 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:32:51 -0000 Subject: SUSE-SU-2026:1868-1: critical: Security update for firebird Message-ID: <177884837122.295.755404557296323830@21fe1a6c7c8c> # Security update for firebird Announcement ID: SUSE-SU-2026:1868-1 Release Date: 2026-05-15T07:50:01Z Rating: critical References: * bsc#1262320 * bsc#1262322 * bsc#1262324 * bsc#1262325 * bsc#1262326 * bsc#1262327 * bsc#1262328 * bsc#1262329 * bsc#1262330 Cross-References: * CVE-2025-65104 * CVE-2026-27890 * CVE-2026-28212 * CVE-2026-28214 * CVE-2026-28224 * CVE-2026-33337 * CVE-2026-34232 * CVE-2026-35215 * CVE-2026-40342 CVSS scores: * CVE-2025-65104 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L * CVE-2025-65104 ( SUSE ): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L * CVE-2025-65104 ( NVD ): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L * CVE-2025-65104 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-27890 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27890 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-27890 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28212 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28212 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28212 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28214 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2026-28214 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-28214 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28214 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28224 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28224 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28224 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-33337 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33337 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33337 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34232 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34232 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34232 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35215 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35215 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35215 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40342 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-40342 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-40342 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves nine vulnerabilities can now be installed. ## Description: This update for firebird fixes the following issues * CVE-2025-65104: Information leak vulnerability in firebird3 client when used with newer (>= 4) server (bsc#1262330). * CVE-2026-27890: Pre-Auth DOS (bsc#1262328). * CVE-2026-28212: One packet DoS (bsc#1262329). * CVE-2026-28214: Server hangs when using specific clumplet on batch creation (bsc#1262327). * CVE-2026-28224: CryptCallback DOS (bsc#1262326). * CVE-2026-33337: Buffer overflow on parsing corrupted slice packet (bsc#1262325). * CVE-2026-34232: DoS via `op_response` packet from client (bsc#1262324). * CVE-2026-35215: DoS via malicious slice descriptor in slice packet (bsc#1262322). * CVE-2026-40342: Path traversal when declaring external routine (bsc#1262320). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1868=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * firebird-3.0.14.33856-150200.3.9.1 * firebird-debugsource-3.0.14.33856-150200.3.9.1 * libib_util-3.0.14.33856-150200.3.9.1 * firebird-examples-3.0.14.33856-150200.3.9.1 * libfbclient2-3.0.14.33856-150200.3.9.1 * libib_util-debuginfo-3.0.14.33856-150200.3.9.1 * firebird-utils-3.0.14.33856-150200.3.9.1 * firebird-server-3.0.14.33856-150200.3.9.1 * libib_util-devel-3.0.14.33856-150200.3.9.1 * libfbclient2-debuginfo-3.0.14.33856-150200.3.9.1 * firebird-server-debuginfo-3.0.14.33856-150200.3.9.1 * firebird-utils-debuginfo-3.0.14.33856-150200.3.9.1 * libfbclient-devel-3.0.14.33856-150200.3.9.1 * firebird-debuginfo-3.0.14.33856-150200.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-65104.html * https://www.suse.com/security/cve/CVE-2026-27890.html * https://www.suse.com/security/cve/CVE-2026-28212.html * https://www.suse.com/security/cve/CVE-2026-28214.html * https://www.suse.com/security/cve/CVE-2026-28224.html * https://www.suse.com/security/cve/CVE-2026-33337.html * https://www.suse.com/security/cve/CVE-2026-34232.html * https://www.suse.com/security/cve/CVE-2026-35215.html * https://www.suse.com/security/cve/CVE-2026-40342.html * https://bugzilla.suse.com/show_bug.cgi?id=1262320 * https://bugzilla.suse.com/show_bug.cgi?id=1262322 * https://bugzilla.suse.com/show_bug.cgi?id=1262324 * https://bugzilla.suse.com/show_bug.cgi?id=1262325 * https://bugzilla.suse.com/show_bug.cgi?id=1262326 * https://bugzilla.suse.com/show_bug.cgi?id=1262327 * https://bugzilla.suse.com/show_bug.cgi?id=1262328 * https://bugzilla.suse.com/show_bug.cgi?id=1262329 * https://bugzilla.suse.com/show_bug.cgi?id=1262330 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:33:22 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:33:22 -0000 Subject: SUSE-SU-2026:1862-1: important: Security update for go1.25 Message-ID: <177884840293.295.11635074852437443871@21fe1a6c7c8c> # Security update for go1.25 Announcement ID: SUSE-SU-2026:1862-1 Release Date: 2026-05-14T22:34:21Z Rating: important References: * bsc#1170826 * bsc#1244485 * bsc#1264499 * bsc#1264500 * bsc#1264501 * bsc#1264502 * bsc#1264503 * bsc#1264504 * bsc#1264505 * bsc#1264506 * bsc#1264507 * bsc#1264508 * bsc#1264509 Cross-References: * CVE-2026-33811 * CVE-2026-33814 * CVE-2026-39817 * CVE-2026-39819 * CVE-2026-39820 * CVE-2026-39823 * CVE-2026-39825 * CVE-2026-39826 * CVE-2026-39836 * CVE-2026-42499 * CVE-2026-42501 CVSS scores: * CVE-2026-33811 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33811 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33811 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39817 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N * CVE-2026-39817 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N * CVE-2026-39817 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N * CVE-2026-39819 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N * CVE-2026-39819 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N * CVE-2026-39819 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N * CVE-2026-39820 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39820 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39820 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39823 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39823 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39825 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-39825 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-39826 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39826 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39836 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42499 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42499 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42501 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-42501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 11 vulnerabilities and has two security fixes can now be installed. ## Description: This update for go1.25 fixes the following issues Security issues: * CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508). * CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506). * CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths (bsc#1264505). * CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary filenames (bsc#1264504). * CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503). * CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509). * CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters (bsc#1264500). * CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507). * CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501). * CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase (bsc#1264502). * CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499). Non security issues: * Updated to go1.25.10 (bsc#1244485). * Go packages miss binutils-gold dependency (bsc#1170826). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1862=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1862=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1862=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1862=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1862=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1862=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1862=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1862=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1862=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1862=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1862=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-race-1.25.10-150000.1.38.1 * go1.25-doc-1.25.10-150000.1.38.1 * go1.25-1.25.10-150000.1.38.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33811.html * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-39817.html * https://www.suse.com/security/cve/CVE-2026-39819.html * https://www.suse.com/security/cve/CVE-2026-39820.html * https://www.suse.com/security/cve/CVE-2026-39823.html * https://www.suse.com/security/cve/CVE-2026-39825.html * https://www.suse.com/security/cve/CVE-2026-39826.html * https://www.suse.com/security/cve/CVE-2026-39836.html * https://www.suse.com/security/cve/CVE-2026-42499.html * https://www.suse.com/security/cve/CVE-2026-42501.html * https://bugzilla.suse.com/show_bug.cgi?id=1170826 * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1264499 * https://bugzilla.suse.com/show_bug.cgi?id=1264500 * https://bugzilla.suse.com/show_bug.cgi?id=1264501 * https://bugzilla.suse.com/show_bug.cgi?id=1264502 * https://bugzilla.suse.com/show_bug.cgi?id=1264503 * https://bugzilla.suse.com/show_bug.cgi?id=1264504 * https://bugzilla.suse.com/show_bug.cgi?id=1264505 * https://bugzilla.suse.com/show_bug.cgi?id=1264506 * https://bugzilla.suse.com/show_bug.cgi?id=1264507 * https://bugzilla.suse.com/show_bug.cgi?id=1264508 * https://bugzilla.suse.com/show_bug.cgi?id=1264509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 12:33:44 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 12:33:44 -0000 Subject: SUSE-SU-2026:1861-1: important: Security update for go1.26 Message-ID: <177884842460.295.858858021702949215@21fe1a6c7c8c> # Security update for go1.26 Announcement ID: SUSE-SU-2026:1861-1 Release Date: 2026-05-14T22:33:22Z Rating: important References: * bsc#1170826 * bsc#1255111 * bsc#1264499 * bsc#1264500 * bsc#1264501 * bsc#1264502 * bsc#1264503 * bsc#1264504 * bsc#1264505 * bsc#1264506 * bsc#1264507 * bsc#1264508 * bsc#1264509 Cross-References: * CVE-2026-33811 * CVE-2026-33814 * CVE-2026-39817 * CVE-2026-39819 * CVE-2026-39820 * CVE-2026-39823 * CVE-2026-39825 * CVE-2026-39826 * CVE-2026-39836 * CVE-2026-42499 * CVE-2026-42501 CVSS scores: * CVE-2026-33811 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33811 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33811 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39817 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N * CVE-2026-39817 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N * CVE-2026-39817 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N * CVE-2026-39819 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N * CVE-2026-39819 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N * CVE-2026-39819 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N * CVE-2026-39820 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39820 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39820 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39823 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39823 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39825 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-39825 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-39826 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39826 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-39836 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42499 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42499 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42501 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-42501 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 11 vulnerabilities and has two security fixes can now be installed. ## Description: This update for go1.26 fixes the following issues Security issues: * CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508). * CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506). * CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths (bsc#1264505). * CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary filenames (bsc#1264504). * CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503). * CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509). * CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters (bsc#1264500). * CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507). * CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501). * CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase (bsc#1264502). * CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499). Non security issues: * go1.26 release tracking (bsc#1255111). * Go packages miss binutils-gold dependency (bsc#1170826). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1861=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1861=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1861=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1861=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1861=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1861=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1861=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1861=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-doc-1.26.3-150000.1.12.1 * go1.26-race-1.26.3-150000.1.12.1 * go1.26-1.26.3-150000.1.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33811.html * https://www.suse.com/security/cve/CVE-2026-33814.html * https://www.suse.com/security/cve/CVE-2026-39817.html * https://www.suse.com/security/cve/CVE-2026-39819.html * https://www.suse.com/security/cve/CVE-2026-39820.html * https://www.suse.com/security/cve/CVE-2026-39823.html * https://www.suse.com/security/cve/CVE-2026-39825.html * https://www.suse.com/security/cve/CVE-2026-39826.html * https://www.suse.com/security/cve/CVE-2026-39836.html * https://www.suse.com/security/cve/CVE-2026-42499.html * https://www.suse.com/security/cve/CVE-2026-42501.html * https://bugzilla.suse.com/show_bug.cgi?id=1170826 * https://bugzilla.suse.com/show_bug.cgi?id=1255111 * https://bugzilla.suse.com/show_bug.cgi?id=1264499 * https://bugzilla.suse.com/show_bug.cgi?id=1264500 * https://bugzilla.suse.com/show_bug.cgi?id=1264501 * https://bugzilla.suse.com/show_bug.cgi?id=1264502 * https://bugzilla.suse.com/show_bug.cgi?id=1264503 * https://bugzilla.suse.com/show_bug.cgi?id=1264504 * https://bugzilla.suse.com/show_bug.cgi?id=1264505 * https://bugzilla.suse.com/show_bug.cgi?id=1264506 * https://bugzilla.suse.com/show_bug.cgi?id=1264507 * https://bugzilla.suse.com/show_bug.cgi?id=1264508 * https://bugzilla.suse.com/show_bug.cgi?id=1264509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 16:30:16 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 16:30:16 -0000 Subject: SUSE-SU-2026:1870-1: important: Security update for mozjs115 Message-ID: <177886261610.350.13664112158960068110@6562c213d78e> # Security update for mozjs115 Announcement ID: SUSE-SU-2026:1870-1 Release Date: 2026-05-15T09:19:51Z Rating: important References: * bsc#1259713 * bsc#1259728 * bsc#1259731 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for mozjs115 fixes the following issues * CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259728). * CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713). * CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1870=1 openSUSE-SLE-15.6-2026-1870=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1870=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1870=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1870=1 ## Package List: * openSUSE Leap 15.6 (i686) * mozjs115-115.4.0-150600.3.12.5 * libmozjs-115-0-115.4.0-150600.3.12.5 * mozjs115-debuginfo-115.4.0-150600.3.12.5 * libmozjs-115-0-debuginfo-115.4.0-150600.3.12.5 * mozjs115-debugsource-115.4.0-150600.3.12.5 * mozjs115-devel-115.4.0-150600.3.12.5 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * mozjs115-115.4.0-150600.3.14.1 * mozjs115-debuginfo-115.4.0-150600.3.14.1 * mozjs115-devel-115.4.0-150600.3.14.1 * libmozjs-115-0-115.4.0-150600.3.14.1 * mozjs115-debugsource-115.4.0-150600.3.14.1 * libmozjs-115-0-debuginfo-115.4.0-150600.3.14.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mozjs115-debuginfo-115.4.0-150600.3.14.1 * mozjs115-devel-115.4.0-150600.3.14.1 * libmozjs-115-0-115.4.0-150600.3.14.1 * mozjs115-debugsource-115.4.0-150600.3.14.1 * libmozjs-115-0-debuginfo-115.4.0-150600.3.14.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * mozjs115-debuginfo-115.4.0-150600.3.14.1 * mozjs115-devel-115.4.0-150600.3.14.1 * libmozjs-115-0-115.4.0-150600.3.14.1 * mozjs115-debugsource-115.4.0-150600.3.14.1 * libmozjs-115-0-debuginfo-115.4.0-150600.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * mozjs115-debuginfo-115.4.0-150600.3.14.1 * mozjs115-devel-115.4.0-150600.3.14.1 * libmozjs-115-0-115.4.0-150600.3.14.1 * mozjs115-debugsource-115.4.0-150600.3.14.1 * libmozjs-115-0-debuginfo-115.4.0-150600.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259713 * https://bugzilla.suse.com/show_bug.cgi?id=1259728 * https://bugzilla.suse.com/show_bug.cgi?id=1259731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 20:30:05 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 20:30:05 -0000 Subject: SUSE-SU-2026:1873-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP7) Message-ID: <177887700587.405.14446843082530018804@ce2cd4b7ee52> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1873-1 Release Date: 2026-05-15T15:36:21Z Rating: important References: * bsc#1264459 Cross-References: * CVE-2026-43284 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-53.40 fixes one security issue The following security issue was fixed: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264459). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1873=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1873=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1874=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_205-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_51-debugsource-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_205-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_51-debugsource-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_12-debugsource-2-150700.2.1 * kernel-livepatch-6_4_0-150700_53_40-default-debuginfo-2-150700.2.1 * kernel-livepatch-6_4_0-150700_53_40-default-2-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://bugzilla.suse.com/show_bug.cgi?id=1264459 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 20:30:15 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 20:30:15 -0000 Subject: SUSE-SU-2026:1871-1: moderate: Security update for openvswitch Message-ID: <177887701548.405.2932331559699821201@ce2cd4b7ee52> # Security update for openvswitch Announcement ID: SUSE-SU-2026:1871-1 Release Date: 2026-05-15T15:22:14Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34956 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issue: * CVE-2026-34956: Invalid memory access in conntrack FTP alg (bsc#1261273). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1871=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.32.1 * openvswitch-debugsource-2.14.2-150400.24.32.1 * openvswitch-pki-2.14.2-150400.24.32.1 * libovn-20_06-0-20.06.2-150400.24.32.1 * ovn-vtep-debuginfo-20.06.2-150400.24.32.1 * python3-ovs-2.14.2-150400.24.32.1 * ovn-vtep-20.06.2-150400.24.32.1 * libovn-20_06-0-debuginfo-20.06.2-150400.24.32.1 * ovn-docker-20.06.2-150400.24.32.1 * ovn-20.06.2-150400.24.32.1 * openvswitch-test-debuginfo-2.14.2-150400.24.32.1 * ovn-central-20.06.2-150400.24.32.1 * openvswitch-2.14.2-150400.24.32.1 * openvswitch-vtep-debuginfo-2.14.2-150400.24.32.1 * openvswitch-vtep-2.14.2-150400.24.32.1 * ovn-host-debuginfo-20.06.2-150400.24.32.1 * ovn-central-debuginfo-20.06.2-150400.24.32.1 * ovn-host-20.06.2-150400.24.32.1 * openvswitch-test-2.14.2-150400.24.32.1 * openvswitch-ipsec-2.14.2-150400.24.32.1 * libopenvswitch-2_14-0-2.14.2-150400.24.32.1 * ovn-debuginfo-20.06.2-150400.24.32.1 * openvswitch-debuginfo-2.14.2-150400.24.32.1 * ovn-devel-20.06.2-150400.24.32.1 * openvswitch-devel-2.14.2-150400.24.32.1 * openSUSE Leap 15.4 (noarch) * openvswitch-doc-2.14.2-150400.24.32.1 * ovn-doc-20.06.2-150400.24.32.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri May 15 20:30:12 2026 From: null at suse.de (SLE-SECURITY-UPDATES) Date: Fri, 15 May 2026 20:30:12 -0000 Subject: SUSE-SU-2026:1872-1: moderate: Security update for firewalld Message-ID: <177887701208.405.13137238511692883426@ce2cd4b7ee52> # Security update for firewalld Announcement ID: SUSE-SU-2026:1872-1 Release Date: 2026-05-15T15:22:47Z Rating: moderate References: * bsc#1260903 Cross-References: * CVE-2026-4948 CVSS scores: * CVE-2026-4948 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for firewalld fixes the following issue: * CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations (bsc#1260903). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1872=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1872=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1872=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1872=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1872=1 ## Package List: * openSUSE Leap 15.6 (noarch) * firewall-macros-2.0.1-150600.3.15.1 * firewalld-test-2.0.1-150600.3.15.1 * python3-firewall-2.0.1-150600.3.15.1 * python311-firewall-2.0.1-150600.3.15.1 * firewalld-lang-2.0.1-150600.3.15.1 * firewalld-2.0.1-150600.3.15.1 * firewall-config-2.0.1-150600.3.15.1 * firewalld-zsh-completion-2.0.1-150600.3.15.1 * firewall-applet-2.0.1-150600.3.15.1 * firewalld-bash-completion-2.0.1-150600.3.15.1 * Basesystem Module 15-SP7 (noarch) * python3-firewall-2.0.1-150600.3.15.1 * firewalld-lang-2.0.1-150600.3.15.1 * firewalld-2.0.1-150600.3.15.1 * firewalld-zsh-completion-2.0.1-150600.3.15.1 * firewalld-bash-completion-2.0.1-150600.3.15.1 * Desktop Applications Module 15-SP7 (noarch) * firewall-applet-2.0.1-150600.3.15.1 * firewall-config-2.0.1-150600.3.15.1 * Development Tools Module 15-SP7 (noarch) * firewall-macros-2.0.1-150600.3.15.1 * Python 3 Module 15-SP7 (noarch) * python311-firewall-2.0.1-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4948.html * https://bugzilla.suse.com/show_bug.cgi?id=1260903 -------------- next part -------------- An HTML attachment was scrubbed... URL: